CVSS: 9.4EPSS: 1%CPEs: 12EXPL: 1CVE-2007-5862
https://notcve.org/view.php?id=CVE-2007-5862
Java in Mac OS X 10.4 through 10.4.11 allows remote attackers to bypass Keychain access controls and add or delete arbitrary Keychain items via a crafted Java applet. Java en Mac OS X 10.4 hasta la 10.4.11 permite a atacantes remotos evitar los controles de acceso a Keychain y añadir o borrar puntos Keychain a traves de applet de Java manipulados. • http://docs.info.apple.com/article.html?artnum=307177 http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html http://secunia.com/advisories/28115 http://www.securityfocus.com/bid/26877 http://www.vupen.com/english/advisories/2007/4224 • CWE-287: Improper Authentication •
CVSS: 9.3EPSS: 91%CPEs: 2EXPL: 1CVE-2007-5863 – Apple Mac OSX Software Update - Command Execution
https://notcve.org/view.php?id=CVE-2007-5863
Software Update in Apple Mac OS X 10.5.1 allows remote attackers to execute arbitrary commands via a man-in-the-middle (MITM) attack between the client and the server, using a modified distribution definition file with the "allow-external-scripts" option. Software Update en Apple Mac OS X 10.5.1 permite a atacantes remotos ejecutar comandos mediante un ataque de hombre-en-medio (man-in-the-middle o MITM) entre el cliente y el servidor, usando un archivo de definición de distribución modificado con la opción "allow-external-scripts". • https://www.exploit-db.com/exploits/16867 http://docs.info.apple.com/article.html?artnum=307179 http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html http://secunia.com/advisories/28136 http://securitytracker.com/id?1019106 http://www.securityfocus.com/archive/1/485237/100/0/threaded http://www.securityfocus.com/bid/26908 http://www.us-cert.gov/cas/techalerts/TA07-352A.html http://www.vupen.com/english/advisories/2007/4238 https://exchange.xforce.ibmcloud • CWE-310: Cryptographic Issues •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 2CVE-2007-6359 – Apple Mac OSX xnu 1228.0 - 'super_blob' Local kernel Denial of Service (PoC)
https://notcve.org/view.php?id=CVE-2007-6359
The cs_validate_page function in bsd/kern/ubc_subr.c in the xnu kernel 1228.0 and earlier in Apple Mac OS X 10.5.1 allows local users to cause a denial of service (failed assertion and system crash) via a crafted signed Mach-O binary that causes the hashes function to return NULL. La función cs_validate_page en bsd/kern/ubc_subr.c en el kenerl xnu 1228.0 y anteriores en Apple Mac OS X 10.5.1 permite a usuarios locales provocar denegación de servicio (afirmación fallida y caida del sistema) a través de una firma manipulada binaria Mach-O quie provocar que la función de hash devuelva NULL. • https://www.exploit-db.com/exploits/4723 http://digit-labs.org/files/exploits/xnu-superblob-dos.c http://lists.apple.com/archives/security-announce/2008//May/msg00001.html http://secunia.com/advisories/28048 http://secunia.com/advisories/30430 http://www.securityfocus.com/bid/26840 http://www.us-cert.gov/cas/techalerts/TA08-150A.html http://www.vupen.com/english/advisories/2007/4216 http://www.vupen.com/english/advisories/2008/1697 https://exchange.xforce.ibmcloud.com • CWE-189: Numeric Errors •
CVSS: 7.8EPSS: 17%CPEs: 8EXPL: 2CVE-2007-6276 – Apple Mac OSX 10.5.0 (Leopard) - vpnd Remote Denial of Service (PoC)
https://notcve.org/view.php?id=CVE-2007-6276
The accept_connections function in the virtual private network daemon (vpnd) in Apple Mac OS X 10.5 before 10.5.4 allows remote attackers to cause a denial of service (divide-by-zero error and daemon crash) via a crafted load balancing packet to UDP port 4112. La función accept_connections en el demonio de red privada virtual (vpnd) en Apple Mac OS X versiones 10.5 anteriores a 10.5.4, permite a los atacantes remotos causar una denegación de servicio (error de división por cero y bloqueo del demonio) por medio de un paquete de balance de carga diseñado para UDP puerto 4112. • https://www.exploit-db.com/exploits/4690 http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html http://secunia.com/advisories/27938 http://secunia.com/advisories/30802 http://support.apple.com/kb/HT2163 http://www.securityfocus.com/bid/26699 http://www.securitytracker.com/id?1019052 http://www.vupen.com/english/advisories/2007/4145 http://www.vupen.com/english/advisories/2008/1981/references https://exchange.xforce.ibmcloud.com/vulnerabilities/38855 • CWE-189: Numeric Errors •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 2CVE-2007-6261 – Apple Mac OSX xnu 1228.0 - 'mach-o' Local Kernel Denial of Service (PoC)
https://notcve.org/view.php?id=CVE-2007-6261
Integer overflow in the load_threadstack function in the Mach-O loader (mach_loader.c) in the xnu kernel in Apple Mac OS X 10.4 through 10.5.1 allows local users to cause a denial of service (infinite loop) via a crafted Mach-O binary. Desbordamiento de entero en la función load_threadstack en el cargador Mach-O (mach_loader.c) del núcleo xnu en Apple Mac OS X 10.4 hasta 10.5.1 permite a usuarios locales provocar una denegación de servicio (bucle infinito) mediante un binario Mach-O manipulado. • https://www.exploit-db.com/exploits/4689 http://secunia.com/advisories/27884 http://www.digit-labs.org/files/exploits/xnu-macho-dos.c http://www.securityfocus.com/bid/26700 http://www.vupen.com/english/advisories/2007/4095 https://exchange.xforce.ibmcloud.com/vulnerabilities/38854 • CWE-189: Numeric Errors •