CVSS: 9.8EPSS: 0%CPEs: 20EXPL: 0CVE-2007-4693
https://notcve.org/view.php?id=CVE-2007-4693
15 Nov 2007 — The SecurityAgent component in Mac OS X 10.4 through 10.4.10 allows attackers with physical access to bypass the authentication dialog of the screen saver and send keystrokes to a process, related to "handling of keyboard focus between secure text fields." El componente SecurityAgent de Mac OS X 10.4 hasta 10.4.10 permite a atacantes con acceso físico evitar el diálogo de autenticación del salvapantallas y enviar pulsaciones de teclado a un proceso, relacionado con "el manejo del foco de teclado entre campo... • http://docs.info.apple.com/article.html?artnum=307041 • CWE-287: Improper Authentication •
CVSS: 6.5EPSS: 1%CPEs: 26EXPL: 0CVE-2007-4692
https://notcve.org/view.php?id=CVE-2007-4692
15 Nov 2007 — The tabbed browsing feature in Apple Safari 3 before Beta Update 3.0.4 on Windows, and Mac OS X 10.4 through 10.4.10, allows remote attackers to spoof HTTP authentication for other sites and possibly conduct phishing attacks by causing an authentication sheet to be displayed for a tab that is not active, which makes it appear as if it is associated with the active tab. La funcionalidad de navegación de pestañas en Apple Safari versiones 3 anteriores a Beta Update 3.0.4 sobre Windows, y Mac OS X versiones 10... • http://docs.info.apple.com/article.html?artnum=307041 • CWE-287: Improper Authentication •
CVSS: 8.1EPSS: 1%CPEs: 5EXPL: 0CVE-2007-2407
https://notcve.org/view.php?id=CVE-2007-2407
03 Aug 2007 — The Samba server on Apple Mac OS X 10.3.9 and 10.4.10, when Windows file sharing is enabled, does not enforce disk quotas after dropping privileges, which allows remote authenticated users to use disk space in excess of quota. El servidor Samba en Apple Mac OS X 10.3.9 y 10.4.10, cuando la compartición de archivos Windows está habilitada, no impone quotas de disco tras borrar privilegios, lo cual permite a usuarios remotos autenticados utilizar espacio de disco que excede la quota. • http://docs.info.apple.com/article.html?artnum=306172 •
CVSS: 7.5EPSS: 1%CPEs: 5EXPL: 0CVE-2007-2403
https://notcve.org/view.php?id=CVE-2007-2403
03 Aug 2007 — CFNetwork on Apple Mac OS X 10.3.9 and 10.4.10 does not properly validate ftp: URIs, which allows remote attackers to trigger the transmission of arbitrary FTP commands to arbitrary FTP servers. CFNetwork en Apple Mac OS X 10.3.9 y 10.4.10 no valida adecuadamente URIs ftp:, lo cual permite a atacantes remotos provocar la transmisión de comandos FTP de su elección mediante servidores FTP de su elección. • http://docs.info.apple.com/article.html?artnum=306172 •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2007-2409
https://notcve.org/view.php?id=CVE-2007-2409
03 Aug 2007 — Cross-domain vulnerability in WebCore on Apple Mac OS X 10.3.9 and 10.4.10 allows remote attackers to obtain sensitive information via a popup window, which is able to read the current URL of the parent window. Vulnerabilidad de dominio cruzado en WebCores de Apple Mac OS X 10.3.9 y 10.4.10 permite a atacantes remotos obtener información sensible a través de una ventana emergente, la cual es capaz de leer el URL actual de la ventana padre. • http://docs.info.apple.com/article.html?artnum=306172 •
CVSS: 6.1EPSS: 1%CPEs: 42EXPL: 0CVE-2007-2404
https://notcve.org/view.php?id=CVE-2007-2404
03 Aug 2007 — CRLF injection vulnerability in CFNetwork on Apple Mac OS X 10.3.9 and 10.4.10 before 20070731 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in an unspecified context. NOTE: this can be leveraged for cross-site scripting (XSS) attacks. Vulnerabilidad de inyección de retornos de carro y saltos de línea en CFNetwork en Apple Mac OS X 10.3.9 y 10.4.10 versiones anteriores a 20070731 permite a atacantes remotos inyectar cabeceras HTML de ... • http://docs.info.apple.com/article.html?artnum=306172 •
CVSS: 9.8EPSS: 6%CPEs: 22EXPL: 0CVE-2007-3744
https://notcve.org/view.php?id=CVE-2007-3744
03 Aug 2007 — Heap-based buffer overflow in the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) implementation in mDNSResponder on Apple Mac OS X 10.4.10 before 20070731 allows network-adjacent remote attackers to execute arbitrary code via a crafted packet. Desbordamiento de búfer en la región heap de la memoria en la implementación uPnP IGD (Internet Gateway Device Standardized Device Control Protocol) en mDNSResponder en Apple Mac OS X versión 10.4.10 anterior a 20070731, permite a atacantes re... • http://docs.info.apple.com/article.html?artnum=306172 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 4%CPEs: 42EXPL: 0CVE-2007-3748
https://notcve.org/view.php?id=CVE-2007-3748
03 Aug 2007 — Buffer overflow in the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) implementation in iChat on Apple Mac OS X 10.3.9 and 10.4.10 allows network-adjacent remote attackers to execute arbitrary code via a crafted packet. Desbordamiento de búfer en la implementación UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) de iChat en Apple Mac OS X 10.3.9 y 10.4.10 permite a atacantes remotos colindantes en la red, ejecutar código de su elección mediante un paquete mani... • http://docs.info.apple.com/article.html?artnum=306172 •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2007-2410
https://notcve.org/view.php?id=CVE-2007-2410
03 Aug 2007 — WebCore on Apple Mac OS X 10.3.9 and 10.4.10 retains properties of certain global objects when a new URL is visited in the same window, which allows remote attackers to conduct cross-site scripting (XSS) attacks. WebCore en Apple Mac OS X 10.3.9 y 10.4.10 retine propiedades de determinado objetos globales cuando se visita un nuevo URL en la misma ventana, lo cual permite a atacantes remotos conducir ataques de secuencias de comandos en sitios cruzados (XSS). • http://docs.info.apple.com/article.html?artnum=306172 •
CVSS: 9.8EPSS: 5%CPEs: 5EXPL: 0CVE-2007-3745
https://notcve.org/view.php?id=CVE-2007-3745
03 Aug 2007 — The Java interface to CoreAudio on Apple Mac OS X 10.3.9 and 10.4.10 contains an unsafe interface that is exposed by JDirect, which allows remote attackers to free arbitrary memory and thereby execute arbitrary code. La interfaz Java para CoreAudio en Apple Mac OS X 10.3.9 y 10.4.10 contiene una interfaz no segura que es expuesta por JDirect, lo cual permite a atacantes remotos liberar memoria de su elección y por tanto ejecutar código arbitrario. • http://docs.info.apple.com/article.html?artnum=306172 •