Apple macOS vulnerabilities

CVE-2007-0731 [CRITICAL] CVE-2007-0731: Stack-based buffer overflow in the Apple-specific Samba module (SMB File Server) in Apple Mac OS X 1 Stack-based buffer overflow in the Apple-specific Samba module (SMB File Server) in Apple Mac OS X 10.4 through 10.4.8 allows context-dependent attackers to execute arbitrary code via a long ACL.

CVE-2007-0723 [HIGH] CVE-2007-0723: Unspecified vulnerability in the authentication feature for DirectoryService (DS Plug-Ins) for Apple Unspecified vulnerability in the authentication feature for DirectoryService (DS Plug-Ins) for Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote authenticated LDAP users to modify the root password and gain privileges via unknown vectors.

CVE-2007-0719 [MEDIUM] CVE-2007-0719: Stack-based buffer overflow in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote user-assi Stack-based buffer overflow in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote user-assisted attackers to execute arbitrary code via an image with a crafted ColorSync profile.

CVE-2007-0728 [MEDIUM] CVE-2007-0728: Unspecified vulnerability in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 creates files insecurely Unspecified vulnerability in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 creates files insecurely while initializing a USB printer, which allows local users to create or overwrite arbitrary files.

CVE-2007-0724 [MEDIUM] CVE-2007-0724: The IOKit HID interface in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 does not sufficiently limit The IOKit HID interface in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 does not sufficiently limit access to certain controls, which allows local users to gain privileges by using HID device events to read keystrokes from the console.

CVE-2007-0726 [MEDIUM] CVE-2007-0726: The SSH key generation process in OpenSSH in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows re The SSH key generation process in OpenSSH in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote attackers to cause a denial of service by connecting to the server before SSH has finished creating keys, which causes the keys to be regenerated and can break trust relationships that were based on the original keys.

CVE-2007-0721 [MEDIUM] CVE-2007-0721: Unspecified vulnerability in diskimages-helper in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allo Unspecified vulnerability in diskimages-helper in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote user-assisted attackers to execute arbitrary code via a crafted compressed disk image that triggers memory corruption.

CVE-2007-0720 [MEDIUM] CVE-2007-0720: The CUPS service on multiple platforms allows remote attackers to cause a denial of service (service The CUPS service on multiple platforms allows remote attackers to cause a denial of service (service hang) via a "partially-negotiated" SSL connection, which prevents other requests from being accepted.

CVE-2007-0722 [MEDIUM] CVE-2007-0722: Integer overflow in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote user-assisted attack Integer overflow in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote user-assisted attackers to execute arbitrary code via a crafted AppleSingleEncoding disk image.

CVE-2007-1071 [HIGH] CVE-2007-1071: Integer overflow in the gifGetBandProc function in ImageIO in Apple Mac OS X 10.4.8 allows remote at Integer overflow in the gifGetBandProc function in ImageIO in Apple Mac OS X 10.4.8 allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image that triggers the overflow during decompression. NOTE: this is a different issue than CVE-2006-3502 and CVE-2006-3503.

CVE-2007-0647 [HIGH] CVE-2007-0647: Format string vulnerability in Help Viewer 3.0.0 allows remote user-assisted attackers to cause a de Format string vulnerability in Help Viewer 3.0.0 allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in a filename, which is not properly handled when calling the NSBeginAlertSheet Apple AppKit function.

CVE-2007-0646 [HIGH] CWE-134 CVE-2007-0646: Format string vulnerability in iMovie HD 6.0.3, and Safari in Apple Mac OS X 10.4 through 10.4.10, a Format string vulnerability in iMovie HD 6.0.3, and Safari in Apple Mac OS X 10.4 through 10.4.10, allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in a filename, which is not properly handled when calling the NSRunCriticalAlertPanel Apple AppKit function.

CVE-2007-0465 [HIGH] CVE-2007-0465: Format string vulnerability in Apple Installer 2.1.5 on Mac OS X 10.4.8 allows user-assisted remote Format string vulnerability in Apple Installer 2.1.5 on Mac OS X 10.4.8 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a (1) PKG, (2) DISTZ, or (3) MPKG package filename.

CVE-2007-0614 [HIGH] CVE-2007-0614: The Bonjour functionality in mDNSResponder, iChat 3.1.6, and InstantMessage framework 428 in Apple M The Bonjour functionality in mDNSResponder, iChat 3.1.6, and InstantMessage framework 428 in Apple Mac OS X 10.4.8 allows remote attackers to cause a denial of service (persistent application crash) via a crafted phsh hash attribute in a TXT key.

CVE-2007-0467 [MEDIUM] CVE-2007-0467: crashdump in Apple Mac OS X 10.4.8 allows local users in the admin group to modify arbitrary files o crashdump in Apple Mac OS X 10.4.8 allows local users in the admin group to modify arbitrary files or gain privileges via a symlink attack on application logs in /Library/Logs/CrashReporter/.

CVE-2007-0588 [HIGH] CVE-2007-0588: The InternalUnpackBits function in Apple QuickDraw, as used by Quicktime 7.1.3 and other application The InternalUnpackBits function in Apple QuickDraw, as used by Quicktime 7.1.3 and other applications on Mac OS X 10.4.8 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PICT file that triggers memory corruption in the _GetSrcBits32ARGB function. NOTE: this issue might overla

CVE-2007-0462 [CRITICAL] CVE-2007-0462: The _GetSrcBits32ARGB function in Apple QuickDraw, as used by Quicktime 7.1.3 and other applications The _GetSrcBits32ARGB function in Apple QuickDraw, as used by Quicktime 7.1.3 and other applications on Mac OS X 10.4.8 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PICT image with a malformed Alpha RGB (ARGB) record, which triggers memory corruption.

CVE-2007-0023 [MEDIUM] CVE-2007-0023: The CFUserNotificationSendRequest function in UserNotificationCenter.app in Apple Mac OS X 10.4.8, w The CFUserNotificationSendRequest function in UserNotificationCenter.app in Apple Mac OS X 10.4.8, when used in combination with diskutil, allows local users to gain privileges via a malicious InputManager in Library/InputManagers in a user's home directory, which is executed when Cocoa applications attempt to notify the user.

CVE-2007-0022 [HIGH] CVE-2007-0022: Untrusted search path vulnerability in writeconfig in Apple Mac OS X 10.4.8 allows local users to ga Untrusted search path vulnerability in writeconfig in Apple Mac OS X 10.4.8 allows local users to gain privileges via a modified PATH that points to a malicious launchctl program.

CVE-2007-0430 [MEDIUM] CVE-2007-0430: The shared_region_map_file_np function in Apple Mac OS X 10.4.8 and earlier kernel allows local user The shared_region_map_file_np function in Apple Mac OS X 10.4.8 and earlier kernel allows local users to cause a denial of service (memory corruption) via a large mappingCount value.