CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2007-4682
https://notcve.org/view.php?id=CVE-2007-4682
15 Nov 2007 — CoreText in Apple Mac OS X 10.4 through 10.4.10 allows attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted text content that triggers an access of an uninitialized object pointer. CoreText de Apple Mac OS X 10.4 hasta 10.4.10 permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) y posiblemente ejecutar código de su elección mediante contenido textual manipulado que dispara un acceso de un puntero a objeto no inicializado. • http://docs.info.apple.com/article.html?artnum=307041 • CWE-824: Access of Uninitialized Pointer •
CVSS: 5.3EPSS: 1%CPEs: 20EXPL: 0CVE-2007-4688
https://notcve.org/view.php?id=CVE-2007-4688
15 Nov 2007 — The Networking component in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to obtain all addresses for a host, including link-local addresses, via a Node Information Query. El componente de Red de Apple Mac OS X 10.4 hasta 10.4.10 permite a atacantes remotos obtener todas las direcciones de un host, incluyendo direcciones enlazadas locales, mediante una Consulta de Información de Nodo. • http://docs.info.apple.com/article.html?artnum=307041 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 23EXPL: 0CVE-2007-4269
https://notcve.org/view.php?id=CVE-2007-4269
15 Nov 2007 — Integer overflow in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a crafted AppleTalk Session Protocol (ASP) message on an AppleTalk socket, which triggers a heap-based buffer overflow. Un desbordamiento de enteros en el componente Networking en Apple Mac OS X versiones 10.4 hasta 10.4.10, permite a usuarios locales ejecutar código arbitrario por medio de un mensaje de AppleTalk Session Protocol (ASP) diseñado en un socket de AppleTalk, que ... • http://docs.info.apple.com/article.html?artnum=307041 • CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 1%CPEs: 20EXPL: 0CVE-2007-4694
https://notcve.org/view.php?id=CVE-2007-4694
15 Nov 2007 — Safari in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to access local content via file:// URLs. El Safari en el Apple Mac OS X 10.4 hasta el 10.4.10 permite a atacantes remotos acceder a contenidos locales a través URLs del tipo file:// • http://docs.info.apple.com/article.html?artnum=307041 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 2%CPEs: 20EXPL: 0CVE-2007-4697
https://notcve.org/view.php?id=CVE-2007-4697
15 Nov 2007 — Unspecified vulnerability in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via unknown vectors related to browser history, which triggers memory corruption. Vulnerabilidad sin especificar en el WebCore del Apple Mac OS X 10.4 hasta el 10.4.10 permite a atacantes remotos provocar una denegación de servicio (terminación de la aplicación) o ejecutar código de su elección a través de vectores desconocidos r... • http://docs.info.apple.com/article.html?artnum=307041 •
CVSS: 7.1EPSS: 2%CPEs: 23EXPL: 0CVE-2007-4678
https://notcve.org/view.php?id=CVE-2007-4678
15 Nov 2007 — AppleRAID in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 allows attackers to cause a denial of service (crash) via a crafted striped disk image, which triggers a NULL pointer dereference when it is mounted. AppleRAID en Apple Mac OS X 10.3.9 y 10.4 hasta 10.4.10 permite a atacantes provocar una denegación de servicio (caída) mediante una imagen de disco dañada por manipulación, lo cual provoca una referencia a un puntero nulo cuando es montada. • http://docs.info.apple.com/article.html?artnum=307041 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2007-4268
https://notcve.org/view.php?id=CVE-2007-4268
15 Nov 2007 — Integer signedness error in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a crafted AppleTalk message with a negative value, which satisfies a signed comparison during mbuf allocation but is later interpreted as an unsigned value, which triggers a heap-based buffer overflow. Un error en la propiedad signedness de enteros en el componente Networking en Apple Mac OS X versiones 10.4 hasta 10.4.10, permite a usuarios locales ejecutar código arb... • http://docs.info.apple.com/article.html?artnum=307041 • CWE-681: Incorrect Conversion between Numeric Types •
CVSS: 9.0EPSS: 1%CPEs: 20EXPL: 0CVE-2007-4690
https://notcve.org/view.php?id=CVE-2007-4690
15 Nov 2007 — Double free vulnerability in the NFS component in Apple Mac OS X 10.4 through 10.4.10 allows remote authenticated users to execute arbitrary code via a crafted AUTH_UNIX RPC packet. Una vulnerabilidad de doble liberación en el componente NFS en Apple Mac OS X versiones 10.4 hasta 10.4.10, permite a usuarios autenticados remotos ejecutar código arbitrario por medio de un paquete RPC AUTH_UNIX diseñado. • http://docs.info.apple.com/article.html?artnum=307041 • CWE-399: Resource Management Errors •
CVSS: 6.5EPSS: 1%CPEs: 26EXPL: 0CVE-2007-4692
https://notcve.org/view.php?id=CVE-2007-4692
15 Nov 2007 — The tabbed browsing feature in Apple Safari 3 before Beta Update 3.0.4 on Windows, and Mac OS X 10.4 through 10.4.10, allows remote attackers to spoof HTTP authentication for other sites and possibly conduct phishing attacks by causing an authentication sheet to be displayed for a tab that is not active, which makes it appear as if it is associated with the active tab. La funcionalidad de navegación de pestañas en Apple Safari versiones 3 anteriores a Beta Update 3.0.4 sobre Windows, y Mac OS X versiones 10... • http://docs.info.apple.com/article.html?artnum=307041 • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 86%CPEs: 6EXPL: 0CVE-2007-3751
https://notcve.org/view.php?id=CVE-2007-3751
07 Nov 2007 — Unspecified vulnerability in QuickTime for Java in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via untrusted Java applets that gain privileges via unspecified vectors. Vulnerabilidad no especificada en QuickTime para Java de Apple QuickTime anterior a 7.3 permite a atacantes remotos ejecutar código de su elección mediante applets Java no confiables que obtienen privilegios a través de vectores no especificados. • http://docs.info.apple.com/article.html?artnum=306896 •