CVSS: 9.3EPSS: 16%CPEs: 5EXPL: 0CVE-2007-2399
https://notcve.org/view.php?id=CVE-2007-2399
WebKit in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1 performs an "invalid type conversion", which allows remote attackers to execute arbitrary code via unspecified frame sets that trigger memory corruption. WebKit en Apple Mac OS X versiones 10.3.9, 10.4.9 y posteriores, y iPhone versiones anteriores a 1.0.1, realiza una "invalid type conversion", que permite a atacantes remotos ejecutar código arbitrario por medio de conjuntos de tramas no especificados que desencadenan una corrupción de memoria. • http://docs.info.apple.com/article.html?artnum=305759 http://docs.info.apple.com/article.html?artnum=306173 http://lists.apple.com/archives/Security-announce/2007/Jun/msg00003.html http://osvdb.org/36130 http://osvdb.org/36450 http://secunia.com/advisories/25786 http://secunia.com/advisories/26287 http://www.kb.cert.org/vuls/id/389868 http://www.securityfocus.com/bid/24597 http://www.securitytracker.com/id?1018281 http://www.vupen.com/english/advisories/2007/2296 •
CVSS: 7.8EPSS: 5%CPEs: 43EXPL: 0CVE-2007-3073
https://notcve.org/view.php?id=CVE-2007-3073
Directory traversal vulnerability in Mozilla Firefox 2.0.0.4 and earlier on Mac OS X and Unix allows remote attackers to read arbitrary files via ..%2F (dot dot encoded slash) sequences in a resource:// URI. Vulnerabilidad de salto de directorio en Mozilla Firefox 2.0.0.4 y anteriores en Mac OS X y Unix permite a atacantes remotos leer archivos de su elección mediante secuencias ..%2F (punto punto, barra codificada) en un URI resource://. • http://ha.ckers.org/blog/20070516/read-firefox-settings-poc http://larholm.com/2007/05/25/firefox-0day-local-file-reading http://larholm.com/2007/06/04/unpatched-input-validation-flaw-in-firefox-2004 http://osvdb.org/35920 http://secunia.com/advisories/25481 http://www.securityfocus.com/archive/1/470500/100/0/threaded https://bugzilla.mozilla.org/show_bug.cgi?id=367428 https://bugzilla.mozilla.org/show_bug.cgi?id=380994 •
CVSS: 7.1EPSS: 1%CPEs: 43EXPL: 0CVE-2007-2389
https://notcve.org/view.php?id=CVE-2007-2389
Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not clear potentially sensitive memory before use, which allows remote attackers to read memory from a web browser via unknown vectors related to Java applets. Apple QuickTime para Java 7.1.6 en Mac OS X y Windows no limpia zonas de memoria potencialmente sensibles antes de usarla, lo cual permite a atacantes remotos leer la memoria desde un navegador web a través de vectores desconocidos relacionados con applets Java. • http://lists.apple.com/archives/security-announce/2007/May/msg00005.html http://secunia.com/advisories/25130 http://www.kb.cert.org/vuls/id/434748 http://www.osvdb.org/35575 http://www.securityfocus.com/bid/24222 http://www.securitytracker.com/id?1018136 http://www.vupen.com/english/advisories/2007/1974 https://exchange.xforce.ibmcloud.com/vulnerabilities/34571 •
CVSS: 9.3EPSS: 2%CPEs: 43EXPL: 0CVE-2007-2388
https://notcve.org/view.php?id=CVE-2007-2388
Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not properly restrict QTObject subclassing, which allows remote attackers to execute arbitrary code via a web page containing a user-defined class that accesses unsafe functions that can be leveraged to write to arbitrary memory locations. Apple QuickTime para Java versión 7.1.6 en Mac OS X y Windows, no restringe apropiadamente la subclase de QTObject, lo que permite a atacantes remotos ejecutar código arbitrario por medio de una página web que contiene una clase definida por el usuario que accede a funciones no seguras que pueden ser aprovechadas para escribir en ubicaciones de memoria arbitrarias. • http://lists.apple.com/archives/security-announce/2007/May/msg00005.html http://secunia.com/advisories/25130 http://secunia.com/secunia_research/2007-52/advisory http://www.kb.cert.org/vuls/id/995836 http://www.osvdb.org/35576 http://www.securityfocus.com/bid/24221 http://www.securitytracker.com/id?1018136 http://www.vupen.com/english/advisories/2007/1974 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 1%CPEs: 20EXPL: 0CVE-2007-0750
https://notcve.org/view.php?id=CVE-2007-0750
Integer overflow in CoreGraphics in Apple Mac OS X 10.4 up to 10.4.9 allows remote user-assisted attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted PDF file. Desbordamiento de entero en el CoreGraphics del Apple Mac OS X 10.4 hasta la 10.4.9 permite a atacantes con la intervención del usuario provocar una denegación de servicio (terminación de la aplicación) o ejecutar código de su elección a través de un fichero PDF modificado. • http://docs.info.apple.com/article.html?artnum=305530 http://lists.apple.com/archives/security-announce/2007/May/msg00004.html http://secunia.com/advisories/25402 http://www.osvdb.org/35146 http://www.securityfocus.com/bid/24144 http://www.securitytracker.com/id?1018114 http://www.vupen.com/english/advisories/2007/1939 https://exchange.xforce.ibmcloud.com/vulnerabilities/34499 •