Vulnerabilities > Apple > MAC OS X
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-12-19 | CVE-2007-5855 | Improper Authentication vulnerability in Apple mac OS X 10.4.11/10.5.1 Mail in Apple Mac OS X 10.4.11 and 10.5.1, when an SMTP account has been set up using Account Assistant, can use plaintext authentication even when MD5 Challenge-Response authentication is available, which makes it easier for remote attackers to sniff account activity. | 6.4 |
| 2007-12-19 | CVE-2007-5854 | Cross-Site Scripting vulnerability in Apple mac OS X 10.4.11/10.5.1 Launch Services in Apple Mac OS X 10.4.11 and 10.5.1 does not treat HTML files as unsafe content, which allows attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via a crafted HTML file. | 4.3 |
| 2007-12-19 | CVE-2007-5853 | Multiple Security vulnerability in Apple mac OS X 10.4.11 Unspecified vulnerability in IO Storage Family in Apple Mac OS X 10.4.11 allows user-assisted attackers to cause a denial of service (system shutdown) or execute arbitrary code via a disk image with crafted GUID partition maps, which triggers memory corruption. | 9.3 |
| 2007-12-19 | CVE-2007-5851 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X 10.4.11 iChat in Apple Mac OS X 10.4.11 allows network-adjacent remote attackers to automatically initiate a video connection to another user via unknown vectors. | 3.6 |
| 2007-12-19 | CVE-2007-5850 | Buffer Errors vulnerability in Apple mac OS X 10.4.11 Heap-based buffer overflow in Desktop Services in Apple Mac OS X 10.4.11 allows user-assisted attackers to execute arbitrary code via a directory with a crafted .DS_Store file. | 8.8 |
| 2007-12-19 | CVE-2007-5849 | Numeric Errors vulnerability in Easy Software products Cups Integer underflow in the asn1_get_string function in the SNMP back end (backend/snmp.c) for CUPS 1.2 through 1.3.4 allows remote attackers to execute arbitrary code via a crafted SNMP response that triggers a stack-based buffer overflow. | 9.3 |
| 2007-12-19 | CVE-2007-5848 | Buffer Errors vulnerability in Apple mac OS X 10.4.11 Buffer overflow in CUPS in Apple Mac OS X 10.4.11 allows local admin users to execute arbitrary code via a crafted URI to the CUPS service. | 7.2 |
| 2007-12-19 | CVE-2007-5847 | Race Condition vulnerability in Apple mac OS X 10.4.11 Race condition in the CFURLWriteDataAndPropertiesToResource API in Core Foundation in Apple Mac OS X 10.4.11 creates files with insecure permissions, which might allow local users to obtain sensitive information. | 6.6 |
| 2007-12-19 | CVE-2007-4710 | Resource Management Errors vulnerability in Apple mac OS X 10.4.11 Unspecified vulnerability in ColorSync in Apple Mac OS X 10.4.11 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via an image with a crafted ColorSync profile, which triggers memory corruption. | 9.3 |
| 2007-12-19 | CVE-2007-4709 | Path Traversal vulnerability in Apple mac OS X 10.5.1 Directory traversal vulnerability in CFNetwork in Apple Mac OS X 10.5.1 allows remote attackers to overwrite arbitrary files via a crafted HTTP response. | 8.8 |