VYPR

Mac OS X

by Apple Inc.

CVEs (2,090)

  • CVE-2007-0751May 24, 2007
    risk 0.00cvss epss 0.00

    A cleanup script in crontabs in Apple Mac OS X 10.3.9 and 10.4.9 might delete filesystems that have been mounted in /tmp, which might allow local users to cause a denial of service, related to the find command.

  • CVE-2007-0750May 24, 2007
    risk 0.00cvss epss 0.04

    Integer overflow in CoreGraphics in Apple Mac OS X 10.4 up to 10.4.9 allows remote user-assisted attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted PDF file.

  • CVE-2007-0742Apr 24, 2007
    risk 0.00cvss epss 0.03

    The WebFoundation framework in Apple Mac OS X 10.3.9 and earlier allows subdomain cookies to be accessed by the parent domain, which allows remote attackers to obtain sensitive information.

  • CVE-2007-0741Apr 24, 2007
    risk 0.00cvss epss 0.06

    Buffer overflow in natd in network_cmds in Apple Mac OS X 10.3.9 through 10.4.9, when Internet Sharing is enabled, allows remote attackers to execute arbitrary code via malformed RTSP packets.

  • CVE-2007-0737Apr 24, 2007
    risk 0.00cvss epss 0.00

    The Login Window in Apple Mac OS X 10.3.9 through 10.4.9 does not properly check certain environment variables, which allows local users to gain privileges via unspecified vectors.

  • CVE-2007-0735Apr 24, 2007
    risk 0.00cvss epss 0.04

    Use-after-free vulnerability in Libinfo in Apple Mac OS X 10.3.9 through 10.4.9 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors involving crafted web pages that trigger certain error conditions…

  • CVE-2007-0743Apr 24, 2007
    risk 0.00cvss epss 0.00

    URLMount in Apple Mac OS X 10.3.9 through 10.4.9 passes the username and password credentials for mounting filesystems on SMB servers as command line arguments to the mount_sub command, which may allow local users to obtain sensitive information by listing the process.

  • CVE-2007-0738Apr 24, 2007
    risk 0.00cvss epss 0.00

    The Login Window in Apple Mac OS X 10.4 through 10.4.9 does not display the screen saver authentication dialog in certain circumstances when waking from sleep, even though the "require a password to wake the computer from sleep" option is enabled, which allows local users to…

  • CVE-2007-0736Apr 24, 2007
    risk 0.00cvss epss 0.05

    Integer overflow in the RPC library in Libinfo in Apple Mac OS X 10.3.9 through 10.4.9 allows remote attackers to execute arbitrary code via crafted requests to portmap.

  • CVE-2007-0747Apr 24, 2007
    risk 0.00cvss epss 0.01

    load_webdav in Apple Mac OS X 10.3.9 through 10.4.9 does not properly clean the environment when mounting a WebDAV filesystem, which allows local users to gain privileges by setting unspecified environment variables.

  • CVE-2007-0739Apr 24, 2007
    risk 0.00cvss epss 0.00

    The Login Window in Apple Mac OS X 10.4 through 10.4.9 displays the software update window beneath the loginwindow authentication dialog in certain circumstances related to running scheduled tasks, which allows local users to bypass authentication controls.

  • CVE-2007-0744Apr 24, 2007
    risk 0.00cvss epss 0.00

    SMB in Apple Mac OS X 10.3.9 through 10.4.9 does not properly clean the environment when executing commands, which allows local users to gain privileges by setting unspecified environment variables.

  • CVE-2007-0725Apr 24, 2007
    risk 0.00cvss epss 0.00

    Buffer overflow in the AirPortDriver module for AirPort in Apple Mac OS X 10.3.9 through 10.4.9, when running on hardware with the original AirPort wireless card, allows local users to execute arbitrary code by "sending malformed control commands."

  • CVE-2007-0732Apr 24, 2007
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in the CoreServices daemon in CarbonCore in Apple Mac OS X 10.4 through 10.4.9 allows local users to gain privileges via unspecified vectors involving "obtaining a send right to [the] Mach task port."

  • CVE-2007-0729Apr 24, 2007
    risk 0.00cvss epss 0.01

    Apple File Protocol (AFP) Client in Apple Mac OS X 10.3.9 through 10.4.9 does not properly clean the environment before executing commands, which allows local users to gain privileges by setting unspecified environment variables.

  • CVE-2007-0734Apr 10, 2007
    risk 0.00cvss epss 0.01

    fsck, as used by the AirPort Disk feature of the AirPort Extreme Base Station with 802.11n before Firmware Update 7.1, and by Apple Mac OS X 10.3.9 through 10.4.9, does not properly enforce password protection of a USB hard drive, which allows context-dependent attackers to list…

  • CVE-2007-0726Mar 13, 2007
    risk 0.00cvss epss 0.04

    The SSH key generation process in OpenSSH in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote attackers to cause a denial of service by connecting to the server before SSH has finished creating keys, which causes the keys to be regenerated and can break trust…

  • CVE-2007-0721Mar 13, 2007
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in diskimages-helper in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote user-assisted attackers to execute arbitrary code via a crafted compressed disk image that triggers memory corruption.

  • CVE-2007-0728Mar 13, 2007
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 creates files insecurely while initializing a USB printer, which allows local users to create or overwrite arbitrary files.

  • CVE-2007-0731Mar 13, 2007
    risk 0.00cvss epss 0.04

    Stack-based buffer overflow in the Apple-specific Samba module (SMB File Server) in Apple Mac OS X 10.4 through 10.4.8 allows context-dependent attackers to execute arbitrary code via a long ACL.

Page 91 of 105