VYPR

Mac OS X

by Apple Inc.

CVEs (2,090)

  • CVE-2007-4696Nov 15, 2007
    risk 0.00cvss epss 0.01

    Race condition in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to obtain information for forms from other sites via unknown vectors related to "page transitions" in Safari.

  • CVE-2007-4687Nov 15, 2007
    risk 0.00cvss epss 0.02

    The remote_cmds component in Apple Mac OS X 10.4 through 10.4.10 contains a symbolic link from the tftpboot private directory to the root directory, which allows tftpd users to escape the private directory and access arbitrary files.

  • CVE-2007-4690Nov 15, 2007
    risk 0.00cvss epss 0.04

    Double free vulnerability in the NFS component in Apple Mac OS X 10.4 through 10.4.10 allows remote authenticated users to execute arbitrary code via a crafted AUTH_UNIX RPC packet.

  • CVE-2007-4694Nov 15, 2007
    risk 0.00cvss epss 0.02

    Safari in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to access local content via file:// URLs.

  • CVE-2007-4683Nov 15, 2007
    risk 0.00cvss epss 0.00

    Directory traversal vulnerability in the kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to bypass the chroot mechanism via a relative path when changing the current working directory.

  • CVE-2007-4682Nov 15, 2007
    risk 0.00cvss epss 0.03

    CoreText in Apple Mac OS X 10.4 through 10.4.10 allows attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted text content that triggers an access of an uninitialized object pointer.

  • CVE-2007-4685Nov 15, 2007
    risk 0.00cvss epss 0.00

    The kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to gain privileges by executing setuid or setgid programs in which the stdio, stderr, or stdout file descriptors are "in an unexpected state."

  • CVE-2007-4269Nov 15, 2007
    risk 0.00cvss epss 0.00

    Integer overflow in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a crafted AppleTalk Session Protocol (ASP) message on an AppleTalk socket, which triggers a heap-based buffer overflow.

  • CVE-2007-4678Nov 15, 2007
    risk 0.00cvss epss 0.02

    AppleRAID in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 allows attackers to cause a denial of service (crash) via a crafted striped disk image, which triggers a NULL pointer dereference when it is mounted.

  • CVE-2007-4688Nov 15, 2007
    risk 0.00cvss epss 0.02

    The Networking component in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to obtain all addresses for a host, including link-local addresses, via a Node Information Query.

  • CVE-2007-1661Nov 7, 2007
    risk 0.00cvss epss 0.02

    Perl-Compatible Regular Expression (PCRE) library before 7.3 backtracks too far when matching certain input bytes against some regex patterns in non-UTF-8 mode, which allows context-dependent attackers to obtain sensitive information or cause a denial of service (crash), as…

  • CVE-2007-2407Aug 3, 2007
    risk 0.00cvss epss 0.03

    The Samba server on Apple Mac OS X 10.3.9 and 10.4.10, when Windows file sharing is enabled, does not enforce disk quotas after dropping privileges, which allows remote authenticated users to use disk space in excess of quota.

  • CVE-2007-2405Aug 3, 2007
    risk 0.00cvss epss 0.03

    Integer underflow in Preview in PDFKit on Apple Mac OS X 10.4.10 allows remote attackers to execute arbitrary code via a crafted PDF file.

  • CVE-2007-3745Aug 3, 2007
    risk 0.00cvss epss 0.03

    The Java interface to CoreAudio on Apple Mac OS X 10.3.9 and 10.4.10 contains an unsafe interface that is exposed by JDirect, which allows remote attackers to free arbitrary memory and thereby execute arbitrary code.

  • CVE-2007-3747Aug 3, 2007
    risk 0.00cvss epss 0.03

    The Java interface to CoreAudio on Apple Mac OS X 10.3.9 and 10.4.10 does not restrict object instantiation and manipulation to valid heap addresses, which allows remote attackers to execute arbitrary code via a crafted applet.

  • CVE-2007-2404Aug 3, 2007
    risk 0.00cvss epss 0.01

    CRLF injection vulnerability in CFNetwork on Apple Mac OS X 10.3.9 and 10.4.10 before 20070731 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in an unspecified context. NOTE: this can be leveraged for…

  • CVE-2007-3746Aug 3, 2007
    risk 0.00cvss epss 0.03

    The Java interface to CoreAudio on Apple Mac OS X 10.3.9 and 10.4.10 does not properly check the bounds of heap read and write operations, which allows remote attackers to execute arbitrary code via a crafted applet.

  • CVE-2007-3828Jul 17, 2007
    risk 0.00cvss epss 0.04

    Unspecified vulnerability in mDNSResponder in Apple Mac OS X allows remote attackers to execute arbitrary code via unspecified vectors, a related issue to CVE-2007-2386.

  • CVE-2007-3184Jun 12, 2007
    risk 0.00cvss epss 0.01

    Cisco Trust Agent (CTA) before 2.1.104.0, when running on MacOS X, allows attackers with physical access to bypass authentication and modify System Preferences, including passwords, by invoking the Apple Menu when the Access Control Server (ACS) produces a user notification…

  • CVE-2007-0740May 24, 2007
    risk 0.00cvss epss 0.01

    Alias Manager in Apple Mac OS X 10.3.9 and 10.4.9 does not display files with the same name in mounted disk images that have the same name, which might allow user-assisted attackers to trick a user into executing malicious files.

Page 90 of 105