Search Results (Refine Search)
- Keyword (text search): cpe:2.3:o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2008-1147 |
A certain pseudo-random number generator (PRNG) algorithm that uses XOR and 2-bit random hops (aka "Algorithm X2"), as used in OpenBSD 2.6 through 3.4, Mac OS X 10 through 10.5.1, FreeBSD 4.4 through 7.0, and DragonFlyBSD 1.0 through 1.10.1, allows remote attackers to guess sensitive values such as IP fragmentation IDs by observing a sequence of previously generated values. NOTE: this issue can be leveraged for attacks such as injection into TCP packets and OS fingerprinting. Published: March 04, 2008; 6:44:00 PM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2008-1148 |
A certain pseudo-random number generator (PRNG) algorithm that uses ADD with 0 random hops (aka "Algorithm A0"), as used in OpenBSD 3.5 through 4.2 and NetBSD 1.6.2 through 4.0, allows remote attackers to guess sensitive values such as (1) DNS transaction IDs or (2) IP fragmentation IDs by observing a sequence of previously generated values. NOTE: this issue can be leveraged for attacks such as DNS cache poisoning, injection into TCP packets, and OS fingerprinting. Published: March 04, 2008; 6:44:00 PM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2007-6427 |
The XInput extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via requests related to byte swapping and heap corruption within multiple functions, a different vulnerability than CVE-2007-4990. Published: January 18, 2008; 6:00:00 PM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2007-6166 |
Stack-based buffer overflow in Apple QuickTime before 7.3.1, as used in QuickTime Player on Windows XP and Safari on Mac OS X, allows remote Real Time Streaming Protocol (RTSP) servers to execute arbitrary code via an RTSP response with a long Content-Type header. Published: November 28, 2007; 8:46:00 PM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2007-4678 |
AppleRAID in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 allows attackers to cause a denial of service (crash) via a crafted striped disk image, which triggers a NULL pointer dereference when it is mounted. Published: November 14, 2007; 8:46:00 PM -0500 |
V3.x:(not available) V2.0: 7.1 HIGH |
CVE-2007-4680 |
CFNetwork in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 does not properly validate certificates, which allows remote attackers to spoof trusted SSL certificates via a man-in-the-middle attack. Published: November 14, 2007; 8:46:00 PM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2007-4681 |
Buffer overflow in CoreFoundation in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 allows local users to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted directory hierarchy. Published: November 14, 2007; 8:46:00 PM -0500 |
V3.x:(not available) V2.0: 6.9 MEDIUM |
CVE-2007-4691 |
The NSURL component in Apple Mac OS X 10.4 through 10.4.10 performs case-sensitive comparisons that allow attackers to bypass intended restrictions for local file system URLs. Published: November 14, 2007; 8:46:00 PM -0500 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2007-3750 |
Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via crafted Sample Table Sample Descriptor (STSD) atoms in a movie file. Published: November 07, 2007; 6:46:00 PM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2007-3751 |
Unspecified vulnerability in QuickTime for Java in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via untrusted Java applets that gain privileges via unspecified vectors. Published: November 07, 2007; 6:46:00 PM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2007-4672 |
Stack-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via an invalid UncompressedQuickTimeData opcode length in a PICT image. Published: November 07, 2007; 6:46:00 PM -0500 |
V3.x:(not available) V2.0: 7.6 HIGH |
CVE-2007-4675 |
Heap-based buffer overflow in the QuickTime VR extension 7.2.0.240 in QuickTime.qts in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via a QTVR (QuickTime Virtual Reality) movie file containing a large size field in the atom header of a panorama sample atom. Published: November 07, 2007; 6:46:00 PM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2007-4676 |
Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via malformed elements when parsing (1) Poly type (0x0070 through 0x0074) and (2) PackBitsRgn field (0x0099) opcodes in a PICT image. Published: November 07, 2007; 6:46:00 PM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2007-4677 |
Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via an invalid color table size when parsing the color table atom (CTAB) in a movie file, related to the CTAB RGB values. Published: November 07, 2007; 6:46:00 PM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2007-2403 |
CFNetwork on Apple Mac OS X 10.3.9 and 10.4.10 does not properly validate ftp: URIs, which allows remote attackers to trigger the transmission of arbitrary FTP commands to arbitrary FTP servers. Published: August 03, 2007; 6:17:00 AM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2007-2404 |
CRLF injection vulnerability in CFNetwork on Apple Mac OS X 10.3.9 and 10.4.10 before 20070731 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in an unspecified context. NOTE: this can be leveraged for cross-site scripting (XSS) attacks. Published: August 03, 2007; 6:17:00 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2007-2407 |
The Samba server on Apple Mac OS X 10.3.9 and 10.4.10, when Windows file sharing is enabled, does not enforce disk quotas after dropping privileges, which allows remote authenticated users to use disk space in excess of quota. Published: August 03, 2007; 6:17:00 AM -0400 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2007-2409 |
Cross-domain vulnerability in WebCore on Apple Mac OS X 10.3.9 and 10.4.10 allows remote attackers to obtain sensitive information via a popup window, which is able to read the current URL of the parent window. Published: August 03, 2007; 6:17:00 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2007-2410 |
WebCore on Apple Mac OS X 10.3.9 and 10.4.10 retains properties of certain global objects when a new URL is visited in the same window, which allows remote attackers to conduct cross-site scripting (XSS) attacks. Published: August 03, 2007; 6:17:00 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2007-3745 |
The Java interface to CoreAudio on Apple Mac OS X 10.3.9 and 10.4.10 contains an unsafe interface that is exposed by JDirect, which allows remote attackers to free arbitrary memory and thereby execute arbitrary code. Published: August 03, 2007; 6:17:00 AM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |