CVSS: 6.8EPSS: 3%CPEs: 5EXPL: 0CVE-2007-3745
https://notcve.org/view.php?id=CVE-2007-3745
The Java interface to CoreAudio on Apple Mac OS X 10.3.9 and 10.4.10 contains an unsafe interface that is exposed by JDirect, which allows remote attackers to free arbitrary memory and thereby execute arbitrary code. La interfaz Java para CoreAudio en Apple Mac OS X 10.3.9 y 10.4.10 contiene una interfaz no segura que es expuesta por JDirect, lo cual permite a atacantes remotos liberar memoria de su elección y por tanto ejecutar código arbitrario. • http://docs.info.apple.com/article.html?artnum=306172 http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html http://secunia.com/advisories/26235 http://securitytracker.com/id?1018492 http://www.securityfocus.com/bid/25159 http://www.vupen.com/english/advisories/2007/2732 https://exchange.xforce.ibmcloud.com/vulnerabilities/35725 •
CVSS: 5.8EPSS: 6%CPEs: 22EXPL: 0CVE-2007-3744
https://notcve.org/view.php?id=CVE-2007-3744
Heap-based buffer overflow in the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) implementation in mDNSResponder on Apple Mac OS X 10.4.10 before 20070731 allows network-adjacent remote attackers to execute arbitrary code via a crafted packet. Desbordamiento de búfer en la región heap de la memoria en la implementación uPnP IGD (Internet Gateway Device Standardized Device Control Protocol) en mDNSResponder en Apple Mac OS X versión 10.4.10 anterior a 20070731, permite a atacantes remotos adyacentes a la red ejecutar código arbitrario por medio de un paquete diseñado. • http://docs.info.apple.com/article.html?artnum=306172 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=573 http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html http://secunia.com/advisories/26235 http://www.securityfocus.com/bid/25159 http://www.securitytracker.com/id?1018488 http://www.vupen.com/english/advisories/2007/2732 https://exchange.xforce.ibmcloud.com/vulnerabilities/35733 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 1%CPEs: 5EXPL: 0CVE-2007-2403
https://notcve.org/view.php?id=CVE-2007-2403
CFNetwork on Apple Mac OS X 10.3.9 and 10.4.10 does not properly validate ftp: URIs, which allows remote attackers to trigger the transmission of arbitrary FTP commands to arbitrary FTP servers. CFNetwork en Apple Mac OS X 10.3.9 y 10.4.10 no valida adecuadamente URIs ftp:, lo cual permite a atacantes remotos provocar la transmisión de comandos FTP de su elección mediante servidores FTP de su elección. • http://docs.info.apple.com/article.html?artnum=306172 http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html http://secunia.com/advisories/26235 http://securitytracker.com/id?1018491 http://www.securityfocus.com/bid/25159 http://www.vupen.com/english/advisories/2007/2732 https://exchange.xforce.ibmcloud.com/vulnerabilities/35721 •
CVSS: 6.8EPSS: 3%CPEs: 3EXPL: 0CVE-2007-2405
https://notcve.org/view.php?id=CVE-2007-2405
Integer underflow in Preview in PDFKit on Apple Mac OS X 10.4.10 allows remote attackers to execute arbitrary code via a crafted PDF file. Desbordamiento de entero en Preview de PDFKit en Apple Mac OS X 10.4.10 permite a atacantes remotos ejecutar código de su elección mediante un fichero PDF artesanal. • http://docs.info.apple.com/article.html?artnum=306172 http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html http://secunia.com/advisories/26235 http://www.securityfocus.com/bid/25159 http://www.vupen.com/english/advisories/2007/2732 https://exchange.xforce.ibmcloud.com/vulnerabilities/35734 •
CVSS: 5.0EPSS: 0%CPEs: 42EXPL: 0CVE-2007-2404
https://notcve.org/view.php?id=CVE-2007-2404
CRLF injection vulnerability in CFNetwork on Apple Mac OS X 10.3.9 and 10.4.10 before 20070731 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in an unspecified context. NOTE: this can be leveraged for cross-site scripting (XSS) attacks. Vulnerabilidad de inyección de retornos de carro y saltos de línea en CFNetwork en Apple Mac OS X 10.3.9 y 10.4.10 versiones anteriores a 20070731 permite a atacantes remotos inyectar cabeceras HTML de su elección y conducir ataques de partición de respuesta HTTP mediante secuencias CRLF (retornos de carro y saltos de línea) en un contexto no especificado. NOTA: esto puede ser utilizado para ataques de secuencias de comandos en sitios cruzados (XSS). • http://docs.info.apple.com/article.html?artnum=306172 http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html http://secunia.com/advisories/26235 http://securitytracker.com/id?1018491 http://www.securityfocus.com/bid/25159 http://www.vupen.com/english/advisories/2007/2732 https://exchange.xforce.ibmcloud.com/vulnerabilities/35723 •