Vulnerabilities > Apple > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-07-15 | CVE-2007-2396 | Code Execution vulnerability in Apple QuickTime The JDirect support in QuickTime for Java in Apple Quicktime before 7.2 exposes certain dangerous interfaces, which allows remote attackers to execute arbitrary code via crafted Java applets. | 9.3 |
| 2007-07-15 | CVE-2007-2394 | Code Execution vulnerability in Apple QuickTime Integer overflow in Apple Quicktime before 7.2 on Mac OS X 10.3.9 and 10.4.9 allows user-assisted remote attackers to execute arbitrary code via crafted (1) title and (2) author fields in an SMIL file, related to improper calculations for memory allocation. | 9.3 |
| 2007-07-15 | CVE-2007-2393 | Code Execution vulnerability in Apple QuickTime The design of QuickTime for Java in Apple Quicktime before 7.2 allows remote attackers to bypass certain security controls and write to process memory via Java applets, possibly leading to arbitrary code execution. | 9.3 |
| 2007-07-15 | CVE-2007-2392 | Code Execution vulnerability in Apple QuickTime Apple Quicktime before 7.2 on Mac OS X 10.3.9 and 10.4.9 allows user-assisted remote attackers to execute arbitrary code via a crafted movie file that triggers memory corruption. | 9.3 |
| 2007-06-25 | CVE-2007-3376 | Buffer Overflow vulnerability in Apple Safari 3.0.2 Buffer overflow in Apple Safari 3.0.2 on Windows XP SP2 allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long value in the title HTML tag, which triggers the overflow when the user adds the page as a bookmark. | 9.3 |
| 2007-06-25 | CVE-2007-2399 | Unspecified vulnerability in Apple mac OS X and mac OS X Server WebKit in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1 performs an "invalid type conversion", which allows remote attackers to execute arbitrary code via unspecified frame sets that trigger memory corruption. | 9.3 |
| 2007-06-12 | CVE-2007-3186 | Permissions, Privileges, and Access Controls vulnerability in Apple Safari Apple Safari Beta 3.0.1 for Windows allows remote attackers to execute arbitrary commands via shell metacharacters in a URI in the SRC of an IFRAME, as demonstrated using a gopher URI. | 9.3 |
| 2007-06-04 | CVE-2007-2387 | Remote Privilege Escalation vulnerability in Apple Xserve Lights-Out Management Firmware0 Apple Xserve Lights-Out Management before Firmware Update 1.0 on Intel hardware does not require a password for remote access to IPMI, which allows remote attackers to gain administrative access via unspecified requests with ipmitool. | 10.0 |
| 2007-05-29 | CVE-2007-2388 | Permissions, Privileges, and Access Controls vulnerability in Apple Quicktime 7.1.6 Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not properly restrict QTObject subclassing, which allows remote attackers to execute arbitrary code via a web page containing a user-defined class that accesses unsafe functions that can be leveraged to write to arbitrary memory locations. | 9.3 |
| 2007-05-24 | CVE-2007-2390 | Multiple Security vulnerability in Apple mac OS X 10.3.9/10.4.9 Buffer overflow in iChat in Apple Mac OS X 10.3.9 and 10.4.9 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted UPnP Internet Gateway Device (IGD) packet. | 10.0 |