CVSS: 4.3EPSS: 0%CPEs: 26EXPL: 0CVE-2007-4692
https://notcve.org/view.php?id=CVE-2007-4692
The tabbed browsing feature in Apple Safari 3 before Beta Update 3.0.4 on Windows, and Mac OS X 10.4 through 10.4.10, allows remote attackers to spoof HTTP authentication for other sites and possibly conduct phishing attacks by causing an authentication sheet to be displayed for a tab that is not active, which makes it appear as if it is associated with the active tab. La funcionalidad de navegación de pestañas en Apple Safari versiones 3 anteriores a Beta Update 3.0.4 sobre Windows, y Mac OS X versiones 10.4 hasta 10.4.10, permite a atacantes remotos falsificar la autenticación HTTP para otros sitios y posiblemente conducir ataques de phishing causando que se muestre una hoja de autenticación para una pestaña que no está activa, lo que hace que parezca como si está asociada con la pestaña activa. • http://docs.info.apple.com/article.html?artnum=307041 http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html http://lists.apple.com/archives/security-announce/2007/Nov/msg00003.html http://osvdb.org/40662 http://secunia.com/advisories/27643 http://www.securityfocus.com/bid/26444 http://www.securityfocus.com/bid/26447 http://www.us-cert.gov/cas/techalerts/TA07-319A.html http://www.vupen.com/english/advisories/2007/3868 https://exchange.xforce.ibmcloud.com&#x • CWE-287: Improper Authentication •
CVSS: 6.8EPSS: 1%CPEs: 5EXPL: 0CVE-2007-2403
https://notcve.org/view.php?id=CVE-2007-2403
CFNetwork on Apple Mac OS X 10.3.9 and 10.4.10 does not properly validate ftp: URIs, which allows remote attackers to trigger the transmission of arbitrary FTP commands to arbitrary FTP servers. CFNetwork en Apple Mac OS X 10.3.9 y 10.4.10 no valida adecuadamente URIs ftp:, lo cual permite a atacantes remotos provocar la transmisión de comandos FTP de su elección mediante servidores FTP de su elección. • http://docs.info.apple.com/article.html?artnum=306172 http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html http://secunia.com/advisories/26235 http://securitytracker.com/id?1018491 http://www.securityfocus.com/bid/25159 http://www.vupen.com/english/advisories/2007/2732 https://exchange.xforce.ibmcloud.com/vulnerabilities/35721 •
CVSS: 6.8EPSS: 3%CPEs: 5EXPL: 0CVE-2007-3745
https://notcve.org/view.php?id=CVE-2007-3745
The Java interface to CoreAudio on Apple Mac OS X 10.3.9 and 10.4.10 contains an unsafe interface that is exposed by JDirect, which allows remote attackers to free arbitrary memory and thereby execute arbitrary code. La interfaz Java para CoreAudio en Apple Mac OS X 10.3.9 y 10.4.10 contiene una interfaz no segura que es expuesta por JDirect, lo cual permite a atacantes remotos liberar memoria de su elección y por tanto ejecutar código arbitrario. • http://docs.info.apple.com/article.html?artnum=306172 http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html http://secunia.com/advisories/26235 http://securitytracker.com/id?1018492 http://www.securityfocus.com/bid/25159 http://www.vupen.com/english/advisories/2007/2732 https://exchange.xforce.ibmcloud.com/vulnerabilities/35725 •
CVSS: 4.0EPSS: 1%CPEs: 5EXPL: 0CVE-2007-2407
https://notcve.org/view.php?id=CVE-2007-2407
The Samba server on Apple Mac OS X 10.3.9 and 10.4.10, when Windows file sharing is enabled, does not enforce disk quotas after dropping privileges, which allows remote authenticated users to use disk space in excess of quota. El servidor Samba en Apple Mac OS X 10.3.9 y 10.4.10, cuando la compartición de archivos Windows está habilitada, no impone quotas de disco tras borrar privilegios, lo cual permite a usuarios remotos autenticados utilizar espacio de disco que excede la quota. • http://docs.info.apple.com/article.html?artnum=306172 http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html http://secunia.com/advisories/26235 http://www.securityfocus.com/bid/25159 http://www.vupen.com/english/advisories/2007/2732 https://exchange.xforce.ibmcloud.com/vulnerabilities/35738 •
CVSS: 5.8EPSS: 6%CPEs: 22EXPL: 0CVE-2007-3744
https://notcve.org/view.php?id=CVE-2007-3744
Heap-based buffer overflow in the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) implementation in mDNSResponder on Apple Mac OS X 10.4.10 before 20070731 allows network-adjacent remote attackers to execute arbitrary code via a crafted packet. Desbordamiento de búfer en la región heap de la memoria en la implementación uPnP IGD (Internet Gateway Device Standardized Device Control Protocol) en mDNSResponder en Apple Mac OS X versión 10.4.10 anterior a 20070731, permite a atacantes remotos adyacentes a la red ejecutar código arbitrario por medio de un paquete diseñado. • http://docs.info.apple.com/article.html?artnum=306172 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=573 http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html http://secunia.com/advisories/26235 http://www.securityfocus.com/bid/25159 http://www.securitytracker.com/id?1018488 http://www.vupen.com/english/advisories/2007/2732 https://exchange.xforce.ibmcloud.com/vulnerabilities/35733 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •