CVSS: 7.2EPSS: 0%CPEs: 20EXPL: 0CVE-2007-4686
https://notcve.org/view.php?id=CVE-2007-4686
Integer signedness error in the ttioctl function in bsd/kern/tty.c in the xnu kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to cause a denial of service (system shutdown) or gain privileges via a crafted TIOCSETD ioctl request. Un error en la propiedad signedness de enteros en la función ttioctl en el archivo bsd/kern/tty.c en el Kernel xnu en Apple Mac OS X versiones 10.4 hasta 10.4.10, permite a usuarios locales causar una denegación de servicio (apagado del sistema) o alcanzar privilegios por medio de una petición ioctl TIOCSETD diseñada. • http://docs.info.apple.com/article.html?artnum=307041 http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html http://secunia.com/advisories/27643 http://securitytracker.com/id?1018950 http://www.securityfocus.com/archive/1/483753/100/200/threaded http://www.securityfocus.com/bid/26444 http://www.trapkit.de/advisories/TKADV2007-001.txt http://www.us-cert.gov/cas/techalerts/TA07-319A.html http://www.vupen.com/english/advisories/2007/3868 https://exchange.xfor • CWE-189: Numeric Errors •
CVSS: 7.1EPSS: 0%CPEs: 23EXPL: 0CVE-2007-4678
https://notcve.org/view.php?id=CVE-2007-4678
AppleRAID in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 allows attackers to cause a denial of service (crash) via a crafted striped disk image, which triggers a NULL pointer dereference when it is mounted. AppleRAID en Apple Mac OS X 10.3.9 y 10.4 hasta 10.4.10 permite a atacantes provocar una denegación de servicio (caída) mediante una imagen de disco dañada por manipulación, lo cual provoca una referencia a un puntero nulo cuando es montada. • http://docs.info.apple.com/article.html?artnum=307041 http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html http://secunia.com/advisories/27643 http://securitytracker.com/id?1018950 http://www.securityfocus.com/bid/26444 http://www.us-cert.gov/cas/techalerts/TA07-319A.html http://www.vupen.com/english/advisories/2007/3868 https://exchange.xforce.ibmcloud.com/vulnerabilities/38461 •
CVSS: 6.8EPSS: 0%CPEs: 24EXPL: 0CVE-2007-4680
https://notcve.org/view.php?id=CVE-2007-4680
CFNetwork in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 does not properly validate certificates, which allows remote attackers to spoof trusted SSL certificates via a man-in-the-middle attack. CFNetwork de Apple Mac OS X 10.3.9 Y 10.4 hasta 10.4.10 no valida adecuadamente los certificados, lo cual permite a atacantes remotos falsificar certificados SSL confiables mediante un ataque de hombre en medio (man-in-the-middle). • http://docs.info.apple.com/article.html?artnum=307041 http://docs.info.apple.com/article.html?artnum=307563 http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html http://secunia.com/advisories/27643 http://securitytracker.com/id?1018950 http://www.securityfocus.com/bid/26444 http://www.us-cert.gov/cas/techalerts/TA07-319A.html http://www.vupen.com/english/advisories/2007/3868 http://www.vupen.com/english/advisories/2008/0920/references https://exchange.xforc • CWE-287: Improper Authentication •
CVSS: 9.3EPSS: 0%CPEs: 20EXPL: 0CVE-2007-4687
https://notcve.org/view.php?id=CVE-2007-4687
The remote_cmds component in Apple Mac OS X 10.4 through 10.4.10 contains a symbolic link from the tftpboot private directory to the root directory, which allows tftpd users to escape the private directory and access arbitrary files. El componente remote_cmds de Apple Mac OS X 10.4 hasta 10.4.10 contiene un enlace simbólico desde el directorio privado tftpboot al directorio root, lo cual permite a usuarios tftpd escapar del directorio privado y acceder a archivos de su elección. • http://docs.info.apple.com/article.html?artnum=307041 http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html http://secunia.com/advisories/27643 http://securitytracker.com/id?1018950 http://www.securityfocus.com/bid/26444 http://www.us-cert.gov/cas/techalerts/TA07-319A.html http://www.vupen.com/english/advisories/2007/3868 https://exchange.xforce.ibmcloud.com/vulnerabilities/38471 • CWE-16: Configuration •
CVSS: 5.0EPSS: 0%CPEs: 20EXPL: 0CVE-2007-4688
https://notcve.org/view.php?id=CVE-2007-4688
The Networking component in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to obtain all addresses for a host, including link-local addresses, via a Node Information Query. El componente de Red de Apple Mac OS X 10.4 hasta 10.4.10 permite a atacantes remotos obtener todas las direcciones de un host, incluyendo direcciones enlazadas locales, mediante una Consulta de Información de Nodo. • http://docs.info.apple.com/article.html?artnum=307041 http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html http://secunia.com/advisories/27643 http://securitytracker.com/id?1018950 http://www.securityfocus.com/bid/26444 http://www.us-cert.gov/cas/techalerts/TA07-319A.html http://www.vupen.com/english/advisories/2007/3868 https://exchange.xforce.ibmcloud.com/vulnerabilities/38472 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •