Search Results (Refine Search)
- CPE Product Version: cpe:/o:apple:mac_os_x:10.4.6
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2007-4685 |
The kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to gain privileges by executing setuid or setgid programs in which the stdio, stderr, or stdout file descriptors are "in an unexpected state." Published: November 14, 2007; 8:46:00 PM -0500 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2007-4686 |
Integer signedness error in the ttioctl function in bsd/kern/tty.c in the xnu kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to cause a denial of service (system shutdown) or gain privileges via a crafted TIOCSETD ioctl request. Published: November 14, 2007; 8:46:00 PM -0500 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2007-4687 |
The remote_cmds component in Apple Mac OS X 10.4 through 10.4.10 contains a symbolic link from the tftpboot private directory to the root directory, which allows tftpd users to escape the private directory and access arbitrary files. Published: November 14, 2007; 8:46:00 PM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2007-4688 |
The Networking component in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to obtain all addresses for a host, including link-local addresses, via a Node Information Query. Published: November 14, 2007; 8:46:00 PM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2007-4689 |
Double free vulnerability in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to cause a denial of service (system shutdown) or execute arbitrary code via crafted IPV6 packets. Published: November 14, 2007; 8:46:00 PM -0500 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2007-4690 |
Double free vulnerability in the NFS component in Apple Mac OS X 10.4 through 10.4.10 allows remote authenticated users to execute arbitrary code via a crafted AUTH_UNIX RPC packet. Published: November 14, 2007; 8:46:00 PM -0500 |
V3.x:(not available) V2.0: 9.0 HIGH |
CVE-2007-4691 |
The NSURL component in Apple Mac OS X 10.4 through 10.4.10 performs case-sensitive comparisons that allow attackers to bypass intended restrictions for local file system URLs. Published: November 14, 2007; 8:46:00 PM -0500 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2007-4693 |
The SecurityAgent component in Mac OS X 10.4 through 10.4.10 allows attackers with physical access to bypass the authentication dialog of the screen saver and send keystrokes to a process, related to "handling of keyboard focus between secure text fields." Published: November 14, 2007; 8:46:00 PM -0500 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2007-4694 |
Safari in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to access local content via file:// URLs. Published: November 14, 2007; 8:46:00 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2007-4695 |
Unspecified "input validation" vulnerability in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to modify form field values via unknown vectors related to file uploads. Published: November 14, 2007; 8:46:00 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2007-4696 |
Race condition in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to obtain information for forms from other sites via unknown vectors related to "page transitions" in Safari. Published: November 14, 2007; 8:46:00 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2007-4697 |
Unspecified vulnerability in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via unknown vectors related to browser history, which triggers memory corruption. Published: November 14, 2007; 8:46:00 PM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2007-4692 |
The tabbed browsing feature in Apple Safari 3 before Beta Update 3.0.4 on Windows, and Mac OS X 10.4 through 10.4.10, allows remote attackers to spoof HTTP authentication for other sites and possibly conduct phishing attacks by causing an authentication sheet to be displayed for a tab that is not active, which makes it appear as if it is associated with the active tab. Published: November 14, 2007; 7:46:00 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2007-3758 |
Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and in Mac OS X 10.4 through 10.4.10, allows remote attackers to set Javascript window properties for web pages that are in a different domain, which can be leveraged to conduct cross-site scripting (XSS) attacks. Published: September 27, 2007; 6:17:00 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2007-3760 |
Cross-site scripting (XSS) vulnerability in Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to inject arbitrary web script or HTML via frame tags. Published: September 27, 2007; 6:17:00 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2007-4671 |
Unspecified vulnerability in Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to "alter or access" HTTPS content via an HTTP session with a crafted web page that causes Javascript to be applied to HTTPS pages from the same domain. Published: September 27, 2007; 6:17:00 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2007-3756 |
Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to obtain sensitive information via a crafted web page that identifies the URL of the parent window, even when the parent window is in a different domain. Published: September 27, 2007; 5:17:00 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2007-2404 |
CRLF injection vulnerability in CFNetwork on Apple Mac OS X 10.3.9 and 10.4.10 before 20070731 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in an unspecified context. NOTE: this can be leveraged for cross-site scripting (XSS) attacks. Published: August 03, 2007; 6:17:00 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2007-3744 |
Heap-based buffer overflow in the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) implementation in mDNSResponder on Apple Mac OS X 10.4.10 before 20070731 allows network-adjacent remote attackers to execute arbitrary code via a crafted packet. Published: August 03, 2007; 6:17:00 AM -0400 |
V3.x:(not available) V2.0: 5.8 MEDIUM |
CVE-2007-3746 |
The Java interface to CoreAudio on Apple Mac OS X 10.3.9 and 10.4.10 does not properly check the bounds of heap read and write operations, which allows remote attackers to execute arbitrary code via a crafted applet. Published: August 03, 2007; 6:17:00 AM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |