Vulnerabilities > Apple
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-04-24 | CVE-2007-0744 | Multiple Security vulnerability in Apple Mac OS X 2007-004 SMB in Apple Mac OS X 10.3.9 through 10.4.9 does not properly clean the environment when executing commands, which allows local users to gain privileges by setting unspecified environment variables. | 7.2 |
| 2007-04-24 | CVE-2007-0743 | Multiple Security vulnerability in Apple Mac OS X 2007-004 URLMount in Apple Mac OS X 10.3.9 through 10.4.9 passes the username and password credentials for mounting filesystems on SMB servers as command line arguments to the mount_sub command, which may allow local users to obtain sensitive information by listing the process. | 4.9 |
| 2007-04-24 | CVE-2007-0742 | Multiple Security vulnerability in Apple Mac OS X 2007-004 The WebFoundation framework in Apple Mac OS X 10.3.9 and earlier allows subdomain cookies to be accessed by the parent domain, which allows remote attackers to obtain sensitive information. | 7.8 |
| 2007-04-24 | CVE-2007-0741 | Multiple Security vulnerability in Apple Mac OS X 2007-004 Buffer overflow in natd in network_cmds in Apple Mac OS X 10.3.9 through 10.4.9, when Internet Sharing is enabled, allows remote attackers to execute arbitrary code via malformed RTSP packets. | 7.5 |
| 2007-04-24 | CVE-2007-0739 | Multiple Security vulnerability in Apple Mac OS X 2007-004 The Login Window in Apple Mac OS X 10.4 through 10.4.9 displays the software update window beneath the loginwindow authentication dialog in certain circumstances related to running scheduled tasks, which allows local users to bypass authentication controls. | 4.6 |
| 2007-04-24 | CVE-2007-0738 | Multiple Security vulnerability in Apple Mac OS X 2007-004 The Login Window in Apple Mac OS X 10.4 through 10.4.9 does not display the screen saver authentication dialog in certain circumstances when waking from sleep, even though the "require a password to wake the computer from sleep" option is enabled, which allows local users to bypass authentication controls. | 4.6 |
| 2007-04-24 | CVE-2007-0737 | Multiple Security vulnerability in Apple Mac OS X 2007-004 The Login Window in Apple Mac OS X 10.3.9 through 10.4.9 does not properly check certain environment variables, which allows local users to gain privileges via unspecified vectors. | 4.6 |
| 2007-04-24 | CVE-2007-0736 | Multiple Security vulnerability in Apple Mac OS X 2007-004 Integer overflow in the RPC library in Libinfo in Apple Mac OS X 10.3.9 through 10.4.9 allows remote attackers to execute arbitrary code via crafted requests to portmap. | 9.3 |
| 2007-04-24 | CVE-2007-0735 | Multiple Security vulnerability in Apple Mac OS X 2007-004 Use-after-free vulnerability in Libinfo in Apple Mac OS X 10.3.9 through 10.4.9 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors involving crafted web pages that trigger certain error conditions that are not properly reported in certain circumstances, resulting in accessing deallocated memory. | 9.3 |
| 2007-04-24 | CVE-2007-2175 | Unspecified vulnerability in Apple Safari Apple QuickTime Java extensions (QTJava.dll), as used in Safari and other browsers, and when Java is enabled, allows remote attackers to execute arbitrary code via parameters to the toQTPointer method in quicktime.util.QTHandleRef, which can be used to modify arbitrary memory when creating QTPointerRef objects, as demonstrated during the "PWN 2 0WN" contest at CanSecWest 2007. | 7.6 |