CVSS: 7.1EPSS: 0%CPEs: 23EXPL: 0CVE-2007-4678
https://notcve.org/view.php?id=CVE-2007-4678
15 Nov 2007 — AppleRAID in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 allows attackers to cause a denial of service (crash) via a crafted striped disk image, which triggers a NULL pointer dereference when it is mounted. AppleRAID en Apple Mac OS X 10.3.9 y 10.4 hasta 10.4.10 permite a atacantes provocar una denegación de servicio (caída) mediante una imagen de disco dañada por manipulación, lo cual provoca una referencia a un puntero nulo cuando es montada. • http://docs.info.apple.com/article.html?artnum=307041 •
CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 0CVE-2007-4685
https://notcve.org/view.php?id=CVE-2007-4685
15 Nov 2007 — The kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to gain privileges by executing setuid or setgid programs in which the stdio, stderr, or stdout file descriptors are "in an unexpected state." El núcle del Apple Mac OS X 10.4 hasta el 10.4.10 permite a usuarios locales obtener privilegios mediante la ejecución de los programas setuid o setgid en los cuales los ficheros descriptores stdio, stderr o stdout están en "un estado inesperado". • http://docs.info.apple.com/article.html?artnum=307041 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 0CVE-2007-4694
https://notcve.org/view.php?id=CVE-2007-4694
15 Nov 2007 — Safari in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to access local content via file:// URLs. El Safari en el Apple Mac OS X 10.4 hasta el 10.4.10 permite a atacantes remotos acceder a contenidos locales a través URLs del tipo file:// • http://docs.info.apple.com/article.html?artnum=307041 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.8EPSS: 1%CPEs: 24EXPL: 0CVE-2007-4680
https://notcve.org/view.php?id=CVE-2007-4680
15 Nov 2007 — CFNetwork in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 does not properly validate certificates, which allows remote attackers to spoof trusted SSL certificates via a man-in-the-middle attack. CFNetwork de Apple Mac OS X 10.3.9 Y 10.4 hasta 10.4.10 no valida adecuadamente los certificados, lo cual permite a atacantes remotos falsificar certificados SSL confiables mediante un ataque de hombre en medio (man-in-the-middle). • http://docs.info.apple.com/article.html?artnum=307041 • CWE-287: Improper Authentication •
CVSS: 5.9EPSS: 0%CPEs: 20EXPL: 0CVE-2007-4696
https://notcve.org/view.php?id=CVE-2007-4696
15 Nov 2007 — Race condition in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to obtain information for forms from other sites via unknown vectors related to "page transitions" in Safari. Condición de carrera en WebCore de Apple Mac OS X 10.4 hasta 10.4.10 permite a atacantes remotos obtener información confidencial de formularios de otros sitios mediante vectores desconocidos relativos a "transiciones de página" en Safari. • http://docs.info.apple.com/article.html?artnum=307041 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.2EPSS: 0%CPEs: 20EXPL: 0CVE-2007-4686
https://notcve.org/view.php?id=CVE-2007-4686
15 Nov 2007 — Integer signedness error in the ttioctl function in bsd/kern/tty.c in the xnu kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to cause a denial of service (system shutdown) or gain privileges via a crafted TIOCSETD ioctl request. Un error en la propiedad signedness de enteros en la función ttioctl en el archivo bsd/kern/tty.c en el Kernel xnu en Apple Mac OS X versiones 10.4 hasta 10.4.10, permite a usuarios locales causar una denegación de servicio (apagado del sistema) o alcanzar privileg... • http://docs.info.apple.com/article.html?artnum=307041 • CWE-189: Numeric Errors •
CVSS: 5.3EPSS: 0%CPEs: 20EXPL: 0CVE-2007-4688
https://notcve.org/view.php?id=CVE-2007-4688
15 Nov 2007 — The Networking component in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to obtain all addresses for a host, including link-local addresses, via a Node Information Query. El componente de Red de Apple Mac OS X 10.4 hasta 10.4.10 permite a atacantes remotos obtener todas las direcciones de un host, incluyendo direcciones enlazadas locales, mediante una Consulta de Información de Nodo. • http://docs.info.apple.com/article.html?artnum=307041 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 0%CPEs: 22EXPL: 0CVE-2007-4691
https://notcve.org/view.php?id=CVE-2007-4691
15 Nov 2007 — The NSURL component in Apple Mac OS X 10.4 through 10.4.10 performs case-sensitive comparisons that allow attackers to bypass intended restrictions for local file system URLs. El componente NSURL de Apple Mac OS X 10.4 hasta 10.4.10 realiza comparaciones sensible a mayúsculas que permiten a atacantes evitar restricciones intencionadas para URLs del sistema de ficheros local. • http://docs.info.apple.com/article.html?artnum=307041 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 1%CPEs: 26EXPL: 0CVE-2007-4692
https://notcve.org/view.php?id=CVE-2007-4692
15 Nov 2007 — The tabbed browsing feature in Apple Safari 3 before Beta Update 3.0.4 on Windows, and Mac OS X 10.4 through 10.4.10, allows remote attackers to spoof HTTP authentication for other sites and possibly conduct phishing attacks by causing an authentication sheet to be displayed for a tab that is not active, which makes it appear as if it is associated with the active tab. La funcionalidad de navegación de pestañas en Apple Safari versiones 3 anteriores a Beta Update 3.0.4 sobre Windows, y Mac OS X versiones 10... • http://docs.info.apple.com/article.html?artnum=307041 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 2%CPEs: 5EXPL: 0CVE-2007-1661
https://notcve.org/view.php?id=CVE-2007-1661
07 Nov 2007 — Perl-Compatible Regular Expression (PCRE) library before 7.3 backtracks too far when matching certain input bytes against some regex patterns in non-UTF-8 mode, which allows context-dependent attackers to obtain sensitive information or cause a denial of service (crash), as demonstrated by the "\X?\d" and "\P{L}?\d" patterns. La librería Perl-Compatible Regular Expression (PCRE) anterior a 7.3 vuelve demasiado atrás cuando compara determinados bytes de entrada con algunos patrones de expresiones regulares e... • http://bugs.gentoo.org/show_bug.cgi?id=198976 •