Vulnerabilities > Apple
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-02-01 | CVE-2007-0646 | USE of Externally-Controlled Format String vulnerability in Apple Imovie, mac OS X and Safari Format string vulnerability in iMovie HD 6.0.3, and Safari in Apple Mac OS X 10.4 through 10.4.10, allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in a filename, which is not properly handled when calling the NSRunCriticalAlertPanel Apple AppKit function. | 7.1 |
2007-02-01 | CVE-2007-0645 | Products Format String vulnerability in Apple Iphoto 6.0.5 Format string vulnerability in iPhoto 6.0.5 allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in a filename, which is not properly handled when calling certain Apple AppKit functions. network apple | 6.8 |
2007-02-01 | CVE-2007-0644 | Products Format String vulnerability in Apple Safari 2.0.4419.3 Format string vulnerability in Apple Safari 2.0.4 (419.3) allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in filenames that are not properly handled when calling the (1) NSLog and (2) NSBeginAlertSheet Apple AppKit functions. network apple | 7.1 |
2007-01-31 | CVE-2007-0614 | Remote Denial of Service vulnerability in Apple Ichat, Instant Message Framework and mac OS X The Bonjour functionality in mDNSResponder, iChat 3.1.6, and InstantMessage framework 428 in Apple Mac OS X 10.4.8 allows remote attackers to cause a denial of service (persistent application crash) via a crafted phsh hash attribute in a TXT key. | 7.8 |
2007-01-31 | CVE-2007-0613 | Remote Denial of Service vulnerability in Apple Ichat, Instant Message Framework and Mdnsresponder The Bonjour functionality in mDNSResponder, iChat 3.1.6, and InstantMessage framework 428 in Apple Mac OS X 10.4.8 does not check for duplicate entries when adding newly discovered available contacts, which allows remote attackers to cause a denial of service (disrupted communication) via a flood of duplicate _presence._tcp mDNS queries. | 5.0 |
2007-01-31 | CVE-2007-0467 | Denial-Of-Service vulnerability in Apple mac OS X 10.4.8 crashdump in Apple Mac OS X 10.4.8 allows local users in the admin group to modify arbitrary files or gain privileges via a symlink attack on application logs in /Library/Logs/CrashReporter/. | 6.2 |
2007-01-31 | CVE-2007-0465 | Unspecified vulnerability in Apple Installer and mac OS X Format string vulnerability in Apple Installer 2.1.5 on Mac OS X 10.4.8 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a (1) PKG, (2) DISTZ, or (3) MPKG package filename. | 7.6 |
2007-01-30 | CVE-2007-0588 | Remote Memory Corruption vulnerability in Apple Mac OS X QuickDraw InternalUnpackBits The InternalUnpackBits function in Apple QuickDraw, as used by Quicktime 7.1.3 and other applications on Mac OS X 10.4.8 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PICT file that triggers memory corruption in the _GetSrcBits32ARGB function. network apple | 7.1 |
2007-01-30 | CVE-2007-0464 | Buffer Errors vulnerability in Cfnetwork 129.19 The _CFNetConnectionWillEnqueueRequests function in CFNetwork 129.19 on Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to cause a denial of service (application crash) via a crafted HTTP 301 response, which results in a NULL pointer dereference. | 5.0 |
2007-01-29 | CVE-2007-0463 | Unspecified vulnerability in Apple Software Update 2.0.5 Format string vulnerability in Apple Software Update 2.0.5 on Mac OS X 10.4.8 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via format string specifiers in (1) SWUTMP or (2) SUCATALOG filenames, or using the (3) application/x-apple.sucatalog+xml MIME type. | 5.0 |