CVSS: 7.8EPSS: 81%CPEs: 2EXPL: 0CVE-2007-0588
https://notcve.org/view.php?id=CVE-2007-0588
30 Jan 2007 — The InternalUnpackBits function in Apple QuickDraw, as used by Quicktime 7.1.3 and other applications on Mac OS X 10.4.8 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PICT file that triggers memory corruption in the _GetSrcBits32ARGB function. NOTE: this issue might overlap CVE-2007-0462. La función InternalUnpackBits en Apple QuickDraw, como ha sido usado en Quicktime 7.1.3 y otras aplicaciones de Mac OS X 10.4.8 y an... • http://docs.info.apple.com/article.html?artnum=305214 •
CVSS: 6.5EPSS: 94%CPEs: 12EXPL: 2CVE-2007-0464 – Apple CFNetwork - HTTP Response Denial of Service
https://notcve.org/view.php?id=CVE-2007-0464
30 Jan 2007 — The _CFNetConnectionWillEnqueueRequests function in CFNetwork 129.19 on Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to cause a denial of service (application crash) via a crafted HTTP 301 response, which results in a NULL pointer dereference. La función _CFNetConnectionWillEnqueueRequests en CFNetwork versión 129.19 en Apple Mac OS X versión 10.4 hasta 10.4.10, permite a atacantes remotos causar una denegación de servicio (bloqueo de aplicación) por medio de una respuesta 301 HTTP diseñada, ... • https://www.exploit-db.com/exploits/3200 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 66%CPEs: 2EXPL: 1CVE-2007-0462 – Apple Mac OSX 10.4.8 - QuickDraw GetSrcBits32ARGB Remote Memory Corruption
https://notcve.org/view.php?id=CVE-2007-0462
26 Jan 2007 — The _GetSrcBits32ARGB function in Apple QuickDraw, as used by Quicktime 7.1.3 and other applications on Mac OS X 10.4.8 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PICT image with a malformed Alpha RGB (ARGB) record, which triggers memory corruption. La función _GetSrcBits32ARGB en App Apple QuickDraw, tal y como lo usa Quicktime 7.1.3 y otras aplicaciones en Mac OS X 10.4.8 y versiones anteriores, permite a atacante... • https://www.exploit-db.com/exploits/29509 •
CVSS: 6.1EPSS: 1%CPEs: 4EXPL: 0CVE-2007-0478
https://notcve.org/view.php?id=CVE-2007-0478
25 Jan 2007 — WebCore on Apple Mac OS X 10.3.9 and 10.4.10, as used in Safari, does not properly parse HTML comments in TITLE elements, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within an HTML comment. En WebCore en Apple Mac OS X versiones 10.3.9 y 10.4.10, tal como es usado en Safari, no analiza de forma apropiada los comentarios HTML en elementos TITLE, lo que permite a los atacantes remotos conducir ataques de tipo... • http://docs.info.apple.com/article.html?artnum=306172 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2007-0023 – Apple Mac OSX 10.4.8 - 'UserNotificationCenter' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2007-0023
24 Jan 2007 — The CFUserNotificationSendRequest function in UserNotificationCenter.app in Apple Mac OS X 10.4.8, when used in combination with diskutil, allows local users to gain privileges via a malicious InputManager in Library/InputManagers in a user's home directory, which is executed when Cocoa applications attempt to notify the user. La función CFUserNotificationSendRequest en UserNotificationCenter.app de Apple Mac OS X 10.4.8, al ser usado en combinación con diskutil, permite a usuarios locales obtener privilegi... • https://www.exploit-db.com/exploits/3181 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2007-0430 – Apple Mac OSX 10.4.x Kernel - 'shared_region_map_file_np()' Memory Corruption
https://notcve.org/view.php?id=CVE-2007-0430
23 Jan 2007 — The shared_region_map_file_np function in Apple Mac OS X 10.4.8 and earlier kernel allows local users to cause a denial of service (memory corruption) via a large mappingCount value. La función shared_region_map_file_np en Apple Mac OS X 10.4.8 y núcleos anetriores permite a usuarios locales provocar una denegación de servicio (corrupción de memoria) mediante un valor mappingCount grande. • https://www.exploit-db.com/exploits/3167 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2007-0022
https://notcve.org/view.php?id=CVE-2007-0022
23 Jan 2007 — Untrusted search path vulnerability in writeconfig in Apple Mac OS X 10.4.8 allows local users to gain privileges via a modified PATH that points to a malicious launchctl program. Vulnerabilidad de ruta de búsqueda no confiable en writeconfig de Apple Mac OS X 10.4.8 permite a usuarios locales obtener privilegios mediante un PATH modificado que apunta a un programa launchctl malicioso. • http://docs.info.apple.com/article.html?artnum=305391 •
CVSS: 7.8EPSS: 3%CPEs: 2EXPL: 1CVE-2007-0355 – Apple Mac OSX 10.4.8 - SLP Daemon Service Registration Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2007-0355
19 Jan 2007 — Buffer overflow in the Apple Minimal SLP v2 Service Agent (slpd) in Mac OS X 10.4.11 and earlier, including 10.4.8, allows local users, and possibly remote attackers, to gain privileges and possibly execute arbitrary code via a registration request with an invalid attr-list field. Un desbordamiento de búfer en Apple Minimal SLP v2 Service Agent (slpd) en Mac OS X versión 10.4.11 y anteriores, incluyendo versión 10.4.8, permite a usuarios locales, y posiblemente a atacantes remotos, alcanzar privilegios y po... • https://www.exploit-db.com/exploits/3151 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2007-0345
https://notcve.org/view.php?id=CVE-2007-0345
18 Jan 2007 — The (1) Activity Monitor.app/Contents/Resources/pmTool, (2) Keychain Access.app/Contents/Resources/kcproxy, and (3) ODBC Administrator.app/Contents/Resources/iodbcadmintool programs in /Applications/Utilities/ in Mac OS X 10.4.8 have weak permissions (writable by admin group), which allows local admin users to gain root privileges by modifying a program and then performing permissions repair via diskutil. Los programas (1) Activity Monitor.app/Contents/Resources/pmTool, (2) Keychain Access.app/Contents/Reso... • http://projects.info-pull.com/moab/MOAB-15-01-2007.html •
CVSS: 7.5EPSS: 19%CPEs: 4EXPL: 3CVE-2007-0342 – Apple WebKit build 18794 - WebCore Remote Denial of Service
https://notcve.org/view.php?id=CVE-2007-0342
18 Jan 2007 — WebCore in Apple WebKit build 18794 allows remote attackers to cause a denial of service (null dereference and application crash) via a TD element with a large number in the ROWSPAN attribute, as demonstrated by a crash of OmniWeb 5.5.3 on Mac OS X 10.4.8, a different vulnerability than CVE-2006-2019. WebCore en Apple WebKit construcción 18974 permite a un atacante remoto provocar denegación de servicio de un servicio (referencia null y caida de aplicación) a través del elemento TD con un gran número en el ... • https://www.exploit-db.com/exploits/29461 • CWE-399: Resource Management Errors •