CVSS: 9.4EPSS: 1%CPEs: 12EXPL: 1CVE-2007-5862
https://notcve.org/view.php?id=CVE-2007-5862
Java in Mac OS X 10.4 through 10.4.11 allows remote attackers to bypass Keychain access controls and add or delete arbitrary Keychain items via a crafted Java applet. Java en Mac OS X 10.4 hasta la 10.4.11 permite a atacantes remotos evitar los controles de acceso a Keychain y añadir o borrar puntos Keychain a traves de applet de Java manipulados. • http://docs.info.apple.com/article.html?artnum=307177 http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html http://secunia.com/advisories/28115 http://www.securityfocus.com/bid/26877 http://www.vupen.com/english/advisories/2007/4224 • CWE-287: Improper Authentication •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 2CVE-2007-6261 – Apple Mac OSX xnu 1228.0 - 'mach-o' Local Kernel Denial of Service (PoC)
https://notcve.org/view.php?id=CVE-2007-6261
Integer overflow in the load_threadstack function in the Mach-O loader (mach_loader.c) in the xnu kernel in Apple Mac OS X 10.4 through 10.5.1 allows local users to cause a denial of service (infinite loop) via a crafted Mach-O binary. Desbordamiento de entero en la función load_threadstack en el cargador Mach-O (mach_loader.c) del núcleo xnu en Apple Mac OS X 10.4 hasta 10.5.1 permite a usuarios locales provocar una denegación de servicio (bucle infinito) mediante un binario Mach-O manipulado. • https://www.exploit-db.com/exploits/4689 http://secunia.com/advisories/27884 http://www.digit-labs.org/files/exploits/xnu-macho-dos.c http://www.securityfocus.com/bid/26700 http://www.vupen.com/english/advisories/2007/4095 https://exchange.xforce.ibmcloud.com/vulnerabilities/38854 • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 96%CPEs: 40EXPL: 8CVE-2007-6166 – Apple QuickTime 7.2/7.3 - RTSP Response Remote Overwrite (SEH)
https://notcve.org/view.php?id=CVE-2007-6166
Stack-based buffer overflow in Apple QuickTime before 7.3.1, as used in QuickTime Player on Windows XP and Safari on Mac OS X, allows remote Real Time Streaming Protocol (RTSP) servers to execute arbitrary code via an RTSP response with a long Content-Type header. Un desbordamiento de búfer en la región stack de la memoria en Apple QuickTime anterior a la versión 7.3.1, como es usado en QuickTime Player en Windows XP y Safari en Mac OS X, permite a servidores remotos de Real Time Streaming Protocol (RTSP) ejecutar código arbitrario por medio de una respuesta RTSP con un encabezado Content-Type largo. • https://www.exploit-db.com/exploits/4648 https://www.exploit-db.com/exploits/16873 https://www.exploit-db.com/exploits/6013 https://www.exploit-db.com/exploits/4657 https://www.exploit-db.com/exploits/4664 https://www.exploit-db.com/exploits/4651 https://www.exploit-db.com/exploits/11027 https://www.exploit-db.com/exploits/16424 http://docs.info.apple.com/article.html?artnum=307176 http://lists.apple.com/archives/Security-announce/2007/Dec/msg00000.html http:/& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 2.1EPSS: 0%CPEs: 20EXPL: 0CVE-2007-4701
https://notcve.org/view.php?id=CVE-2007-4701
WebKit on Apple Mac OS X 10.4 through 10.4.10 does not create temporary files securely when Safari is previewing a PDF file, which allows local users to read the contents of that file. WebKit en Apple Mac OS X 10.4 hasta 10.4.10 no crea ficheros temporales de forma segura cuando Safari está previsualizando un fichero PDF, lo cual permite a usuarios locales leer el contenido de ese fichero. • http://docs.info.apple.com/article.html?artnum=307041 http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html http://secunia.com/advisories/27643 http://securitytracker.com/id?1018948 http://www.securityfocus.com/bid/26444 http://www.us-cert.gov/cas/techalerts/TA07-319A.html http://www.vupen.com/english/advisories/2007/3868 https://exchange.xforce.ibmcloud.com/vulnerabilities/38487 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 1%CPEs: 21EXPL: 0CVE-2007-4699
https://notcve.org/view.php?id=CVE-2007-4699
The default configuration of Safari in Apple Mac OS X 10.4 through 10.4.10 adds a private key to the keychain with permissions that allow other applications to access the key without warning the user, which might allow other applications to bypass intended access restrictions. La configuración por defecto de Safari en Apple Mac OS X 10.4 hasta 10.4.10 añade una clave privada a la cadena de claves con permisos que permiten a otras aplicaciones acceder a la clave sin avisar al usuario, lo cual podría permitir a otras aplicaciones evitar las restricciones de acceso. • http://docs.info.apple.com/article.html?artnum=307041 http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html http://secunia.com/advisories/27643 http://securitytracker.com/id?1018948 http://www.securityfocus.com/bid/26444 http://www.us-cert.gov/cas/techalerts/TA07-319A.html http://www.vupen.com/english/advisories/2007/3868 https://exchange.xforce.ibmcloud.com/vulnerabilities/38485 • CWE-264: Permissions, Privileges, and Access Controls •