U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:apple:mac_os_x:10.4.8:*:*:*:*:*:*:*
There are 2,144 matching records.
Displaying matches 2,061 through 2,080.
Vuln ID Summary CVSS Severity
CVE-2007-3748

Buffer overflow in the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) implementation in iChat on Apple Mac OS X 10.3.9 and 10.4.10 allows network-adjacent remote attackers to execute arbitrary code via a crafted packet.

Published: August 03, 2007; 6:17:00 AM -0400
V3.x:(not available)
V2.0: 5.4 MEDIUM
CVE-2007-3828

Unspecified vulnerability in mDNSResponder in Apple Mac OS X allows remote attackers to execute arbitrary code via unspecified vectors, a related issue to CVE-2007-2386.

Published: July 17, 2007; 5:30:00 PM -0400
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2007-3798

Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 and earlier allows remote attackers to execute arbitrary code via crafted TLVs in a BGP packet, related to an unchecked return value.

Published: July 16, 2007; 6:30:00 PM -0400
V3.1: 9.8 CRITICAL
V2.0: 6.8 MEDIUM
CVE-2007-3073

Directory traversal vulnerability in Mozilla Firefox 2.0.0.4 and earlier on Mac OS X and Unix allows remote attackers to read arbitrary files via ..%2F (dot dot encoded slash) sequences in a resource:// URI.

Published: June 06, 2007; 6:30:00 AM -0400
V3.x:(not available)
V2.0: 7.8 HIGH
CVE-2007-2388

Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not properly restrict QTObject subclassing, which allows remote attackers to execute arbitrary code via a web page containing a user-defined class that accesses unsafe functions that can be leveraged to write to arbitrary memory locations.

Published: May 29, 2007; 5:30:00 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2007-2389

Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not clear potentially sensitive memory before use, which allows remote attackers to read memory from a web browser via unknown vectors related to Java applets.

Published: May 29, 2007; 5:30:00 PM -0400
V3.x:(not available)
V2.0: 7.1 HIGH
CVE-2007-0750

Integer overflow in CoreGraphics in Apple Mac OS X 10.4 up to 10.4.9 allows remote user-assisted attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted PDF file.

Published: May 24, 2007; 6:30:00 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2007-0751

A cleanup script in crontabs in Apple Mac OS X 10.3.9 and 10.4.9 might delete filesystems that have been mounted in /tmp, which might allow local users to cause a denial of service, related to the find command.

Published: May 24, 2007; 6:30:00 PM -0400
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2007-0752

The PPP daemon (pppd) in Apple Mac OS X 10.4.8 checks ownership of the stdin file descriptor to determine if the invoker has sufficient privileges, which allows local users to load arbitrary plugins and gain root privileges by bypassing this check.

Published: May 24, 2007; 6:30:00 PM -0400
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2007-0753

Format string vulnerability in the VPN daemon (vpnd) in Apple Mac OS X 10.3.9 and 10.4.9 allows local users to execute arbitrary code via the -i parameter.

Published: May 24, 2007; 6:30:00 PM -0400
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2007-2386

Buffer overflow in mDNSResponder in Apple Mac OS X 10.4 up to 10.4.9 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted UPnP Internet Gateway Device (IGD) packet.

Published: May 24, 2007; 6:30:00 PM -0400
V3.x:(not available)
V2.0: 9.4 HIGH
CVE-2007-0735

Use-after-free vulnerability in Libinfo in Apple Mac OS X 10.3.9 through 10.4.9 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors involving crafted web pages that trigger certain error conditions that are not properly reported in certain circumstances, resulting in accessing deallocated memory.

Published: April 24, 2007; 1:19:00 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2007-0736

Integer overflow in the RPC library in Libinfo in Apple Mac OS X 10.3.9 through 10.4.9 allows remote attackers to execute arbitrary code via crafted requests to portmap.

Published: April 24, 2007; 1:19:00 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2007-0737

The Login Window in Apple Mac OS X 10.3.9 through 10.4.9 does not properly check certain environment variables, which allows local users to gain privileges via unspecified vectors.

Published: April 24, 2007; 1:19:00 PM -0400
V3.x:(not available)
V2.0: 4.6 MEDIUM
CVE-2007-0738

The Login Window in Apple Mac OS X 10.4 through 10.4.9 does not display the screen saver authentication dialog in certain circumstances when waking from sleep, even though the "require a password to wake the computer from sleep" option is enabled, which allows local users to bypass authentication controls.

Published: April 24, 2007; 1:19:00 PM -0400
V3.x:(not available)
V2.0: 4.6 MEDIUM
CVE-2007-0739

The Login Window in Apple Mac OS X 10.4 through 10.4.9 displays the software update window beneath the loginwindow authentication dialog in certain circumstances related to running scheduled tasks, which allows local users to bypass authentication controls.

Published: April 24, 2007; 1:19:00 PM -0400
V3.x:(not available)
V2.0: 4.6 MEDIUM
CVE-2007-0741

Buffer overflow in natd in network_cmds in Apple Mac OS X 10.3.9 through 10.4.9, when Internet Sharing is enabled, allows remote attackers to execute arbitrary code via malformed RTSP packets.

Published: April 24, 2007; 1:19:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2007-0743

URLMount in Apple Mac OS X 10.3.9 through 10.4.9 passes the username and password credentials for mounting filesystems on SMB servers as command line arguments to the mount_sub command, which may allow local users to obtain sensitive information by listing the process.

Published: April 24, 2007; 1:19:00 PM -0400
V3.x:(not available)
V2.0: 4.9 MEDIUM
CVE-2007-0744

SMB in Apple Mac OS X 10.3.9 through 10.4.9 does not properly clean the environment when executing commands, which allows local users to gain privileges by setting unspecified environment variables.

Published: April 24, 2007; 1:19:00 PM -0400
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2007-0746

Heap-based buffer overflow in the VideoConference framework in Apple Mac OS X 10.3.9 through 10.4.9 allows remote attackers to execute arbitrary code via a "crafted SIP packet when initializing an audio/video conference".

Published: April 24, 2007; 1:19:00 PM -0400
V3.x:(not available)
V2.0: 10.0 HIGH