Apple macOS vulnerabilities

CVE-2007-4688 [MEDIUM] CWE-200 CVE-2007-4688: The Networking component in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to obtain al The Networking component in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to obtain all addresses for a host, including link-local addresses, via a Node Information Query.

CVE-2007-4694 [MEDIUM] CWE-264 CVE-2007-4694: Safari in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to access local content via fi Safari in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to access local content via file:// URLs.

CVE-2007-4696 [MEDIUM] CWE-362 CVE-2007-4696: Race condition in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to obtain i Race condition in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to obtain information for forms from other sites via unknown vectors related to "page transitions" in Safari.

CVE-2007-4697 [MEDIUM] CVE-2007-4697: Unspecified vulnerability in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers Unspecified vulnerability in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via unknown vectors related to browser history, which triggers memory corruption.

CVE-2007-4681 [MEDIUM] CWE-119 CVE-2007-4681: Buffer overflow in CoreFoundation in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 allows local use Buffer overflow in CoreFoundation in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 allows local users to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted directory hierarchy.

CVE-2007-4701 [LOW] CWE-264 CVE-2007-4701: WebKit on Apple Mac OS X 10.4 through 10.4.10 does not create temporary files securely when Safari i WebKit on Apple Mac OS X 10.4 through 10.4.10 does not create temporary files securely when Safari is previewing a PDF file, which allows local users to read the contents of that file.

CVE-2007-4679 [LOW] CWE-264 CVE-2007-4679: CFFTP in CFNetwork for Apple Mac OS X 10.4 through 10.4.10 allows remote FTP servers to force client CFFTP in CFNetwork for Apple Mac OS X 10.4 through 10.4.10 allows remote FTP servers to force clients to connect to other hosts via crafted responses to FTP PASV commands.

CVE-2007-3751 [CRITICAL] CVE-2007-3751: Unspecified vulnerability in QuickTime for Java in Apple QuickTime before 7.3 allows remote attacker Unspecified vulnerability in QuickTime for Java in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via untrusted Java applets that gain privileges via unspecified vectors.

CVE-2007-4675 [CRITICAL] CWE-119 CVE-2007-4675: Heap-based buffer overflow in the QuickTime VR extension 7.2.0.240 in QuickTime.qts in Apple QuickTi Heap-based buffer overflow in the QuickTime VR extension 7.2.0.240 in QuickTime.qts in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via a QTVR (QuickTime Virtual Reality) movie file containing a large size field in the atom header of a panorama sample atom.

CVE-2007-4676 [CRITICAL] CWE-119 CVE-2007-4676: Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrar Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via malformed elements when parsing (1) Poly type (0x0070 through 0x0074) and (2) PackBitsRgn field (0x0099) opcodes in a PICT image.

CVE-2007-4677 [CRITICAL] CWE-119 CVE-2007-4677: Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrar Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via an invalid color table size when parsing the color table atom (CTAB) in a movie file, related to the CTAB RGB values.

CVE-2007-1661 [MEDIUM] CVE-2007-1661: Perl-Compatible Regular Expression (PCRE) library before 7.3 backtracks too far when matching certai Perl-Compatible Regular Expression (PCRE) library before 7.3 backtracks too far when matching certain input bytes against some regex patterns in non-UTF-8 mode, which allows context-dependent attackers to obtain sensitive information or cause a denial of service (crash), as demonstrated by the "\X?\d" and "\P{L}?\d" patterns.

CVE-2007-2404 [MEDIUM] CVE-2007-2404: CRLF injection vulnerability in CFNetwork on Apple Mac OS X 10.3.9 and 10.4.10 before 20070731 allow CRLF injection vulnerability in CFNetwork on Apple Mac OS X 10.3.9 and 10.4.10 before 20070731 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in an unspecified context. NOTE: this can be leveraged for cross-site scripting (XSS) attacks.

CVE-2007-3744 [MEDIUM] CWE-119 CVE-2007-3744: Heap-based buffer overflow in the UPnP IGD (Internet Gateway Device Standardized Device Control Prot Heap-based buffer overflow in the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) implementation in mDNSResponder on Apple Mac OS X 10.4.10 before 20070731 allows network-adjacent remote attackers to execute arbitrary code via a crafted packet.

CVE-2007-3828 [CRITICAL] CVE-2007-3828: Unspecified vulnerability in mDNSResponder in Apple Mac OS X allows remote attackers to execute arbi Unspecified vulnerability in mDNSResponder in Apple Mac OS X allows remote attackers to execute arbitrary code via unspecified vectors, a related issue to CVE-2007-2386.

CVE-2007-3798 [CRITICAL] CWE-252 CVE-2007-3798: Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 and earlier allows remote atta Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 and earlier allows remote attackers to execute arbitrary code via crafted TLVs in a BGP packet, related to an unchecked return value.

CVE-2007-2399 [CRITICAL] CVE-2007-2399: WebKit in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1 performs an "invalid type WebKit in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1 performs an "invalid type conversion", which allows remote attackers to execute arbitrary code via unspecified frame sets that trigger memory corruption.

CVE-2007-2401 [MEDIUM] CWE-79 CVE-2007-2401: CRLF injection vulnerability in WebCore in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone befor CRLF injection vulnerability in WebCore in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1, allows remote attackers to inject arbitrary HTTP headers via LF characters in an XMLHttpRequest request, which are not filtered when serializing headers via the setRequestHeader function. NOTE: this issue can be leveraged for cross-site scriptin

CVE-2007-0750 [CRITICAL] CVE-2007-0750: Integer overflow in CoreGraphics in Apple Mac OS X 10.4 up to 10.4.9 allows remote user-assisted att Integer overflow in CoreGraphics in Apple Mac OS X 10.4 up to 10.4.9 allows remote user-assisted attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted PDF file.

CVE-2007-2386 [CRITICAL] CVE-2007-2386: Buffer overflow in mDNSResponder in Apple Mac OS X 10.4 up to 10.4.9 allows remote attackers to caus Buffer overflow in mDNSResponder in Apple Mac OS X 10.4 up to 10.4.9 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted UPnP Internet Gateway Device (IGD) packet.