Vulnerabilities > Apple > MAC OS X > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-11-07 | CVE-2007-4672 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime Stack-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via an invalid UncompressedQuickTimeData opcode length in a PICT image. | 7.6 |
| 2007-09-18 | CVE-2007-4938 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a .avi file with certain large "indx truck size" and nEntriesInuse values, and a certain wLongsPerEntry value. | 7.6 |
| 2007-06-12 | CVE-2007-3184 | Improper Authentication vulnerability in Apple mac OS X Cisco Trust Agent (CTA) before 2.1.104.0, when running on MacOS X, allows attackers with physical access to bypass authentication and modify System Preferences, including passwords, by invoking the Apple Menu when the Access Control Server (ACS) produces a user notification message after posture validation. | 7.2 |
| 2007-06-06 | CVE-2007-3073 | Directory Traversal vulnerability in Firefox Directory traversal vulnerability in Mozilla Firefox 2.0.0.4 and earlier on Mac OS X and Unix allows remote attackers to read arbitrary files via ..%2F (dot dot encoded slash) sequences in a resource:// URI. | 7.8 |
| 2007-05-29 | CVE-2007-2389 | Information Disclosure vulnerability in Apple Quicktime 7.1.6 Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not clear potentially sensitive memory before use, which allows remote attackers to read memory from a web browser via unknown vectors related to Java applets. | 7.1 |
| 2007-05-24 | CVE-2007-0753 | USE of Externally-Controlled Format String vulnerability in Apple mac OS X and mac OS X Server Format string vulnerability in the VPN daemon (vpnd) in Apple Mac OS X 10.3.9 and 10.4.9 allows local users to execute arbitrary code via the -i parameter. | 7.2 |
| 2007-05-24 | CVE-2007-0752 | Multiple Security vulnerability in Apple Mac OS X 2007-005 The PPP daemon (pppd) in Apple Mac OS X 10.4.8 checks ownership of the stdin file descriptor to determine if the invoker has sufficient privileges, which allows local users to load arbitrary plugins and gain root privileges by bypassing this check. | 7.2 |
| 2007-05-18 | CVE-2007-2682 | Unspecified vulnerability in Adobe Creative Suite 3.0 The installer for Adobe Version Cue CS3 Server on Apple Mac OS X, as used in Adobe Creative Suite 3 (CS3), does not re-enable the personal firewall after completing the product installation, which allows remote attackers to bypass intended firewall rules. | 7.5 |
| 2007-04-24 | CVE-2007-0747 | Multiple Security vulnerability in Apple Mac OS X 2007-004 load_webdav in Apple Mac OS X 10.3.9 through 10.4.9 does not properly clean the environment when mounting a WebDAV filesystem, which allows local users to gain privileges by setting unspecified environment variables. | 7.2 |
| 2007-04-24 | CVE-2007-0744 | Multiple Security vulnerability in Apple Mac OS X 2007-004 SMB in Apple Mac OS X 10.3.9 through 10.4.9 does not properly clean the environment when executing commands, which allows local users to gain privileges by setting unspecified environment variables. | 7.2 |