Critical

DATE	CVE	VULNERABILITY TITLE	RISK
2007-12-19	CVE-2007-5859	Resource Management Errors vulnerability in Apple Safari Unspecified vulnerability in Safari RSS in Apple Mac OS X 10.4.11 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted feed: URL that triggers memory corruption. network apple CWE-399 critical	9.3
2007-12-19	CVE-2007-5856	Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X 10.5.1 Quick Look Apple Mac OS X 10.5.1, when previewing an HTML file, does not prevent plug-ins from making network requests, which might allow remote attackers to obtain sensitive information. network low complexity apple CWE-264 critical	9.4
2007-12-19	CVE-2007-5853	Multiple Security vulnerability in Apple mac OS X 10.4.11 Unspecified vulnerability in IO Storage Family in Apple Mac OS X 10.4.11 allows user-assisted attackers to cause a denial of service (system shutdown) or execute arbitrary code via a disk image with crafted GUID partition maps, which triggers memory corruption. network apple critical	9.3
2007-12-19	CVE-2007-5849	Numeric Errors vulnerability in Easy Software products Cups Integer underflow in the asn1_get_string function in the SNMP back end (backend/snmp.c) for CUPS 1.2 through 1.3.4 allows remote attackers to execute arbitrary code via a crafted SNMP response that triggers a stack-based buffer overflow. network apple easy-software-products CWE-189 critical	9.3
2007-12-19	CVE-2007-4710	Resource Management Errors vulnerability in Apple mac OS X 10.4.11 Unspecified vulnerability in ColorSync in Apple Mac OS X 10.4.11 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via an image with a crafted ColorSync profile, which triggers memory corruption. network apple CWE-399 critical	9.3
2007-12-19	CVE-2007-4708	USE of Externally-Controlled Format String vulnerability in Apple mac OS X 10.4.11 Format string vulnerability in Address Book in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via the URL handler. network apple CWE-134 critical	9.3
2007-12-18	CVE-2007-5862	Improper Authentication vulnerability in Apple mac OS X Java in Mac OS X 10.4 through 10.4.11 allows remote attackers to bypass Keychain access controls and add or delete arbitrary Keychain items via a crafted Java applet. network low complexity apple CWE-287 critical	9.4
2007-11-29	CVE-2007-6166	Buffer Errors vulnerability in Apple Quicktime and Safari Stack-based buffer overflow in Apple QuickTime before 7.3.1, as used in QuickTime Player on Windows XP and Safari on Mac OS X, allows remote Real Time Streaming Protocol (RTSP) servers to execute arbitrary code via an RTSP response with a long Content-Type header. network apple microsoft CWE-119 critical	9.3
2007-11-29	CVE-2007-6165	Improper Input Validation vulnerability in Apple mac OS X 10.5 Mail in Apple Mac OS X Leopard (10.5.1) allows user-assisted remote attackers to execute arbitrary code via an AppleDouble attachment containing an apparently-safe file type and script in a resource fork, which does not warn the user that a separate program is going to be executed. network apple CWE-20 critical	9.3
2007-11-15	CVE-2007-4704	Unspecified vulnerability in Apple mac OS X 10.5 The Application Firewall in Apple Mac OS X 10.5 does not apply changed settings to processes that are started by launchd until the processes are restarted, which might allow attackers to bypass intended access restrictions. network low complexity apple critical	10.0