Vulnerabilities > Apple > MAC OS X > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-02-21 | CVE-2007-1043 | Authentication Bypass vulnerability in Ezboo Webstats 3.0.3 Ezboo webstats, possibly 3.0.3, allows remote attackers to bypass authentication and gain access via a direct request to (1) update.php and (2) config.php. | 7.5 |
2007-02-01 | CVE-2007-0647 | Products Format String vulnerability in Apple mac OS X 10.3.9 Format string vulnerability in Help Viewer 3.0.0 allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in a filename, which is not properly handled when calling the NSBeginAlertSheet Apple AppKit function. network apple | 7.1 |
2007-02-01 | CVE-2007-0646 | USE of Externally-Controlled Format String vulnerability in Apple Imovie, mac OS X and Safari Format string vulnerability in iMovie HD 6.0.3, and Safari in Apple Mac OS X 10.4 through 10.4.10, allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in a filename, which is not properly handled when calling the NSRunCriticalAlertPanel Apple AppKit function. | 7.1 |
2007-01-31 | CVE-2007-0614 | Remote Denial of Service vulnerability in Apple Ichat, Instant Message Framework and mac OS X The Bonjour functionality in mDNSResponder, iChat 3.1.6, and InstantMessage framework 428 in Apple Mac OS X 10.4.8 allows remote attackers to cause a denial of service (persistent application crash) via a crafted phsh hash attribute in a TXT key. | 7.8 |
2007-01-31 | CVE-2007-0465 | Unspecified vulnerability in Apple Installer and mac OS X Format string vulnerability in Apple Installer 2.1.5 on Mac OS X 10.4.8 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a (1) PKG, (2) DISTZ, or (3) MPKG package filename. | 7.6 |
2007-01-30 | CVE-2007-0588 | Remote Memory Corruption vulnerability in Apple Mac OS X QuickDraw InternalUnpackBits The InternalUnpackBits function in Apple QuickDraw, as used by Quicktime 7.1.3 and other applications on Mac OS X 10.4.8 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PICT file that triggers memory corruption in the _GetSrcBits32ARGB function. network apple | 7.1 |
2007-01-23 | CVE-2007-0022 | Local Privilege Escalation vulnerability in Apple mac OS X 10.4.8 Untrusted search path vulnerability in writeconfig in Apple Mac OS X 10.4.8 allows local users to gain privileges via a modified PATH that points to a malicious launchctl program. | 7.2 |
2007-01-19 | CVE-2007-0355 | Buffer Errors vulnerability in Apple mac OS X and Minimal SLP Service Agent Buffer overflow in the Apple Minimal SLP v2 Service Agent (slpd) in Mac OS X 10.4.11 and earlier, including 10.4.8, allows local users, and possibly remote attackers, to gain privileges and possibly execute arbitrary code via a registration request with an invalid attr-list field. | 7.2 |
2007-01-18 | CVE-2007-0318 | Denial-Of-Service vulnerability in Apple mac OS X 10.4.8 The do_hfs_truncate function in Mac OS X 10.4.8 allows context-dependent attackers to cause a denial of service (kernel panic) via a crafted HFS+ filesystem in a DMG image, which causes an access of an invalid vnode structure during file removal. | 7.8 |
2007-01-17 | CVE-2007-0299 | Denial-Of-Service vulnerability in Apple mac OS X 10.4.8 Integer overflow in the byte_swap_sbin function in bsd/ufs/ufs/ufs_byte_order.c in Mac OS X 10.4.8 allows user-assisted remote attackers to cause a denial of service (kernel panic) by mounting a crafted Unix File System (UFS) DMG image, which triggers an invalid pointer dereference. network apple | 7.1 |