Apple macOS vulnerabilities

CVE-2007-4689 [CRITICAL] CWE-399 CVE-2007-4689: Double free vulnerability in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows Double free vulnerability in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to cause a denial of service (system shutdown) or execute arbitrary code via crafted IPV6 packets.

CVE-2007-4702 [CRITICAL] CVE-2007-4702: The Application Firewall in Apple Mac OS X 10.5, when "Block all incoming connections" is enabled, d The Application Firewall in Apple Mac OS X 10.5, when "Block all incoming connections" is enabled, does not prevent root processes or mDNSResponder from accepting connections, which might allow remote attackers or local root processes to bypass intended access restrictions.

CVE-2007-4704 [CRITICAL] CVE-2007-4704: The Application Firewall in Apple Mac OS X 10.5 does not apply changed settings to processes that ar The Application Firewall in Apple Mac OS X 10.5 does not apply changed settings to processes that are started by launchd until the processes are restarted, which might allow attackers to bypass intended access restrictions.

CVE-2007-4690 [CRITICAL] CWE-399 CVE-2007-4690: Double free vulnerability in the NFS component in Apple Mac OS X 10.4 through 10.4.10 allows remote Double free vulnerability in the NFS component in Apple Mac OS X 10.4 through 10.4.10 allows remote authenticated users to execute arbitrary code via a crafted AUTH_UNIX RPC packet.

CVE-2007-4703 [CRITICAL] CVE-2007-4703: The Application Firewall in Apple Mac OS X 10.5 does not prevent a root process from accepting incom The Application Firewall in Apple Mac OS X 10.5 does not prevent a root process from accepting incoming connections, even when "Block incoming connections" has been set for its associated executable, which might allow remote attackers or local root processes to bypass intended access restrictions.

CVE-2007-4687 [CRITICAL] CWE-16 CVE-2007-4687: The remote_cmds component in Apple Mac OS X 10.4 through 10.4.10 contains a symbolic link from the t The remote_cmds component in Apple Mac OS X 10.4 through 10.4.10 contains a symbolic link from the tftpboot private directory to the root directory, which allows tftpd users to escape the private directory and access arbitrary files.

CVE-2007-4686 [HIGH] CWE-189 CVE-2007-4686: Integer signedness error in the ttioctl function in bsd/kern/tty.c in the xnu kernel in Apple Mac OS Integer signedness error in the ttioctl function in bsd/kern/tty.c in the xnu kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to cause a denial of service (system shutdown) or gain privileges via a crafted TIOCSETD ioctl request.

CVE-2007-3749 [HIGH] CWE-665 CVE-2007-3749: The kernel in Apple Mac OS X 10.4 through 10.4.10 does not reset the current Mach Thread Port or Thr The kernel in Apple Mac OS X 10.4 through 10.4.10 does not reset the current Mach Thread Port or Thread Exception Port when executing a setuid program, which allows local users to execute arbitrary code by creating the port before launching the setuid program, then writing to the address space of the setuid process.

CVE-2007-4685 [HIGH] CWE-264 CVE-2007-4685: The kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to gain privileges by executing The kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to gain privileges by executing setuid or setgid programs in which the stdio, stderr, or stdout file descriptors are "in an unexpected state."

CVE-2007-4268 [HIGH] CWE-681 CVE-2007-4268: Integer signedness error in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows l Integer signedness error in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a crafted AppleTalk message with a negative value, which satisfies a signed comparison during mbuf allocation but is later interpreted as an unsigned value, which triggers a heap-based buffer overflow.

CVE-2007-4269 [HIGH] CWE-189 CVE-2007-4269: Integer overflow in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows local use Integer overflow in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a crafted AppleTalk Session Protocol (ASP) message on an AppleTalk socket, which triggers a heap-based buffer overflow.

CVE-2007-4693 [HIGH] CWE-287 CVE-2007-4693: The SecurityAgent component in Mac OS X 10.4 through 10.4.10 allows attackers with physical access t The SecurityAgent component in Mac OS X 10.4 through 10.4.10 allows attackers with physical access to bypass the authentication dialog of the screen saver and send keystrokes to a process, related to "handling of keyboard focus between secure text fields."

CVE-2007-4678 [HIGH] CVE-2007-4678: AppleRAID in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 allows attackers to cause a denial of se AppleRAID in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 allows attackers to cause a denial of service (crash) via a crafted striped disk image, which triggers a NULL pointer dereference when it is mounted.

CVE-2007-4267 [HIGH] CWE-119 CVE-2007-4267: Stack-based buffer overflow in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allow Stack-based buffer overflow in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a crafted IOCTL request that adds an AppleTalk zone to a routing table.

CVE-2007-4700 [HIGH] CWE-264 CVE-2007-4700: Unspecified vulnerability in WebKit on Apple Mac OS X 10.4 through 10.4.10 allows remote attackers t Unspecified vulnerability in WebKit on Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to use Safari as an indirect proxy and send attacker-controlled data to arbitrary TCP ports via unknown vectors.

CVE-2007-4684 [MEDIUM] CWE-119 CVE-2007-4684: Integer overflow in the kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute Integer overflow in the kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a large num_sels argument to the i386_set_ldt system call.

CVE-2007-4682 [MEDIUM] CWE-824 CVE-2007-4682: CoreText in Apple Mac OS X 10.4 through 10.4.10 allows attackers to cause a denial of service (appli CoreText in Apple Mac OS X 10.4 through 10.4.10 allows attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted text content that triggers an access of an uninitialized object pointer.

CVE-2007-4683 [MEDIUM] CWE-22 CVE-2007-4683: Directory traversal vulnerability in the kernel in Apple Mac OS X 10.4 through 10.4.10 allows local Directory traversal vulnerability in the kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to bypass the chroot mechanism via a relative path when changing the current working directory.

CVE-2007-4680 [MEDIUM] CWE-287 CVE-2007-4680: CFNetwork in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 does not properly validate certificates, CFNetwork in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 does not properly validate certificates, which allows remote attackers to spoof trusted SSL certificates via a man-in-the-middle attack.

CVE-2007-4695 [MEDIUM] CWE-20 CVE-2007-4695: Unspecified "input validation" vulnerability in WebCore in Apple Mac OS X 10.4 through 10.4.10 allow Unspecified "input validation" vulnerability in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to modify form field values via unknown vectors related to file uploads.