Vulnerabilities > Apple > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-02-08 | CVE-2008-0043 | Code Injection vulnerability in Apple Iphoto Format string vulnerability in Apple iPhoto before 7.1.2 allows remote attackers to execute arbitrary code via photocast subscriptions. | 9.3 |
| 2008-01-18 | CVE-2007-6427 | Out-Of-Bounds Write vulnerability in multiple products The XInput extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via requests related to byte swapping and heap corruption within multiple functions, a different vulnerability than CVE-2007-4990. | 9.3 |
| 2008-01-16 | CVE-2008-0033 | Resource Management Errors vulnerability in Apple Quicktime Unspecified vulnerability in Apple QuickTime before 7.4 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a movie file with Image Descriptor (IDSC) atoms containing an invalid atom size, which triggers memory corruption. | 9.3 |
| 2008-01-11 | CVE-2008-0234 | Buffer Errors vulnerability in Apple Quicktime 7.3.1.70/7.4 Buffer overflow in Apple Quicktime Player 7.3.1.70 and other versions before 7.4.1, when RTSP tunneling is enabled, allows remote attackers to execute arbitrary code via a long Reason-Phrase response to an rtsp:// request, as demonstrated using a 404 error message. | 9.3 |
| 2007-12-19 | CVE-2007-5863 | Cryptographic Issues vulnerability in Apple mac OS X and mac OS X Server Software Update in Apple Mac OS X 10.5.1 allows remote attackers to execute arbitrary commands via a man-in-the-middle (MITM) attack between the client and the server, using a modified distribution definition file with the "allow-external-scripts" option. | 9.3 |
| 2007-12-19 | CVE-2007-5859 | Resource Management Errors vulnerability in Apple Safari Unspecified vulnerability in Safari RSS in Apple Mac OS X 10.4.11 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted feed: URL that triggers memory corruption. | 9.3 |
| 2007-12-19 | CVE-2007-5856 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X 10.5.1 Quick Look Apple Mac OS X 10.5.1, when previewing an HTML file, does not prevent plug-ins from making network requests, which might allow remote attackers to obtain sensitive information. | 9.4 |
| 2007-12-19 | CVE-2007-5853 | Multiple Security vulnerability in Apple mac OS X 10.4.11 Unspecified vulnerability in IO Storage Family in Apple Mac OS X 10.4.11 allows user-assisted attackers to cause a denial of service (system shutdown) or execute arbitrary code via a disk image with crafted GUID partition maps, which triggers memory corruption. | 9.3 |
| 2007-12-19 | CVE-2007-5849 | Numeric Errors vulnerability in Easy Software products Cups Integer underflow in the asn1_get_string function in the SNMP back end (backend/snmp.c) for CUPS 1.2 through 1.3.4 allows remote attackers to execute arbitrary code via a crafted SNMP response that triggers a stack-based buffer overflow. | 9.3 |
| 2007-12-19 | CVE-2007-4710 | Resource Management Errors vulnerability in Apple mac OS X 10.4.11 Unspecified vulnerability in ColorSync in Apple Mac OS X 10.4.11 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via an image with a crafted ColorSync profile, which triggers memory corruption. | 9.3 |