Vulnerabilities > Apple
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-06-06 | CVE-2007-3073 | Directory Traversal vulnerability in Firefox Directory traversal vulnerability in Mozilla Firefox 2.0.0.4 and earlier on Mac OS X and Unix allows remote attackers to read arbitrary files via ..%2F (dot dot encoded slash) sequences in a resource:// URI. | 7.8 |
2007-06-04 | CVE-2007-2387 | Remote Privilege Escalation vulnerability in Apple Xserve Lights-Out Management Firmware0 Apple Xserve Lights-Out Management before Firmware Update 1.0 on Intel hardware does not require a password for remote access to IPMI, which allows remote attackers to gain administrative access via unspecified requests with ipmitool. | 10.0 |
2007-05-29 | CVE-2007-2389 | Information Disclosure vulnerability in Apple Quicktime 7.1.6 Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not clear potentially sensitive memory before use, which allows remote attackers to read memory from a web browser via unknown vectors related to Java applets. | 7.1 |
2007-05-29 | CVE-2007-2388 | Permissions, Privileges, and Access Controls vulnerability in Apple Quicktime 7.1.6 Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not properly restrict QTObject subclassing, which allows remote attackers to execute arbitrary code via a web page containing a user-defined class that accesses unsafe functions that can be leveraged to write to arbitrary memory locations. | 9.3 |
2007-05-24 | CVE-2007-2390 | Multiple Security vulnerability in Apple mac OS X 10.3.9/10.4.9 Buffer overflow in iChat in Apple Mac OS X 10.3.9 and 10.4.9 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted UPnP Internet Gateway Device (IGD) packet. | 10.0 |
2007-05-24 | CVE-2007-2386 | Multiple Security vulnerability in Apple Mac OS X 2007-005 Buffer overflow in mDNSResponder in Apple Mac OS X 10.4 up to 10.4.9 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted UPnP Internet Gateway Device (IGD) packet. | 9.4 |
2007-05-24 | CVE-2007-0753 | USE of Externally-Controlled Format String vulnerability in Apple mac OS X and mac OS X Server Format string vulnerability in the VPN daemon (vpnd) in Apple Mac OS X 10.3.9 and 10.4.9 allows local users to execute arbitrary code via the -i parameter. | 7.2 |
2007-05-24 | CVE-2007-0752 | Multiple Security vulnerability in Apple Mac OS X 2007-005 The PPP daemon (pppd) in Apple Mac OS X 10.4.8 checks ownership of the stdin file descriptor to determine if the invoker has sufficient privileges, which allows local users to load arbitrary plugins and gain root privileges by bypassing this check. | 7.2 |
2007-05-24 | CVE-2007-0751 | Multiple Security vulnerability in Apple Mac OS X 2007-005 A cleanup script in crontabs in Apple Mac OS X 10.3.9 and 10.4.9 might delete filesystems that have been mounted in /tmp, which might allow local users to cause a denial of service, related to the find command. | 2.1 |
2007-05-24 | CVE-2007-0750 | Multiple Security vulnerability in Apple Mac OS X 2007-005 Integer overflow in CoreGraphics in Apple Mac OS X 10.4 up to 10.4.9 allows remote user-assisted attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted PDF file. | 9.3 |