Max CVSS 10.0 Min CVSS 2.1 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2007-4682 6.8
CoreText in Apple Mac OS X 10.4 through 10.4.10 allows attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted text content that triggers an access of an uninitialized object pointer.
09-02-2024 - 03:24 15-11-2007 - 01:46
CVE-2007-3749 7.2
The kernel in Apple Mac OS X 10.4 through 10.4.10 does not reset the current Mach Thread Port or Thread Exception Port when executing a setuid program, which allows local users to execute arbitrary code by creating the port before launching the setui
09-02-2024 - 00:35 15-11-2007 - 01:46
CVE-2007-4268 7.2
Integer signedness error in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a crafted AppleTalk message with a negative value, which satisfies a signed comparison during mbuf allocation
02-02-2024 - 02:35 15-11-2007 - 01:46
CVE-2007-2754 6.8
Integer signedness error in truetype/ttgload.c in Freetype 2.3.4 and earlier might allow remote attackers to execute arbitrary code via a crafted TTF image with a negative n_points value, which leads to an integer overflow and heap-based buffer overf
13-02-2023 - 02:17 17-05-2007 - 22:30
CVE-2007-4671 6.8
Unspecified vulnerability in Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to "alter or access" HTTPS content via an HTTP session with a crafted web page that
09-08-2022 - 13:46 27-09-2007 - 22:17
CVE-2007-3760 4.3
Cross-site scripting (XSS) vulnerability in Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to inject arbitrary web script or HTML via frame tags.
09-08-2022 - 13:46 27-09-2007 - 22:17
CVE-2007-3758 4.3
Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and in Mac OS X 10.4 through 10.4.10, allows remote attackers to set Javascript window properties for web pages that are in a different domain, which can be leveraged to c
09-08-2022 - 13:46 27-09-2007 - 22:17
CVE-2007-3756 4.3
Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to obtain sensitive information via a crafted web page that identifies the URL of the parent window, even when t
09-08-2022 - 13:46 27-09-2007 - 21:17
CVE-2005-1260 5.0
bzip2 allows remote attackers to cause a denial of service (hard drive consumption) via a crafted bzip2 file that causes an infinite loop (a.k.a "decompression bomb").
13-11-2020 - 17:07 19-05-2005 - 04:00
CVE-2007-4743 10.0
The original patch for CVE-2007-3999 in svc_auth_gss.c in the RPCSEC_GSS RPC library in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and other applications that use krb5, does not correctly check th
21-01-2020 - 15:45 06-09-2007 - 22:17
CVE-2007-3999 10.0
Stack-based buffer overflow in the svcauth_gss_validate function in lib/rpc/svc_auth_gss.c in the RPCSEC_GSS RPC library (librpcsecgss) in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and some third
21-01-2020 - 15:45 05-09-2007 - 10:17
CVE-2007-2926 4.3
ISC BIND 9 through 9.5.0a5 uses a weak random number generator during generation of DNS query ids when answering resolver questions or sending NOTIFY messages to slave name servers, which makes it easier for remote attackers to guess the next query i
30-10-2018 - 16:27 24-07-2007 - 17:30
CVE-2007-4679 2.6
CFFTP in CFNetwork for Apple Mac OS X 10.4 through 10.4.10 allows remote FTP servers to force clients to connect to other hosts via crafted responses to FTP PASV commands.
26-10-2018 - 14:06 15-11-2007 - 01:46
CVE-2005-0953 3.7
Race condition in bzip2 1.0.2 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by bzip2 after the decompression is complete.
19-10-2018 - 15:31 02-05-2005 - 04:00
CVE-2007-3456 9.3
Integer overflow in Adobe Flash Player 9.0.45.0 and earlier might allow remote attackers to execute arbitrary code via a large length value for a (1) Long string or (2) XML variable type in a crafted (a) FLV or (b) SWF file, related to an "input vali
16-10-2018 - 16:49 11-07-2007 - 16:30
CVE-2007-1352 3.8
Integer overflow in the FontFileInitTable function in X.Org libXfont before 20070403 allows remote authenticated users to execute arbitrary code via a long first line in the fonts.dir file, which results in a heap overflow. The vendor has addressed t
16-10-2018 - 16:38 06-04-2007 - 01:19
CVE-2007-1351 8.5
Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflo
16-10-2018 - 16:38 06-04-2007 - 01:19
CVE-2007-4812 5.0
Buffer overflow in Apple Safari 3.0.3 522.15.5, and other versions before Beta Update 3.0.4, allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact by setting document.location.hash to a long string.
15-10-2018 - 21:38 11-09-2007 - 18:17
CVE-2007-4686 7.2
Integer signedness error in the ttioctl function in bsd/kern/tty.c in the xnu kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to cause a denial of service (system shutdown) or gain privileges via a crafted TIOCSETD ioctl request.
15-10-2018 - 21:36 15-11-2007 - 01:46
CVE-2007-4684 6.9
Integer overflow in the kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a large num_sels argument to the i386_set_ldt system call.
15-10-2018 - 21:36 15-11-2007 - 01:46
CVE-2007-0464 5.0
The _CFNetConnectionWillEnqueueRequests function in CFNetwork 129.19 on Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to cause a denial of service (application crash) via a crafted HTTP 301 response, which results in a NULL pointer dere
11-10-2017 - 01:31 30-01-2007 - 17:28
CVE-2007-4701 2.1
WebKit on Apple Mac OS X 10.4 through 10.4.10 does not create temporary files securely when Safari is previewing a PDF file, which allows local users to read the contents of that file.
29-07-2017 - 01:33 15-11-2007 - 02:46
CVE-2007-4694 4.3
Safari in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to access local content via file:// URLs.
29-07-2017 - 01:33 15-11-2007 - 01:46
CVE-2007-4689 10.0
Double free vulnerability in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to cause a denial of service (system shutdown) or execute arbitrary code via crafted IPV6 packets.
29-07-2017 - 01:33 15-11-2007 - 01:46
CVE-2007-4693 7.2
The SecurityAgent component in Mac OS X 10.4 through 10.4.10 allows attackers with physical access to bypass the authentication dialog of the screen saver and send keystrokes to a process, related to "handling of keyboard focus between secure text fi
29-07-2017 - 01:33 15-11-2007 - 01:46
CVE-2007-4700 7.5
Unspecified vulnerability in WebKit on Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to use Safari as an indirect proxy and send attacker-controlled data to arbitrary TCP ports via unknown vectors.
29-07-2017 - 01:33 15-11-2007 - 02:46
CVE-2007-4692 4.3
The tabbed browsing feature in Apple Safari 3 before Beta Update 3.0.4 on Windows, and Mac OS X 10.4 through 10.4.10, allows remote attackers to spoof HTTP authentication for other sites and possibly conduct phishing attacks by causing an authenticat
29-07-2017 - 01:33 15-11-2007 - 00:46
CVE-2007-4680 6.8
CFNetwork in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 does not properly validate certificates, which allows remote attackers to spoof trusted SSL certificates via a man-in-the-middle attack.
29-07-2017 - 01:33 15-11-2007 - 01:46
CVE-2007-4699 7.5
The default configuration of Safari in Apple Mac OS X 10.4 through 10.4.10 adds a private key to the keychain with permissions that allow other applications to access the key without warning the user, which might allow other applications to bypass in
29-07-2017 - 01:33 15-11-2007 - 02:46
CVE-2007-4691 10.0
The NSURL component in Apple Mac OS X 10.4 through 10.4.10 performs case-sensitive comparisons that allow attackers to bypass intended restrictions for local file system URLs.
29-07-2017 - 01:33 15-11-2007 - 01:46
CVE-2007-4685 7.2
The kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to gain privileges by executing setuid or setgid programs in which the stdio, stderr, or stdout file descriptors are "in an unexpected state."
29-07-2017 - 01:33 15-11-2007 - 01:46
CVE-2007-4678 7.1
AppleRAID in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 allows attackers to cause a denial of service (crash) via a crafted striped disk image, which triggers a NULL pointer dereference when it is mounted.
29-07-2017 - 01:33 15-11-2007 - 01:46
CVE-2007-4698 4.3
Apple Safari 3 before Beta Update 3.0.4 on Windows, and Mac OS X 10.4 through 10.4.10, allows remote attackers to conduct cross-site scripting (XSS) attacks by causing JavaScript events to be associated with the wrong frame.
29-07-2017 - 01:33 15-11-2007 - 00:46
CVE-2007-4695 4.3
Unspecified "input validation" vulnerability in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to modify form field values via unknown vectors related to file uploads.
29-07-2017 - 01:33 15-11-2007 - 01:46
CVE-2007-4688 5.0
The Networking component in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to obtain all addresses for a host, including link-local addresses, via a Node Information Query.
29-07-2017 - 01:33 15-11-2007 - 01:46
CVE-2007-4697 6.8
Unspecified vulnerability in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via unknown vectors related to browser history, which triggers memory
29-07-2017 - 01:33 15-11-2007 - 01:46
CVE-2007-4690 9.0
Double free vulnerability in the NFS component in Apple Mac OS X 10.4 through 10.4.10 allows remote authenticated users to execute arbitrary code via a crafted AUTH_UNIX RPC packet.
29-07-2017 - 01:33 15-11-2007 - 01:46
CVE-2007-4687 9.3
The remote_cmds component in Apple Mac OS X 10.4 through 10.4.10 contains a symbolic link from the tftpboot private directory to the root directory, which allows tftpd users to escape the private directory and access arbitrary files.
29-07-2017 - 01:33 15-11-2007 - 01:46
CVE-2007-4683 4.6
Directory traversal vulnerability in the kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to bypass the chroot mechanism via a relative path when changing the current working directory.
29-07-2017 - 01:33 15-11-2007 - 01:46
CVE-2007-4681 6.9
Buffer overflow in CoreFoundation in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 allows local users to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted directory hierarchy.
29-07-2017 - 01:33 15-11-2007 - 01:46
CVE-2007-4269 7.2
Integer overflow in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a crafted AppleTalk Session Protocol (ASP) message on an AppleTalk socket, which triggers a heap-based buffer overflo
29-07-2017 - 01:32 15-11-2007 - 01:46
CVE-2007-4267 7.2
Stack-based buffer overflow in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a crafted IOCTL request that adds an AppleTalk zone to a routing table. "By sending a maliciously crafted
29-07-2017 - 01:32 15-11-2007 - 01:46
CVE-2006-6127 2.1
Apple Mac OS X kernel allows local users to cause a denial of service via a process that uses kevent to register a queue and an event, then fork a child process that uses kevent to register an event for the same queue as the parent.
29-07-2017 - 01:29 27-11-2006 - 00:07
CVE-2007-4696 4.3
Race condition in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to obtain information for forms from other sites via unknown vectors related to "page transitions" in Safari.
08-03-2011 - 02:59 15-11-2007 - 01:46
CVE-2007-0646 7.1
Format string vulnerability in iMovie HD 6.0.3, and Safari in Apple Mac OS X 10.4 through 10.4.10, allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in a filename, which is not properly handled wh
07-03-2011 - 05:00 01-02-2007 - 00:28
Back to Top Mark selected
Back to Top