CVSS: 4.3EPSS: 0%CPEs: 20EXPL: 0CVE-2007-4695
https://notcve.org/view.php?id=CVE-2007-4695
Unspecified "input validation" vulnerability in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to modify form field values via unknown vectors related to file uploads. Vulnerabilidad de "validación de entrada" no especificada en WebCore de Apple Mac OS X 10.4 hasta 10.4.10 permite a atacantes remotos modificar valores de campos de formulario mediante vectores desconocidos relativos a promoción de ficheros. • http://docs.info.apple.com/article.html?artnum=307041 http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html http://secunia.com/advisories/27643 http://securitytracker.com/id?1018948 http://www.securityfocus.com/bid/26444 http://www.us-cert.gov/cas/techalerts/TA07-319A.html http://www.vupen.com/english/advisories/2007/3868 https://exchange.xforce.ibmcloud.com/vulnerabilities/38482 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 20EXPL: 0CVE-2007-4696
https://notcve.org/view.php?id=CVE-2007-4696
Race condition in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to obtain information for forms from other sites via unknown vectors related to "page transitions" in Safari. Condición de carrera en WebCore de Apple Mac OS X 10.4 hasta 10.4.10 permite a atacantes remotos obtener información confidencial de formularios de otros sitios mediante vectores desconocidos relativos a "transiciones de página" en Safari. • http://docs.info.apple.com/article.html?artnum=307041 http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html http://secunia.com/advisories/27643 http://securitytracker.com/id?1018948 http://www.securityfocus.com/bid/26444 http://www.us-cert.gov/cas/techalerts/TA07-319A.html http://www.vupen.com/english/advisories/2007/3868 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.8EPSS: 2%CPEs: 20EXPL: 0CVE-2007-4697
https://notcve.org/view.php?id=CVE-2007-4697
Unspecified vulnerability in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via unknown vectors related to browser history, which triggers memory corruption. Vulnerabilidad sin especificar en el WebCore del Apple Mac OS X 10.4 hasta el 10.4.10 permite a atacantes remotos provocar una denegación de servicio (terminación de la aplicación) o ejecutar código de su elección a través de vectores desconocidos relacionados con el histórico del navegador, lo que dispara una corrupción de memoria. • http://docs.info.apple.com/article.html?artnum=307041 http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html http://secunia.com/advisories/27643 http://securitytracker.com/id?1018948 http://www.securityfocus.com/bid/26444 http://www.us-cert.gov/cas/techalerts/TA07-319A.html http://www.vupen.com/english/advisories/2007/3868 https://exchange.xforce.ibmcloud.com/vulnerabilities/38483 •
CVSS: 7.2EPSS: 0%CPEs: 20EXPL: 0CVE-2007-4693
https://notcve.org/view.php?id=CVE-2007-4693
The SecurityAgent component in Mac OS X 10.4 through 10.4.10 allows attackers with physical access to bypass the authentication dialog of the screen saver and send keystrokes to a process, related to "handling of keyboard focus between secure text fields." El componente SecurityAgent de Mac OS X 10.4 hasta 10.4.10 permite a atacantes con acceso físico evitar el diálogo de autenticación del salvapantallas y enviar pulsaciones de teclado a un proceso, relacionado con "el manejo del foco de teclado entre campos de texto seguros". • http://docs.info.apple.com/article.html?artnum=307041 http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html http://secunia.com/advisories/27643 http://securitytracker.com/id?1018951 http://www.securityfocus.com/bid/26444 http://www.us-cert.gov/cas/techalerts/TA07-319A.html http://www.vupen.com/english/advisories/2007/3868 https://exchange.xforce.ibmcloud.com/vulnerabilities/38480 • CWE-287: Improper Authentication •
CVSS: 7.2EPSS: 0%CPEs: 23EXPL: 0CVE-2007-4269
https://notcve.org/view.php?id=CVE-2007-4269
Integer overflow in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a crafted AppleTalk Session Protocol (ASP) message on an AppleTalk socket, which triggers a heap-based buffer overflow. Un desbordamiento de enteros en el componente Networking en Apple Mac OS X versiones 10.4 hasta 10.4.10, permite a usuarios locales ejecutar código arbitrario por medio de un mensaje de AppleTalk Session Protocol (ASP) diseñado en un socket de AppleTalk, que desencadena un desbordamiento de búfer en la región heap de la memoria . • http://docs.info.apple.com/article.html?artnum=307041 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=629 http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html http://secunia.com/advisories/27643 http://securitytracker.com/id?1018950 http://www.securityfocus.com/bid/26444 http://www.us-cert.gov/cas/techalerts/TA07-319A.html http://www.vupen.com/english/advisories/2007/3868 https://exchange.xforce.ibmcloud.com/vulnerabilities/38473 • CWE-189: Numeric Errors •