Vulnerabilities > Apple > MAC OS X
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-12-19 | CVE-2007-4708 | USE of Externally-Controlled Format String vulnerability in Apple mac OS X 10.4.11 Format string vulnerability in Address Book in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via the URL handler. | 9.3 |
| 2007-12-19 | CVE-2007-3876 | Buffer Errors vulnerability in Apple mac OS X 10.4.11 Stack-based buffer overflow in SMB in Apple Mac OS X 10.4.11 allows local users to execute arbitrary code via (1) a long workgroup (-W) option to mount_smbfs or (2) an unspecified manipulation of the command line to smbutil. | 6.6 |
| 2007-12-18 | CVE-2007-5862 | Improper Authentication vulnerability in Apple mac OS X Java in Mac OS X 10.4 through 10.4.11 allows remote attackers to bypass Keychain access controls and add or delete arbitrary Keychain items via a crafted Java applet. | 9.4 |
| 2007-12-15 | CVE-2007-6359 | Numeric Errors vulnerability in Apple mac OS X 10.5.1 The cs_validate_page function in bsd/kern/ubc_subr.c in the xnu kernel 1228.0 and earlier in Apple Mac OS X 10.5.1 allows local users to cause a denial of service (failed assertion and system crash) via a crafted signed Mach-O binary that causes the hashes function to return NULL. | 4.9 |
| 2007-12-07 | CVE-2007-6276 | Numeric Errors vulnerability in Apple mac OS X and mac OS X Server The accept_connections function in the virtual private network daemon (vpnd) in Apple Mac OS X 10.5 before 10.5.4 allows remote attackers to cause a denial of service (divide-by-zero error and daemon crash) via a crafted load balancing packet to UDP port 4112. | 7.8 |
| 2007-12-06 | CVE-2007-6261 | Numeric Errors vulnerability in Apple mac OS X 10.4/10.5.1 Integer overflow in the load_threadstack function in the Mach-O loader (mach_loader.c) in the xnu kernel in Apple Mac OS X 10.4 through 10.5.1 allows local users to cause a denial of service (infinite loop) via a crafted Mach-O binary. | 4.9 |
| 2007-12-06 | CVE-2007-5971 | Resource Management Errors vulnerability in MIT Kerberos 5 Double free vulnerability in the gss_krb5int_make_seal_token_v3 function in lib/gssapi/krb5/k5sealv3.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors. | 6.9 |
| 2007-12-06 | CVE-2007-5901 | Resource Management Errors vulnerability in MIT Kerberos 5 Use-after-free vulnerability in the gss_indicate_mechs function in lib/gssapi/mechglue/g_initialize.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors. | 6.9 |
| 2007-11-29 | CVE-2007-6166 | Buffer Errors vulnerability in Apple Quicktime and Safari Stack-based buffer overflow in Apple QuickTime before 7.3.1, as used in QuickTime Player on Windows XP and Safari on Mac OS X, allows remote Real Time Streaming Protocol (RTSP) servers to execute arbitrary code via an RTSP response with a long Content-Type header. | 9.3 |
| 2007-11-29 | CVE-2007-6165 | Improper Input Validation vulnerability in Apple mac OS X 10.5 Mail in Apple Mac OS X Leopard (10.5.1) allows user-assisted remote attackers to execute arbitrary code via an AppleDouble attachment containing an apparently-safe file type and script in a resource fork, which does not warn the user that a separate program is going to be executed. | 9.3 |