CVSS: 7.1EPSS: 0%CPEs: 23EXPL: 0CVE-2007-4678
https://notcve.org/view.php?id=CVE-2007-4678
AppleRAID in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 allows attackers to cause a denial of service (crash) via a crafted striped disk image, which triggers a NULL pointer dereference when it is mounted. AppleRAID en Apple Mac OS X 10.3.9 y 10.4 hasta 10.4.10 permite a atacantes provocar una denegación de servicio (caída) mediante una imagen de disco dañada por manipulación, lo cual provoca una referencia a un puntero nulo cuando es montada. • http://docs.info.apple.com/article.html?artnum=307041 http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html http://secunia.com/advisories/27643 http://securitytracker.com/id?1018950 http://www.securityfocus.com/bid/26444 http://www.us-cert.gov/cas/techalerts/TA07-319A.html http://www.vupen.com/english/advisories/2007/3868 https://exchange.xforce.ibmcloud.com/vulnerabilities/38461 •
CVSS: 2.6EPSS: 0%CPEs: 1EXPL: 0CVE-2007-4679
https://notcve.org/view.php?id=CVE-2007-4679
CFFTP in CFNetwork for Apple Mac OS X 10.4 through 10.4.10 allows remote FTP servers to force clients to connect to other hosts via crafted responses to FTP PASV commands. CFFTP en CFNetwork para Apple Mac OS X 10.4 hasta 10.4.10 permite a servidores FTP remotos forzar a los clientes a conectarse a otro anfitrión mediante respuestas manipuladas a comandos FTP PASV. • http://docs.info.apple.com/article.html?artnum=307041 http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html http://secunia.com/advisories/27643 http://securitytracker.com/id?1018950 http://www.securityfocus.com/bid/26444 http://www.us-cert.gov/cas/techalerts/TA07-319A.html http://www.vupen.com/english/advisories/2007/3868 https://exchange.xforce.ibmcloud.com/vulnerabilities/38462 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2007-4682
https://notcve.org/view.php?id=CVE-2007-4682
CoreText in Apple Mac OS X 10.4 through 10.4.10 allows attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted text content that triggers an access of an uninitialized object pointer. CoreText de Apple Mac OS X 10.4 hasta 10.4.10 permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) y posiblemente ejecutar código de su elección mediante contenido textual manipulado que dispara un acceso de un puntero a objeto no inicializado. • http://docs.info.apple.com/article.html?artnum=307041 http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html http://secunia.com/advisories/27643 http://securitytracker.com/id?1018950 http://www.kb.cert.org/vuls/id/498105 http://www.securityfocus.com/bid/26444 http://www.us-cert.gov/cas/techalerts/TA07-319A.html http://www.vupen.com/english/advisories/2007/3868 https://exchange.xforce.ibmcloud.com/vulnerabilities/38465 • CWE-824: Access of Uninitialized Pointer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2007-3749
https://notcve.org/view.php?id=CVE-2007-3749
The kernel in Apple Mac OS X 10.4 through 10.4.10 does not reset the current Mach Thread Port or Thread Exception Port when executing a setuid program, which allows local users to execute arbitrary code by creating the port before launching the setuid program, then writing to the address space of the setuid process. El kernel en Apple Mac OS X versiones 10.4 hasta 10.4.10, no restablece el actual Puerto del Subproceso (Hilo) Mach o Puerto de Excepción de Subproceso (Hilo) cuando se ejecuta un programa setuid, lo que permite a usuarios locales ejecutar código arbitrario mediante la creación del puerto antes de iniciar el programa setuid, luego escribiendo en el espacio de direcciones del proceso setuid. • http://docs.info.apple.com/article.html?artnum=307041 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=630 http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html http://secunia.com/advisories/27643 http://www.securityfocus.com/bid/26444 http://www.us-cert.gov/cas/techalerts/TA07-319A.html http://www.vupen.com/english/advisories/2007/3868 https://exchange.xforce.ibmcloud.com/vulnerabilities/38466 • CWE-665: Improper Initialization •
CVSS: 7.2EPSS: 0%CPEs: 11EXPL: 0CVE-2007-4267
https://notcve.org/view.php?id=CVE-2007-4267
Stack-based buffer overflow in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a crafted IOCTL request that adds an AppleTalk zone to a routing table. Un desbordamiento de búfer en la región stack de la memoria en el componente Networking en Apple Mac OS X versiones 10.4 hasta 10.4.10, permite a usuarios locales ejecutar código arbitrario por medio de una petición IOCTL diseñada que agrega una zona de AppleTalk en una tabla de enrutamiento. • http://docs.info.apple.com/article.html?artnum=307041 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=627 http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html http://secunia.com/advisories/27643 http://securitytracker.com/id?1018950 http://www.securityfocus.com/bid/26444 http://www.us-cert.gov/cas/techalerts/TA07-319A.html http://www.vupen.com/english/advisories/2007/3868 https://exchange.xforce.ibmcloud.com/vulnerabilities/38475 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •