Vulnerabilities > Apple > MAC OS X > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-11-15 | CVE-2007-4700 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server Unspecified vulnerability in WebKit on Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to use Safari as an indirect proxy and send attacker-controlled data to arbitrary TCP ports via unknown vectors. | 7.5 |
| 2007-11-15 | CVE-2007-4699 | Permissions, Privileges, and Access Controls vulnerability in Apple Safari The default configuration of Safari in Apple Mac OS X 10.4 through 10.4.10 adds a private key to the keychain with permissions that allow other applications to access the key without warning the user, which might allow other applications to bypass intended access restrictions. | 7.5 |
| 2007-11-15 | CVE-2007-4693 | Improper Authentication vulnerability in Apple mac OS X and mac OS X Server The SecurityAgent component in Mac OS X 10.4 through 10.4.10 allows attackers with physical access to bypass the authentication dialog of the screen saver and send keystrokes to a process, related to "handling of keyboard focus between secure text fields." | 7.2 |
| 2007-11-15 | CVE-2007-4686 | Numeric Errors vulnerability in Apple mac OS X and mac OS X Server Integer signedness error in the ttioctl function in bsd/kern/tty.c in the xnu kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to cause a denial of service (system shutdown) or gain privileges via a crafted TIOCSETD ioctl request. | 7.2 |
| 2007-11-15 | CVE-2007-4685 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server The kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to gain privileges by executing setuid or setgid programs in which the stdio, stderr, or stdout file descriptors are "in an unexpected state." | 7.2 |
| 2007-11-15 | CVE-2007-4678 | Multiple Security vulnerability in Apple Mac OS X v10.4.11 2007-008 AppleRAID in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 allows attackers to cause a denial of service (crash) via a crafted striped disk image, which triggers a NULL pointer dereference when it is mounted. network apple | 7.1 |
| 2007-11-15 | CVE-2007-4269 | Numeric Errors vulnerability in Apple mac OS X and mac OS X Server Integer overflow in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a crafted AppleTalk Session Protocol (ASP) message on an AppleTalk socket, which triggers a heap-based buffer overflow. | 7.2 |
| 2007-11-15 | CVE-2007-4268 | Incorrect Conversion between Numeric Types vulnerability in Apple mac OS X Integer signedness error in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a crafted AppleTalk message with a negative value, which satisfies a signed comparison during mbuf allocation but is later interpreted as an unsigned value, which triggers a heap-based buffer overflow. | 7.8 |
| 2007-11-15 | CVE-2007-4267 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X Stack-based buffer overflow in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a crafted IOCTL request that adds an AppleTalk zone to a routing table. | 7.2 |
| 2007-11-15 | CVE-2007-3749 | Improper Initialization vulnerability in Apple mac OS X The kernel in Apple Mac OS X 10.4 through 10.4.10 does not reset the current Mach Thread Port or Thread Exception Port when executing a setuid program, which allows local users to execute arbitrary code by creating the port before launching the setuid program, then writing to the address space of the setuid process. | 7.8 |