Vulnerabilities > Apple
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-01-17 | CVE-2007-0267 | Resource Management Errors vulnerability in multiple products The ufs_lookup function in the Mac OS X 10.4.8 and FreeBSD 6.1 kernels allows local users to cause a denial of service (kernel panic) and possibly corrupt other filesystems by mounting a crafted UNIX File System (UFS) DMG image that contains a corrupted directory entry (struct direct), related to the ufs_dirbad function. | 6.6 |
| 2007-01-16 | CVE-2007-0236 | Buffer Errors vulnerability in Apple mac OS X 10.4.8 Double free vulnerability in the _ATPsndrsp function in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to cause a denial of service (kernel panic) and possibly execute arbitrary code via a crafted AppleTalk request that triggers a heap-based buffer overflow. | 10.0 |
| 2007-01-13 | CVE-2007-0229 | Numeric Errors vulnerability in multiple products Integer overflow in the ffs_mountfs function in Mac OS X 10.4.8 and FreeBSD 6.1 allows local users to cause a denial of service (panic) and possibly gain privileges via a crafted DMG image that causes "allocation of a negative size buffer" leading to a heap-based buffer overflow, a related issue to CVE-2006-5679. | 7.2 |
| 2007-01-11 | CVE-2007-0197 | Improper Input Validation vulnerability in Apple mac OS X 10.4.6/10.4.8 Finder 10.4.6 on Apple Mac OS X 10.4.8 allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a long volume name in a DMG disk image, which results in memory corruption. | 6.8 |
| 2007-01-09 | CVE-2007-0117 | Local Privilege Escalation vulnerability in Apple DiskManagement Framework BOM DiskManagementTool in the DiskManagement.framework 92.29 on Mac OS X 10.4.8 does not properly validate Bill of Materials (BOM) files, which allows attackers to gain privileges via a BOM file under /Library/Receipts/, which triggers arbitrary file permission changes upon execution of a diskutil permission repair operation. | 10.0 |
| 2007-01-09 | CVE-2007-0102 | Improper Input Validation vulnerability in Apple Preview 3.0.8 The Adobe PDF specification 1.3, as implemented by Apple Mac OS X Preview, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node. | 6.8 |
| 2007-01-05 | CVE-2007-0059 | Remote Security vulnerability in QuickTime Player Cross-zone scripting vulnerability in Apple Quicktime 3 to 7.1.3 allows remote user-assisted attackers to execute arbitrary code and list filesystem contents via a QuickTime movie (.MOV) with an HREF Track (HREFTrack) that contains an automatic action tag with a local URI, which is executed in a local zone during preview, as exploited by a MySpace worm. network apple | 6.8 |
| 2007-01-01 | CVE-2007-0015 | Remote Buffer Overflow vulnerability in Apple Quicktime 7.1.3 Buffer overflow in Apple QuickTime 7.1.3 allows remote attackers to execute arbitrary code via a long rtsp:// URI. network apple | 6.8 |
| 2006-12-31 | CVE-2006-6906 | Local Security vulnerability in Mac OS X Unspecified vulnerability in the Bluetooth stack on Mac OS 10.4.7 and earlier has unknown impact and local attack vectors, related to "Mach Exception Handling", a different issue than CVE-2006-6900. | 7.2 |
| 2006-12-31 | CVE-2006-6900 | Remote Security vulnerability in Apple mac OS X 10.4 Unspecified vulnerability in the Bluetooth stack in Apple Mac OS 10.4 has unknown impact and attack vectors, related to an "implementation bug." | 10.0 |