CVSS: 7.5EPSS: 2%CPEs: 2EXPL: 2CVE-2007-0710 – Apple iChat Bonjour 3.1.6.441 - Multiple Denial of Service Vulnerabilities
https://notcve.org/view.php?id=CVE-2007-0710
16 Feb 2007 — The Bonjour functionality in iChat in Apple Mac OS X 10.3.9 allows remote attackers to cause a denial of service (persistent application crash) via unspecified vectors, possibly related to CVE-2007-0614. La funcionalidad Bonjour en iChat en Apple Mac OS X 10.3.9 permite a atacantes remotos provocar denegación de servicio (caida de aplicación persistente) a través de vectores no especificados, posiblemente relacionado con CVE-2007-0614. • https://www.exploit-db.com/exploits/3230 • CWE-399: Resource Management Errors •
CVSS: 7.1EPSS: 1%CPEs: 1EXPL: 2CVE-2007-0647 – Apple Mac OSX 10.4.x - Help Viewer '.help' Filename Format String
https://notcve.org/view.php?id=CVE-2007-0647
01 Feb 2007 — Format string vulnerability in Help Viewer 3.0.0 allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in a filename, which is not properly handled when calling the NSBeginAlertSheet Apple AppKit function. Vulnerabilidad de formato de cadena en Help Viewer 3.0.0 permite a atacantes locales o remotos dependientes del contexto provocar una denegación de servicio (caída) mediante especificadores de formato de cadena en un nombre de fichero, que no es manejado a... • https://www.exploit-db.com/exploits/29553 •
CVSS: 7.1EPSS: 19%CPEs: 14EXPL: 2CVE-2007-0646 – Apple Mac OSX 10.4.x - iMovie HD '.imovieproj' Filename Format String
https://notcve.org/view.php?id=CVE-2007-0646
01 Feb 2007 — Format string vulnerability in iMovie HD 6.0.3, and Safari in Apple Mac OS X 10.4 through 10.4.10, allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in a filename, which is not properly handled when calling the NSRunCriticalAlertPanel Apple AppKit function. Una vulnerabilidad de cadena de formato en iMovie HD versión 6.0.3 y Safari en Apple Mac OS X versiones 10.4 hasta 10.4.10, permite a atacantes remotos asistidos por el usuario causar una denegación d... • https://www.exploit-db.com/exploits/29551 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 7.8EPSS: 19%CPEs: 3EXPL: 3CVE-2007-0614 – Apple iChat Bonjour 3.1.6.441 - Multiple Denial of Service Vulnerabilities
https://notcve.org/view.php?id=CVE-2007-0614
31 Jan 2007 — The Bonjour functionality in mDNSResponder, iChat 3.1.6, and InstantMessage framework 428 in Apple Mac OS X 10.4.8 allows remote attackers to cause a denial of service (persistent application crash) via a crafted phsh hash attribute in a TXT key. La funcionalidad Bonjour en el mDNSResponder, iChat 3.1.6 y InstantMessage framework 428 en Apple Mac OS X 10.4.8 permite a atacantes remotos provocar una denegación de servicio (caída continua de la aplicación) mediante la manipulación del atributo phsh hash en la... • https://www.exploit-db.com/exploits/3230 •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 2CVE-2007-0467 – Apple Mac OSX 10.4.8 (8L2127) - 'crashdump' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2007-0467
31 Jan 2007 — crashdump in Apple Mac OS X 10.4.8 allows local users in the admin group to modify arbitrary files or gain privileges via a symlink attack on application logs in /Library/Logs/CrashReporter/. crashdump en Apple Mac OS X 10.4.8 permite a usuarios locales del grupo admin modificar ficheros de su elección o ganar privilegios a través de ataque de enlaces simbólicos sobre logs de aplicación en /Library/Logs/CrashReporter/. • https://www.exploit-db.com/exploits/3219 •
CVSS: 7.8EPSS: 70%CPEs: 2EXPL: 3CVE-2007-0465 – Apple Installer Package 2.1.5 - Filename Format String
https://notcve.org/view.php?id=CVE-2007-0465
31 Jan 2007 — Format string vulnerability in Apple Installer 2.1.5 on Mac OS X 10.4.8 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a (1) PKG, (2) DISTZ, or (3) MPKG package filename. Vulnerabilidad de formato de cadena en Apple Installer 2.1.5 sobre Mac OS X 10.4.8 permite a atacantes con la intervención del usuario ejecutar código de su elección a través de especificaciones del formato de cadena en el nombre de fichero de paquete (1) PKG, (2) DISTZ, o (3) MPKG. • https://www.exploit-db.com/exploits/29532 •
CVSS: 7.8EPSS: 81%CPEs: 2EXPL: 0CVE-2007-0588
https://notcve.org/view.php?id=CVE-2007-0588
30 Jan 2007 — The InternalUnpackBits function in Apple QuickDraw, as used by Quicktime 7.1.3 and other applications on Mac OS X 10.4.8 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PICT file that triggers memory corruption in the _GetSrcBits32ARGB function. NOTE: this issue might overlap CVE-2007-0462. La función InternalUnpackBits en Apple QuickDraw, como ha sido usado en Quicktime 7.1.3 y otras aplicaciones de Mac OS X 10.4.8 y an... • http://docs.info.apple.com/article.html?artnum=305214 •
CVSS: 6.5EPSS: 94%CPEs: 12EXPL: 2CVE-2007-0464 – Apple CFNetwork - HTTP Response Denial of Service
https://notcve.org/view.php?id=CVE-2007-0464
30 Jan 2007 — The _CFNetConnectionWillEnqueueRequests function in CFNetwork 129.19 on Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to cause a denial of service (application crash) via a crafted HTTP 301 response, which results in a NULL pointer dereference. La función _CFNetConnectionWillEnqueueRequests en CFNetwork versión 129.19 en Apple Mac OS X versión 10.4 hasta 10.4.10, permite a atacantes remotos causar una denegación de servicio (bloqueo de aplicación) por medio de una respuesta 301 HTTP diseñada, ... • https://www.exploit-db.com/exploits/3200 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 66%CPEs: 2EXPL: 1CVE-2007-0462 – Apple Mac OSX 10.4.8 - QuickDraw GetSrcBits32ARGB Remote Memory Corruption
https://notcve.org/view.php?id=CVE-2007-0462
26 Jan 2007 — The _GetSrcBits32ARGB function in Apple QuickDraw, as used by Quicktime 7.1.3 and other applications on Mac OS X 10.4.8 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PICT image with a malformed Alpha RGB (ARGB) record, which triggers memory corruption. La función _GetSrcBits32ARGB en App Apple QuickDraw, tal y como lo usa Quicktime 7.1.3 y otras aplicaciones en Mac OS X 10.4.8 y versiones anteriores, permite a atacante... • https://www.exploit-db.com/exploits/29509 •
CVSS: 6.1EPSS: 1%CPEs: 4EXPL: 0CVE-2007-0478
https://notcve.org/view.php?id=CVE-2007-0478
25 Jan 2007 — WebCore on Apple Mac OS X 10.3.9 and 10.4.10, as used in Safari, does not properly parse HTML comments in TITLE elements, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within an HTML comment. En WebCore en Apple Mac OS X versiones 10.3.9 y 10.4.10, tal como es usado en Safari, no analiza de forma apropiada los comentarios HTML en elementos TITLE, lo que permite a los atacantes remotos conducir ataques de tipo... • http://docs.info.apple.com/article.html?artnum=306172 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •