Vulnerabilities > Apple > MAC OS X > 10.4.3

DATE CVE VULNERABILITY TITLE RISK
2007-07-16 CVE-2007-3798 Unchecked Return Value vulnerability in multiple products
Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 and earlier allows remote attackers to execute arbitrary code via crafted TLVs in a BGP packet, related to an unchecked return value.
network
low complexity
tcpdump canonical debian slackware freebsd apple CWE-252
critical
 9.8
9.8
2007-06-06 CVE-2007-3073 Directory Traversal vulnerability in Firefox
Directory traversal vulnerability in Mozilla Firefox 2.0.0.4 and earlier on Mac OS X and Unix allows remote attackers to read arbitrary files via ..%2F (dot dot encoded slash) sequences in a resource:// URI.
network
low complexity
apple unix mozilla
7.8
7.8
2007-05-29 CVE-2007-2389 Information Disclosure vulnerability in Apple Quicktime 7.1.6
Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not clear potentially sensitive memory before use, which allows remote attackers to read memory from a web browser via unknown vectors related to Java applets.
network
apple microsoft
7.1
7.1
2007-05-29 CVE-2007-2388 Permissions, Privileges, and Access Controls vulnerability in Apple Quicktime 7.1.6
Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not properly restrict QTObject subclassing, which allows remote attackers to execute arbitrary code via a web page containing a user-defined class that accesses unsafe functions that can be leveraged to write to arbitrary memory locations.
network
apple microsoft CWE-264
critical
 9.3
9.3
2007-05-24 CVE-2007-2386 Multiple Security vulnerability in Apple Mac OS X 2007-005
Buffer overflow in mDNSResponder in Apple Mac OS X 10.4 up to 10.4.9 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted UPnP Internet Gateway Device (IGD) packet.
network
low complexity
apple
critical
 9.4
9.4
2007-05-24 CVE-2007-0753 USE of Externally-Controlled Format String vulnerability in Apple mac OS X and mac OS X Server
Format string vulnerability in the VPN daemon (vpnd) in Apple Mac OS X 10.3.9 and 10.4.9 allows local users to execute arbitrary code via the -i parameter.
local
low complexity
apple CWE-134
7.2
7.2
2007-05-24 CVE-2007-0751 Multiple Security vulnerability in Apple Mac OS X 2007-005
A cleanup script in crontabs in Apple Mac OS X 10.3.9 and 10.4.9 might delete filesystems that have been mounted in /tmp, which might allow local users to cause a denial of service, related to the find command.
local
low complexity
apple
2.1
2.1
2007-05-24 CVE-2007-0750 Multiple Security vulnerability in Apple Mac OS X 2007-005
Integer overflow in CoreGraphics in Apple Mac OS X 10.4 up to 10.4.9 allows remote user-assisted attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted PDF file.
network
apple
critical
 9.3
9.3
2007-04-24 CVE-2007-0747 Multiple Security vulnerability in Apple Mac OS X 2007-004
load_webdav in Apple Mac OS X 10.3.9 through 10.4.9 does not properly clean the environment when mounting a WebDAV filesystem, which allows local users to gain privileges by setting unspecified environment variables.
local
low complexity
apple
7.2
7.2
2007-04-24 CVE-2007-0746 Multiple Security vulnerability in Apple Mac OS X 2007-004
Heap-based buffer overflow in the VideoConference framework in Apple Mac OS X 10.3.9 through 10.4.9 allows remote attackers to execute arbitrary code via a "crafted SIP packet when initializing an audio/video conference".
network
low complexity
apple
critical
 10.0
10