Vulnerabilities > Apple > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-08-03 | CVE-2007-2409 | Multiple Security vulnerability in Apple Mac OS X 2007-007 Cross-domain vulnerability in WebCore on Apple Mac OS X 10.3.9 and 10.4.10 allows remote attackers to obtain sensitive information via a popup window, which is able to read the current URL of the parent window. network apple | 4.3 |
| 2007-08-03 | CVE-2007-2407 | Multiple Security vulnerability in Apple Mac OS X 2007-007 The Samba server on Apple Mac OS X 10.3.9 and 10.4.10, when Windows file sharing is enabled, does not enforce disk quotas after dropping privileges, which allows remote authenticated users to use disk space in excess of quota. | 4.0 |
| 2007-08-03 | CVE-2007-2406 | Multiple Security vulnerability in Apple Mac OS X 2007-007 Quartz Composer on Apple Mac OS X 10.4.10 does not initialize a certain object pointer, which might allow user-assisted remote attackers to execute arbitrary code via a crafted Quartz Composer file. network apple | 6.8 |
| 2007-08-03 | CVE-2007-2405 | Multiple Security vulnerability in Apple Mac OS X 2007-007 Integer underflow in Preview in PDFKit on Apple Mac OS X 10.4.10 allows remote attackers to execute arbitrary code via a crafted PDF file. network apple | 6.8 |
| 2007-08-03 | CVE-2007-2404 | Multiple Security vulnerability in Apple Mac OS X 2007-007 CRLF injection vulnerability in CFNetwork on Apple Mac OS X 10.3.9 and 10.4.10 before 20070731 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in an unspecified context. | 5.0 |
| 2007-08-03 | CVE-2007-2403 | Multiple Security vulnerability in Apple Mac OS X 2007-007 CFNetwork on Apple Mac OS X 10.3.9 and 10.4.10 does not properly validate ftp: URIs, which allows remote attackers to trigger the transmission of arbitrary FTP commands to arbitrary FTP servers. network apple | 6.8 |
| 2007-07-27 | CVE-2007-4045 | The CUPS service, as used in SUSE Linux before 20070720 and other Linux distributions, allows remote attackers to cause a denial of service via unspecified vectors related to an incomplete fix for CVE-2007-0720 that introduced a different denial of service problem in SSL negotiation. | 5.0 |
| 2007-07-15 | CVE-2007-2402 | Information Exposure vulnerability in Apple Quicktime QuickTime for Java in Apple Quicktime before 7.2 does not perform sufficient "access control," which allows remote attackers to obtain sensitive information (screen content) via crafted Java applets. | 4.3 |
| 2007-06-25 | CVE-2007-2401 | Cross-site Scripting vulnerability in Apple mac OS X and mac OS X Server CRLF injection vulnerability in WebCore in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1, allows remote attackers to inject arbitrary HTTP headers via LF characters in an XMLHttpRequest request, which are not filtered when serializing headers via the setRequestHeader function. | 4.3 |
| 2007-06-25 | CVE-2007-2400 | Race Condition vulnerability in Apple Iphone OS and Safari Race condition in Apple Safari 3 Beta before 3.0.2 on Mac OS X, Windows XP, Windows Vista, and iPhone before 1.0.1, allows remote attackers to bypass the JavaScript security model and modify pages outside of the security domain and conduct cross-site scripting (XSS) attacks via vectors related to page updating and HTTP redirects. | 4.3 |