CVSS: 10.0EPSS: 5%CPEs: 8EXPL: 0CVE-2007-0748
https://notcve.org/view.php?id=CVE-2007-0748
Heap-based buffer overflow in Apple Darwin Streaming Proxy, when using Darwin Streaming Server before 5.5.5, allows remote attackers to execute arbitrary code via multiple trackID values in a SETUP RTSP request. Desbordamiento de búfer basado en montículo en Apple Darwin Streaming Proxy, cuando utiliza Darwin Streaming Server versiones anteriores a 5.5.5, permite a atacantes remotos ejecutar código de su elección mediante múltiples valores trackID en una petición SETUP RTSP. • http://docs.info.apple.com/article.html?artnum=305495 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=533 http://lists.apple.com/archives/Security-announce/2007/May/msg00002.html http://osvdb.org/35975 http://secunia.com/advisories/25193 http://www.securityfocus.com/bid/23918 http://www.securitytracker.com/id?1018047 http://www.vupen.com/english/advisories/2007/1770 https://exchange.xforce.ibmcloud.com/vulnerabilities/34225 •
CVSS: 10.0EPSS: 4%CPEs: 8EXPL: 0CVE-2007-0749
https://notcve.org/view.php?id=CVE-2007-0749
Multiple stack-based buffer overflows in the is_command function in proxy.c in Apple Darwin Streaming Proxy, when using Darwin Streaming Server before 5.5.5, allow remote attackers to execute arbitrary code via a long (1) cmd or (2) server value in an RTSP request. Múltiples desbordamientos de búfer basado en pila en la función is_command en proxy.c en Apple Darwin Streaming Proxy, cuando se utiliza en Darwin Streaming Server anterior a 5.5.5, permite a atacantes remotos ejecutar código de su elección a través de un valor (1)cmd largo o (2)server en una respuesta RTSP. • http://docs.info.apple.com/article.html?artnum=305495 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=533 http://lists.apple.com/archives/Security-announce/2007/May/msg00002.html http://osvdb.org/35976 http://secunia.com/advisories/25193 http://www.securityfocus.com/bid/23918 http://www.securitytracker.com/id?1018047 http://www.vupen.com/english/advisories/2007/1770 https://exchange.xforce.ibmcloud.com/vulnerabilities/34222 •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2007-0745
https://notcve.org/view.php?id=CVE-2007-0745
The Apple Security Update 2007-004 uses an incorrect configuration file for FTPServer in Apple Mac OS X Server 10.4.9, which might allow remote authenticated users to access additional directories. El Apple Security Update 2007-004 utiliza un archivo de configuración incorrecta para TPServer en Apple Mac OS X Server 10.4.9, lo cual podría permitir a usuario validados acceder a directorios adicionales. • http://lists.apple.com/archives/security-announce/2007/May/msg00000.html http://www.osvdb.org/34869 http://www.securitytracker.com/id?1017990 https://exchange.xforce.ibmcloud.com/vulnerabilities/34001 •
CVSS: 9.3EPSS: 1%CPEs: 22EXPL: 0CVE-2007-0735
https://notcve.org/view.php?id=CVE-2007-0735
Use-after-free vulnerability in Libinfo in Apple Mac OS X 10.3.9 through 10.4.9 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors involving crafted web pages that trigger certain error conditions that are not properly reported in certain circumstances, resulting in accessing deallocated memory. Vulnerabilidad de uso después de la liberación (Use-After-Free) en Libinfo en Apple Mac OS X 10.3.9 hasta la 10.4.9 permite a atacantes remotos provocar denegación de servicio (caida de aplicación) o posiblemente ejecutar código de su elección a través de vectores no especificados afectadndo a páginas web manipuladas que disparán ciertas condiciones de error que no son informadas ed forma adecuada bajo ciertas circustancias, desembocando en un acceso a memoria no asignada. • http://docs.info.apple.com/article.html?artnum=305391 http://lists.apple.com/archives/Security-announce/2007/Apr/msg00001.html http://secunia.com/advisories/24966 http://www.osvdb.org/34860 http://www.securityfocus.com/bid/23569 http://www.securitytracker.com/id?1017942 http://www.us-cert.gov/cas/techalerts/TA07-109A.html http://www.vupen.com/english/advisories/2007/1470 •
CVSS: 7.2EPSS: 0%CPEs: 22EXPL: 0CVE-2007-0744
https://notcve.org/view.php?id=CVE-2007-0744
SMB in Apple Mac OS X 10.3.9 through 10.4.9 does not properly clean the environment when executing commands, which allows local users to gain privileges by setting unspecified environment variables. SMB en Apple Mac OS X 10.3.9 hasta la 10.4.9 no limpia de forma adecuada el entorno cuando se ejecutar comandos, lo cual permite a usuarios locales ganar privilegios a través de la configuración de variables de entorno no especificadas. • http://docs.info.apple.com/article.html?artnum=305391 http://lists.apple.com/archives/Security-announce/2007/Apr/msg00001.html http://secunia.com/advisories/24966 http://www.osvdb.org/34868 http://www.securityfocus.com/bid/23569 http://www.us-cert.gov/cas/techalerts/TA07-109A.html http://www.vupen.com/english/advisories/2007/1470 •