Vulnerabilities > Apple > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-03-05 | CVE-2007-0717 | Code Execution vulnerability in Apple QuickTime Integer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QTIF file. network apple | 5.8 |
| 2007-03-05 | CVE-2007-0716 | Code Execution vulnerability in Apple QuickTime Stack-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QTIF file. network apple | 5.8 |
| 2007-03-05 | CVE-2007-0715 | Code Execution vulnerability in Apple QuickTime Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PICT file. network apple | 5.8 |
| 2007-03-05 | CVE-2007-0713 | Code Execution vulnerability in Apple QuickTime Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QuickTime movie file. network apple | 5.8 |
| 2007-02-01 | CVE-2007-0645 | Products Format String vulnerability in Apple Iphoto 6.0.5 Format string vulnerability in iPhoto 6.0.5 allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in a filename, which is not properly handled when calling certain Apple AppKit functions. network apple | 6.8 |
| 2007-01-31 | CVE-2007-0613 | Remote Denial of Service vulnerability in Apple Ichat, Instant Message Framework and Mdnsresponder The Bonjour functionality in mDNSResponder, iChat 3.1.6, and InstantMessage framework 428 in Apple Mac OS X 10.4.8 does not check for duplicate entries when adding newly discovered available contacts, which allows remote attackers to cause a denial of service (disrupted communication) via a flood of duplicate _presence._tcp mDNS queries. | 5.0 |
| 2007-01-31 | CVE-2007-0467 | Denial-Of-Service vulnerability in Apple mac OS X 10.4.8 crashdump in Apple Mac OS X 10.4.8 allows local users in the admin group to modify arbitrary files or gain privileges via a symlink attack on application logs in /Library/Logs/CrashReporter/. | 6.2 |
| 2007-01-30 | CVE-2007-0464 | Buffer Errors vulnerability in Cfnetwork 129.19 The _CFNetConnectionWillEnqueueRequests function in CFNetwork 129.19 on Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to cause a denial of service (application crash) via a crafted HTTP 301 response, which results in a NULL pointer dereference. | 5.0 |
| 2007-01-29 | CVE-2007-0463 | Unspecified vulnerability in Apple Software Update 2.0.5 Format string vulnerability in Apple Software Update 2.0.5 on Mac OS X 10.4.8 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via format string specifiers in (1) SWUTMP or (2) SUCATALOG filenames, or using the (3) application/x-apple.sucatalog+xml MIME type. | 5.0 |
| 2007-01-25 | CVE-2007-0478 | Cross-Site Scripting vulnerability in Apple Safari and Webcore WebCore on Apple Mac OS X 10.3.9 and 10.4.10, as used in Safari, does not properly parse HTML comments in TITLE elements, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within an HTML comment. | 4.3 |