Vulnerabilities > Apple > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-08-18 | CVE-2007-4424 | Remote Security vulnerability in Safari For Windows Apple Safari for Windows 3.0.3 and earlier does not prompt the user before downloading a file, which allows remote attackers to download arbitrary files to the desktop of a client system via certain HTML, as demonstrated by a filename in the DATA attribute of an OBJECT element. network apple | 4.3 |
| 2007-08-03 | CVE-2007-3743 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari 3.0.0B/3.0.1B Stack-based buffer overflow in bookmark handling in Apple Safari 3 Beta before Update 3.0.3 on Windows allows user-assisted remote attackers to cause a denial of service (application crash) or execute arbitrary code via a bookmark with a long title. | 6.8 |
| 2007-08-03 | CVE-2007-3742 | Configuration vulnerability in Apple Safari 3.0.0B/3.0.1B WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, does not properly handle the interaction between International Domain Name (IDN) support and Unicode fonts, which allows remote attackers to create a URL containing "look-alike characters" (homographs) and possibly perform phishing attacks. | 4.3 |
| 2007-08-03 | CVE-2007-2408 | Improper Input Validation vulnerability in Apple Safari 3.0.1/3.0.2 WebKit in Apple Safari 3 Beta before Update 3.0.3 does not properly recognize an unchecked "Enable Java" setting, which allows remote attackers to execute Java applets via a crafted web page. | 6.8 |
| 2007-08-03 | CVE-2007-3748 | Multiple Security vulnerability in Apple Mac OS X 2007-007 Buffer overflow in the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) implementation in iChat on Apple Mac OS X 10.3.9 and 10.4.10 allows network-adjacent remote attackers to execute arbitrary code via a crafted packet. | 5.4 |
| 2007-08-03 | CVE-2007-3747 | Multiple Security vulnerability in Apple Mac OS X 2007-007 The Java interface to CoreAudio on Apple Mac OS X 10.3.9 and 10.4.10 does not restrict object instantiation and manipulation to valid heap addresses, which allows remote attackers to execute arbitrary code via a crafted applet. network apple | 6.8 |
| 2007-08-03 | CVE-2007-3746 | Multiple Security vulnerability in Apple Mac OS X 2007-007 The Java interface to CoreAudio on Apple Mac OS X 10.3.9 and 10.4.10 does not properly check the bounds of heap read and write operations, which allows remote attackers to execute arbitrary code via a crafted applet. network apple | 6.8 |
| 2007-08-03 | CVE-2007-3745 | Multiple Security vulnerability in Apple Mac OS X 2007-007 The Java interface to CoreAudio on Apple Mac OS X 10.3.9 and 10.4.10 contains an unsafe interface that is exposed by JDirect, which allows remote attackers to free arbitrary memory and thereby execute arbitrary code. network apple | 6.8 |
| 2007-08-03 | CVE-2007-3744 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server Heap-based buffer overflow in the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) implementation in mDNSResponder on Apple Mac OS X 10.4.10 before 20070731 allows network-adjacent remote attackers to execute arbitrary code via a crafted packet. | 5.8 |
| 2007-08-03 | CVE-2007-2410 | Multiple Security vulnerability in Apple Mac OS X 2007-007 WebCore on Apple Mac OS X 10.3.9 and 10.4.10 retains properties of certain global objects when a new URL is visited in the same window, which allows remote attackers to conduct cross-site scripting (XSS) attacks. network apple | 4.3 |