10.4.9

DATE	CVE	VULNERABILITY TITLE	RISK
2007-08-03	CVE-2007-3746	Multiple Security vulnerability in Apple Mac OS X 2007-007 The Java interface to CoreAudio on Apple Mac OS X 10.3.9 and 10.4.10 does not properly check the bounds of heap read and write operations, which allows remote attackers to execute arbitrary code via a crafted applet. network apple	6.8
2007-08-03	CVE-2007-3744	Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server Heap-based buffer overflow in the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) implementation in mDNSResponder on Apple Mac OS X 10.4.10 before 20070731 allows network-adjacent remote attackers to execute arbitrary code via a crafted packet. low complexity apple CWE-119	5.8
2007-08-03	CVE-2007-2404	Multiple Security vulnerability in Apple Mac OS X 2007-007 CRLF injection vulnerability in CFNetwork on Apple Mac OS X 10.3.9 and 10.4.10 before 20070731 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in an unspecified context. network low complexity apple	5.0
2007-07-16	CVE-2007-3798	Unchecked Return Value vulnerability in multiple products Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 and earlier allows remote attackers to execute arbitrary code via crafted TLVs in a BGP packet, related to an unchecked return value. network low complexity tcpdump canonical debian slackware freebsd apple CWE-252 critical	9.8
2007-06-25	CVE-2007-2401	Cross-site Scripting vulnerability in Apple mac OS X and mac OS X Server CRLF injection vulnerability in WebCore in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1, allows remote attackers to inject arbitrary HTTP headers via LF characters in an XMLHttpRequest request, which are not filtered when serializing headers via the setRequestHeader function. network apple CWE-79	4.3
2007-06-25	CVE-2007-2399	Unspecified vulnerability in Apple mac OS X and mac OS X Server WebKit in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1 performs an "invalid type conversion", which allows remote attackers to execute arbitrary code via unspecified frame sets that trigger memory corruption. network apple critical	9.3
2007-05-24	CVE-2007-0753	USE of Externally-Controlled Format String vulnerability in Apple mac OS X and mac OS X Server Format string vulnerability in the VPN daemon (vpnd) in Apple Mac OS X 10.3.9 and 10.4.9 allows local users to execute arbitrary code via the -i parameter. local low complexity apple CWE-134	7.2
2007-05-24	CVE-2007-0751	Multiple Security vulnerability in Apple Mac OS X 2007-005 A cleanup script in crontabs in Apple Mac OS X 10.3.9 and 10.4.9 might delete filesystems that have been mounted in /tmp, which might allow local users to cause a denial of service, related to the find command. local low complexity apple	2.1
2007-05-24	CVE-2007-0750	Multiple Security vulnerability in Apple Mac OS X 2007-005 Integer overflow in CoreGraphics in Apple Mac OS X 10.4 up to 10.4.9 allows remote user-assisted attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted PDF file. network apple critical	9.3
2007-05-02	CVE-2007-0745	Remote Security vulnerability in Apple mac OS X Server 10.4.9 The Apple Security Update 2007-004 uses an incorrect configuration file for FTPServer in Apple Mac OS X Server 10.4.9, which might allow remote authenticated users to access additional directories. low complexity apple	7.1