CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2007-4268
https://notcve.org/view.php?id=CVE-2007-4268
Integer signedness error in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a crafted AppleTalk message with a negative value, which satisfies a signed comparison during mbuf allocation but is later interpreted as an unsigned value, which triggers a heap-based buffer overflow. Un error en la propiedad signedness de enteros en el componente Networking en Apple Mac OS X versiones 10.4 hasta 10.4.10, permite a usuarios locales ejecutar código arbitrario por medio de un mensaje de AppleTalk diseñado con un valor negativo, que satisface una comparación firmada durante la asignación de mbuf pero que luego es interpretada como un valor sin firmar, lo que desencadena un desbordamiento de búfer en la región heap de la memoria. • http://docs.info.apple.com/article.html?artnum=307041 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=628 http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html http://secunia.com/advisories/27643 http://securitytracker.com/id?1018950 http://www.securityfocus.com/bid/26444 http://www.us-cert.gov/cas/techalerts/TA07-319A.html http://www.vupen.com/english/advisories/2007/3868 https://exchange.xforce.ibmcloud.com/vulnerabilities/38476 • CWE-681: Incorrect Conversion between Numeric Types •
CVSS: 7.1EPSS: 0%CPEs: 23EXPL: 0CVE-2007-4678
https://notcve.org/view.php?id=CVE-2007-4678
AppleRAID in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 allows attackers to cause a denial of service (crash) via a crafted striped disk image, which triggers a NULL pointer dereference when it is mounted. AppleRAID en Apple Mac OS X 10.3.9 y 10.4 hasta 10.4.10 permite a atacantes provocar una denegación de servicio (caída) mediante una imagen de disco dañada por manipulación, lo cual provoca una referencia a un puntero nulo cuando es montada. • http://docs.info.apple.com/article.html?artnum=307041 http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html http://secunia.com/advisories/27643 http://securitytracker.com/id?1018950 http://www.securityfocus.com/bid/26444 http://www.us-cert.gov/cas/techalerts/TA07-319A.html http://www.vupen.com/english/advisories/2007/3868 https://exchange.xforce.ibmcloud.com/vulnerabilities/38461 •
CVSS: 2.6EPSS: 0%CPEs: 1EXPL: 0CVE-2007-4679
https://notcve.org/view.php?id=CVE-2007-4679
CFFTP in CFNetwork for Apple Mac OS X 10.4 through 10.4.10 allows remote FTP servers to force clients to connect to other hosts via crafted responses to FTP PASV commands. CFFTP en CFNetwork para Apple Mac OS X 10.4 hasta 10.4.10 permite a servidores FTP remotos forzar a los clientes a conectarse a otro anfitrión mediante respuestas manipuladas a comandos FTP PASV. • http://docs.info.apple.com/article.html?artnum=307041 http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html http://secunia.com/advisories/27643 http://securitytracker.com/id?1018950 http://www.securityfocus.com/bid/26444 http://www.us-cert.gov/cas/techalerts/TA07-319A.html http://www.vupen.com/english/advisories/2007/3868 https://exchange.xforce.ibmcloud.com/vulnerabilities/38462 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.8EPSS: 0%CPEs: 24EXPL: 0CVE-2007-4680
https://notcve.org/view.php?id=CVE-2007-4680
CFNetwork in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 does not properly validate certificates, which allows remote attackers to spoof trusted SSL certificates via a man-in-the-middle attack. CFNetwork de Apple Mac OS X 10.3.9 Y 10.4 hasta 10.4.10 no valida adecuadamente los certificados, lo cual permite a atacantes remotos falsificar certificados SSL confiables mediante un ataque de hombre en medio (man-in-the-middle). • http://docs.info.apple.com/article.html?artnum=307041 http://docs.info.apple.com/article.html?artnum=307563 http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html http://secunia.com/advisories/27643 http://securitytracker.com/id?1018950 http://www.securityfocus.com/bid/26444 http://www.us-cert.gov/cas/techalerts/TA07-319A.html http://www.vupen.com/english/advisories/2007/3868 http://www.vupen.com/english/advisories/2008/0920/references https://exchange.xforc • CWE-287: Improper Authentication •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2007-4682
https://notcve.org/view.php?id=CVE-2007-4682
CoreText in Apple Mac OS X 10.4 through 10.4.10 allows attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted text content that triggers an access of an uninitialized object pointer. CoreText de Apple Mac OS X 10.4 hasta 10.4.10 permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) y posiblemente ejecutar código de su elección mediante contenido textual manipulado que dispara un acceso de un puntero a objeto no inicializado. • http://docs.info.apple.com/article.html?artnum=307041 http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html http://secunia.com/advisories/27643 http://securitytracker.com/id?1018950 http://www.kb.cert.org/vuls/id/498105 http://www.securityfocus.com/bid/26444 http://www.us-cert.gov/cas/techalerts/TA07-319A.html http://www.vupen.com/english/advisories/2007/3868 https://exchange.xforce.ibmcloud.com/vulnerabilities/38465 • CWE-824: Access of Uninitialized Pointer •