CVSS: 2.1EPSS: 0%CPEs: 20EXPL: 0CVE-2007-4701
https://notcve.org/view.php?id=CVE-2007-4701
WebKit on Apple Mac OS X 10.4 through 10.4.10 does not create temporary files securely when Safari is previewing a PDF file, which allows local users to read the contents of that file. WebKit en Apple Mac OS X 10.4 hasta 10.4.10 no crea ficheros temporales de forma segura cuando Safari está previsualizando un fichero PDF, lo cual permite a usuarios locales leer el contenido de ese fichero. • http://docs.info.apple.com/article.html?artnum=307041 http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html http://secunia.com/advisories/27643 http://securitytracker.com/id?1018948 http://www.securityfocus.com/bid/26444 http://www.us-cert.gov/cas/techalerts/TA07-319A.html http://www.vupen.com/english/advisories/2007/3868 https://exchange.xforce.ibmcloud.com/vulnerabilities/38487 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 1%CPEs: 21EXPL: 0CVE-2007-4699
https://notcve.org/view.php?id=CVE-2007-4699
The default configuration of Safari in Apple Mac OS X 10.4 through 10.4.10 adds a private key to the keychain with permissions that allow other applications to access the key without warning the user, which might allow other applications to bypass intended access restrictions. La configuración por defecto de Safari en Apple Mac OS X 10.4 hasta 10.4.10 añade una clave privada a la cadena de claves con permisos que permiten a otras aplicaciones acceder a la clave sin avisar al usuario, lo cual podría permitir a otras aplicaciones evitar las restricciones de acceso. • http://docs.info.apple.com/article.html?artnum=307041 http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html http://secunia.com/advisories/27643 http://securitytracker.com/id?1018948 http://www.securityfocus.com/bid/26444 http://www.us-cert.gov/cas/techalerts/TA07-319A.html http://www.vupen.com/english/advisories/2007/3868 https://exchange.xforce.ibmcloud.com/vulnerabilities/38485 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 1%CPEs: 20EXPL: 0CVE-2007-4700
https://notcve.org/view.php?id=CVE-2007-4700
Unspecified vulnerability in WebKit on Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to use Safari as an indirect proxy and send attacker-controlled data to arbitrary TCP ports via unknown vectors. Vulnerabilidad no especificada en WebKit de Apple Mac OS X 10.4 hasta 10.4.10 permite a atacantes remotos utilizar Safari como si fuera un proxy indirecto y enviar información controlada por el atacante a puertos TCP de su elección mediante vectores desconocidos. • http://docs.info.apple.com/article.html?artnum=307041 http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html http://secunia.com/advisories/27643 http://securitytracker.com/id?1018948 http://www.securityfocus.com/bid/26444 http://www.us-cert.gov/cas/techalerts/TA07-319A.html http://www.vupen.com/english/advisories/2007/3868 https://exchange.xforce.ibmcloud.com/vulnerabilities/38486 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.6EPSS: 0%CPEs: 12EXPL: 0CVE-2007-4683
https://notcve.org/view.php?id=CVE-2007-4683
Directory traversal vulnerability in the kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to bypass the chroot mechanism via a relative path when changing the current working directory. Vulnerabilidad de salto de directorio en el núcleo de Apple Mac OS X 10.4 hasta 10.4.10 permite a usuarios locales evitar el mecanismo chroot mediante una ruta relativa cuando se cambia el directorio de trabajo actual. • http://docs.info.apple.com/article.html?artnum=307041 http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html http://secunia.com/advisories/27643 http://securitytracker.com/id?1018950 http://www.securityfocus.com/bid/26444 http://www.us-cert.gov/cas/techalerts/TA07-319A.html http://www.vupen.com/english/advisories/2007/3868 https://exchange.xforce.ibmcloud.com/vulnerabilities/38467 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.2EPSS: 0%CPEs: 20EXPL: 0CVE-2007-4685
https://notcve.org/view.php?id=CVE-2007-4685
The kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to gain privileges by executing setuid or setgid programs in which the stdio, stderr, or stdout file descriptors are "in an unexpected state." El núcle del Apple Mac OS X 10.4 hasta el 10.4.10 permite a usuarios locales obtener privilegios mediante la ejecución de los programas setuid o setgid en los cuales los ficheros descriptores stdio, stderr o stdout están en "un estado inesperado". • http://docs.info.apple.com/article.html?artnum=307041 http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html http://secunia.com/advisories/27643 http://securitytracker.com/id?1018950 http://www.securityfocus.com/bid/26444 http://www.us-cert.gov/cas/techalerts/TA07-319A.html http://www.vupen.com/english/advisories/2007/3868 https://exchange.xforce.ibmcloud.com/vulnerabilities/38469 • CWE-264: Permissions, Privileges, and Access Controls •