Vulnerabilities > Apple
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-01-25 | CVE-2007-0478 | Cross-Site Scripting vulnerability in Apple Safari and Webcore WebCore on Apple Mac OS X 10.3.9 and 10.4.10, as used in Safari, does not properly parse HTML comments in TITLE elements, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within an HTML comment. | 4.3 |
| 2007-01-24 | CVE-2007-0023 | Local Privilege Escalation vulnerability in Apple mac OS X 10.4.8 The CFUserNotificationSendRequest function in UserNotificationCenter.app in Apple Mac OS X 10.4.8, when used in combination with diskutil, allows local users to gain privileges via a malicious InputManager in Library/InputManagers in a user's home directory, which is executed when Cocoa applications attempt to notify the user. local apple | 6.9 |
| 2007-01-23 | CVE-2007-0430 | Denial-Of-Service vulnerability in Mac OS X The shared_region_map_file_np function in Apple Mac OS X 10.4.8 and earlier kernel allows local users to cause a denial of service (memory corruption) via a large mappingCount value. | 4.9 |
| 2007-01-23 | CVE-2007-0022 | Local Privilege Escalation vulnerability in Apple mac OS X 10.4.8 Untrusted search path vulnerability in writeconfig in Apple Mac OS X 10.4.8 allows local users to gain privileges via a modified PATH that points to a malicious launchctl program. | 7.2 |
| 2007-01-23 | CVE-2007-0021 | Remote Format String vulnerability in Apple Ichat 3.1.6 Format string vulnerability in Apple iChat 3.1.6 allows remote attackers to cause a denial of service (null pointer dereference and application crash) and possibly execute arbitrary code via format string specifiers in an aim:// URI. | 7.5 |
| 2007-01-19 | CVE-2007-0355 | Buffer Errors vulnerability in Apple mac OS X and Minimal SLP Service Agent Buffer overflow in the Apple Minimal SLP v2 Service Agent (slpd) in Mac OS X 10.4.11 and earlier, including 10.4.8, allows local users, and possibly remote attackers, to gain privileges and possibly execute arbitrary code via a registration request with an invalid attr-list field. | 7.2 |
| 2007-01-18 | CVE-2007-0345 | Local Security vulnerability in Apple mac OS X 10.4.8 The (1) Activity Monitor.app/Contents/Resources/pmTool, (2) Keychain Access.app/Contents/Resources/kcproxy, and (3) ODBC Administrator.app/Contents/Resources/iodbcadmintool programs in /Applications/Utilities/ in Mac OS X 10.4.8 have weak permissions (writable by admin group), which allows local admin users to gain root privileges by modifying a program and then performing permissions repair via diskutil. | 6.8 |
| 2007-01-18 | CVE-2007-0342 | Resource Management Errors vulnerability in multiple products WebCore in Apple WebKit build 18794 allows remote attackers to cause a denial of service (null dereference and application crash) via a TD element with a large number in the ROWSPAN attribute, as demonstrated by a crash of OmniWeb 5.5.3 on Mac OS X 10.4.8, a different vulnerability than CVE-2006-2019. | 4.3 |
| 2007-01-18 | CVE-2007-0318 | Denial-Of-Service vulnerability in Apple mac OS X 10.4.8 The do_hfs_truncate function in Mac OS X 10.4.8 allows context-dependent attackers to cause a denial of service (kernel panic) via a crafted HFS+ filesystem in a DMG image, which causes an access of an invalid vnode structure during file removal. | 7.8 |
| 2007-01-17 | CVE-2007-0299 | Denial-Of-Service vulnerability in Apple mac OS X 10.4.8 Integer overflow in the byte_swap_sbin function in bsd/ufs/ufs/ufs_byte_order.c in Mac OS X 10.4.8 allows user-assisted remote attackers to cause a denial of service (kernel panic) by mounting a crafted Unix File System (UFS) DMG image, which triggers an invalid pointer dereference. network apple | 7.1 |