Vulnerabilities > Apple > MAC OS X > 10.4.3
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-11-15 | CVE-2007-4687 | Configuration vulnerability in Apple mac OS X and mac OS X Server The remote_cmds component in Apple Mac OS X 10.4 through 10.4.10 contains a symbolic link from the tftpboot private directory to the root directory, which allows tftpd users to escape the private directory and access arbitrary files. | 9.3 |
| 2007-11-15 | CVE-2007-4686 | Numeric Errors vulnerability in Apple mac OS X and mac OS X Server Integer signedness error in the ttioctl function in bsd/kern/tty.c in the xnu kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to cause a denial of service (system shutdown) or gain privileges via a crafted TIOCSETD ioctl request. | 7.2 |
| 2007-11-15 | CVE-2007-4685 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server The kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to gain privileges by executing setuid or setgid programs in which the stdio, stderr, or stdout file descriptors are "in an unexpected state." | 7.2 |
| 2007-11-15 | CVE-2007-4684 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X Integer overflow in the kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a large num_sels argument to the i386_set_ldt system call. | 6.9 |
| 2007-11-15 | CVE-2007-4683 | Path Traversal vulnerability in Apple mac OS X Directory traversal vulnerability in the kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to bypass the chroot mechanism via a relative path when changing the current working directory. | 4.6 |
| 2007-11-15 | CVE-2007-4681 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X Buffer overflow in CoreFoundation in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 allows local users to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted directory hierarchy. | 6.9 |
| 2007-11-15 | CVE-2007-4680 | Improper Authentication vulnerability in Apple mac OS X CFNetwork in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 does not properly validate certificates, which allows remote attackers to spoof trusted SSL certificates via a man-in-the-middle attack. | 6.8 |
| 2007-11-15 | CVE-2007-4679 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X CFFTP in CFNetwork for Apple Mac OS X 10.4 through 10.4.10 allows remote FTP servers to force clients to connect to other hosts via crafted responses to FTP PASV commands. | 2.6 |
| 2007-11-15 | CVE-2007-4678 | Multiple Security vulnerability in Apple Mac OS X v10.4.11 2007-008 AppleRAID in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 allows attackers to cause a denial of service (crash) via a crafted striped disk image, which triggers a NULL pointer dereference when it is mounted. network apple | 7.1 |
| 2007-11-15 | CVE-2007-4269 | Numeric Errors vulnerability in Apple mac OS X and mac OS X Server Integer overflow in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a crafted AppleTalk Session Protocol (ASP) message on an AppleTalk socket, which triggers a heap-based buffer overflow. | 7.2 |