CVSS: 7.5EPSS: 1%CPEs: 20EXPL: 0CVE-2007-4700
https://notcve.org/view.php?id=CVE-2007-4700
Unspecified vulnerability in WebKit on Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to use Safari as an indirect proxy and send attacker-controlled data to arbitrary TCP ports via unknown vectors. Vulnerabilidad no especificada en WebKit de Apple Mac OS X 10.4 hasta 10.4.10 permite a atacantes remotos utilizar Safari como si fuera un proxy indirecto y enviar información controlada por el atacante a puertos TCP de su elección mediante vectores desconocidos. • http://docs.info.apple.com/article.html?artnum=307041 http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html http://secunia.com/advisories/27643 http://securitytracker.com/id?1018948 http://www.securityfocus.com/bid/26444 http://www.us-cert.gov/cas/techalerts/TA07-319A.html http://www.vupen.com/english/advisories/2007/3868 https://exchange.xforce.ibmcloud.com/vulnerabilities/38486 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.6EPSS: 0%CPEs: 12EXPL: 0CVE-2007-4683
https://notcve.org/view.php?id=CVE-2007-4683
Directory traversal vulnerability in the kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to bypass the chroot mechanism via a relative path when changing the current working directory. Vulnerabilidad de salto de directorio en el núcleo de Apple Mac OS X 10.4 hasta 10.4.10 permite a usuarios locales evitar el mecanismo chroot mediante una ruta relativa cuando se cambia el directorio de trabajo actual. • http://docs.info.apple.com/article.html?artnum=307041 http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html http://secunia.com/advisories/27643 http://securitytracker.com/id?1018950 http://www.securityfocus.com/bid/26444 http://www.us-cert.gov/cas/techalerts/TA07-319A.html http://www.vupen.com/english/advisories/2007/3868 https://exchange.xforce.ibmcloud.com/vulnerabilities/38467 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.2EPSS: 0%CPEs: 20EXPL: 0CVE-2007-4685
https://notcve.org/view.php?id=CVE-2007-4685
The kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to gain privileges by executing setuid or setgid programs in which the stdio, stderr, or stdout file descriptors are "in an unexpected state." El núcle del Apple Mac OS X 10.4 hasta el 10.4.10 permite a usuarios locales obtener privilegios mediante la ejecución de los programas setuid o setgid en los cuales los ficheros descriptores stdio, stderr o stdout están en "un estado inesperado". • http://docs.info.apple.com/article.html?artnum=307041 http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html http://secunia.com/advisories/27643 http://securitytracker.com/id?1018950 http://www.securityfocus.com/bid/26444 http://www.us-cert.gov/cas/techalerts/TA07-319A.html http://www.vupen.com/english/advisories/2007/3868 https://exchange.xforce.ibmcloud.com/vulnerabilities/38469 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 4%CPEs: 20EXPL: 0CVE-2007-4689
https://notcve.org/view.php?id=CVE-2007-4689
Double free vulnerability in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to cause a denial of service (system shutdown) or execute arbitrary code via crafted IPV6 packets. Una vulnerabilidad de doble liberación en el componente Networking en Apple Mac OS X versiones 10.4 hasta 10.4.10, permite a atacantes remotos causar una denegación de servicio (apagado del sistema) o ejecutar código arbitrario por medio de paquetes IPV6 diseñados. • http://docs.info.apple.com/article.html?artnum=307041 http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html http://secunia.com/advisories/27643 http://securitytracker.com/id?1018950 http://www.securityfocus.com/bid/26444 http://www.us-cert.gov/cas/techalerts/TA07-319A.html http://www.vupen.com/english/advisories/2007/3868 https://exchange.xforce.ibmcloud.com/vulnerabilities/38474 • CWE-399: Resource Management Errors •
CVSS: 7.2EPSS: 0%CPEs: 20EXPL: 0CVE-2007-4686
https://notcve.org/view.php?id=CVE-2007-4686
Integer signedness error in the ttioctl function in bsd/kern/tty.c in the xnu kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to cause a denial of service (system shutdown) or gain privileges via a crafted TIOCSETD ioctl request. Un error en la propiedad signedness de enteros en la función ttioctl en el archivo bsd/kern/tty.c en el Kernel xnu en Apple Mac OS X versiones 10.4 hasta 10.4.10, permite a usuarios locales causar una denegación de servicio (apagado del sistema) o alcanzar privilegios por medio de una petición ioctl TIOCSETD diseñada. • http://docs.info.apple.com/article.html?artnum=307041 http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html http://secunia.com/advisories/27643 http://securitytracker.com/id?1018950 http://www.securityfocus.com/archive/1/483753/100/200/threaded http://www.securityfocus.com/bid/26444 http://www.trapkit.de/advisories/TKADV2007-001.txt http://www.us-cert.gov/cas/techalerts/TA07-319A.html http://www.vupen.com/english/advisories/2007/3868 https://exchange.xfor • CWE-189: Numeric Errors •