Vulnerabilities > Apple > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-12-19 | CVE-2007-4708 | USE of Externally-Controlled Format String vulnerability in Apple mac OS X 10.4.11 Format string vulnerability in Address Book in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via the URL handler. | 9.3 |
| 2007-12-18 | CVE-2007-5862 | Improper Authentication vulnerability in Apple mac OS X Java in Mac OS X 10.4 through 10.4.11 allows remote attackers to bypass Keychain access controls and add or delete arbitrary Keychain items via a crafted Java applet. | 9.4 |
| 2007-12-15 | CVE-2007-4707 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime Multiple unspecified vulnerabilities in the Flash media handler in Apple QuickTime before 7.3.1 allow remote attackers to execute arbitrary code or have other unspecified impacts via a crafted QuickTime movie. | 9.3 |
| 2007-12-04 | CVE-2007-6238 | Remote vulnerability in Apple Quicktime 7.2 Unspecified vulnerability in Apple QuickTime 7.2 on Windows XP allows remote attackers to execute arbitrary code via unknown attack vectors, probably a different vulnerability than CVE-2007-6166. | 10.0 |
| 2007-11-29 | CVE-2007-6166 | Buffer Errors vulnerability in Apple Quicktime and Safari Stack-based buffer overflow in Apple QuickTime before 7.3.1, as used in QuickTime Player on Windows XP and Safari on Mac OS X, allows remote Real Time Streaming Protocol (RTSP) servers to execute arbitrary code via an RTSP response with a long Content-Type header. | 9.3 |
| 2007-11-29 | CVE-2007-6165 | Improper Input Validation vulnerability in Apple mac OS X 10.5 Mail in Apple Mac OS X Leopard (10.5.1) allows user-assisted remote attackers to execute arbitrary code via an AppleDouble attachment containing an apparently-safe file type and script in a resource fork, which does not warn the user that a separate program is going to be executed. | 9.3 |
| 2007-11-15 | CVE-2007-4704 | Unspecified vulnerability in Apple mac OS X 10.5 The Application Firewall in Apple Mac OS X 10.5 does not apply changed settings to processes that are started by launchd until the processes are restarted, which might allow attackers to bypass intended access restrictions. | 10.0 |
| 2007-11-15 | CVE-2007-4703 | Unspecified vulnerability in Apple mac OS X and mac OS X Server The Application Firewall in Apple Mac OS X 10.5 does not prevent a root process from accepting incoming connections, even when "Block incoming connections" has been set for its associated executable, which might allow remote attackers or local root processes to bypass intended access restrictions. | 10.0 |
| 2007-11-15 | CVE-2007-4702 | Unspecified vulnerability in Apple mac OS X and mac OS X Server The Application Firewall in Apple Mac OS X 10.5, when "Block all incoming connections" is enabled, does not prevent root processes or mDNSResponder from accepting connections, which might allow remote attackers or local root processes to bypass intended access restrictions. | 9.3 |
| 2007-11-15 | CVE-2007-4691 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server The NSURL component in Apple Mac OS X 10.4 through 10.4.10 performs case-sensitive comparisons that allow attackers to bypass intended restrictions for local file system URLs. | 10.0 |