Search Results (5636 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-4676 2 Apple, Microsoft 4 Mac Os X, Quicktime, Windows Vista and 1 more 2026-04-23 N/A
Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via malformed elements when parsing (1) Poly type (0x0070 through 0x0074) and (2) PackBitsRgn field (0x0099) opcodes in a PICT image.
CVE-2007-4677 2 Apple, Microsoft 4 Mac Os X, Quicktime, Windows Vista and 1 more 2026-04-23 N/A
Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via an invalid color table size when parsing the color table atom (CTAB) in a movie file, related to the CTAB RGB values.
CVE-2007-4680 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
CFNetwork in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 does not properly validate certificates, which allows remote attackers to spoof trusted SSL certificates via a man-in-the-middle attack.
CVE-2007-4681 1 Apple 1 Mac Os X 2026-04-23 N/A
Buffer overflow in CoreFoundation in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 allows local users to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted directory hierarchy.
CVE-2007-4683 1 Apple 1 Mac Os X 2026-04-23 N/A
Directory traversal vulnerability in the kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to bypass the chroot mechanism via a relative path when changing the current working directory.
CVE-2007-4684 1 Apple 1 Mac Os X 2026-04-23 N/A
Integer overflow in the kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a large num_sels argument to the i386_set_ldt system call.
CVE-2007-4690 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
Double free vulnerability in the NFS component in Apple Mac OS X 10.4 through 10.4.10 allows remote authenticated users to execute arbitrary code via a crafted AUTH_UNIX RPC packet.
CVE-2007-4691 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
The NSURL component in Apple Mac OS X 10.4 through 10.4.10 performs case-sensitive comparisons that allow attackers to bypass intended restrictions for local file system URLs.
CVE-2007-4693 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
The SecurityAgent component in Mac OS X 10.4 through 10.4.10 allows attackers with physical access to bypass the authentication dialog of the screen saver and send keystrokes to a process, related to "handling of keyboard focus between secure text fields."
CVE-2007-4694 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
Safari in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to access local content via file:// URLs.
CVE-2007-4697 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
Unspecified vulnerability in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via unknown vectors related to browser history, which triggers memory corruption.
CVE-2007-4699 1 Apple 3 Mac Os X, Mac Os X Server, Safari 2026-04-23 N/A
The default configuration of Safari in Apple Mac OS X 10.4 through 10.4.10 adds a private key to the keychain with permissions that allow other applications to access the key without warning the user, which might allow other applications to bypass intended access restrictions.
CVE-2007-4701 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
WebKit on Apple Mac OS X 10.4 through 10.4.10 does not create temporary files securely when Safari is previewing a PDF file, which allows local users to read the contents of that file.
CVE-2007-4702 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
The Application Firewall in Apple Mac OS X 10.5, when "Block all incoming connections" is enabled, does not prevent root processes or mDNSResponder from accepting connections, which might allow remote attackers or local root processes to bypass intended access restrictions.
CVE-2007-4709 1 Apple 1 Mac Os X 2026-04-23 N/A
Directory traversal vulnerability in CFNetwork in Apple Mac OS X 10.5.1 allows remote attackers to overwrite arbitrary files via a crafted HTTP response.
CVE-2007-4710 1 Apple 1 Mac Os X 2026-04-23 N/A
Unspecified vulnerability in ColorSync in Apple Mac OS X 10.4.11 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via an image with a crafted ColorSync profile, which triggers memory corruption.
CVE-2007-5476 3 Adobe, Apple, Opera 3 Flash Player, Mac Os X, Opera Browser 2026-04-23 N/A
Unspecified vulnerability in Adobe Flash Player 9.0.47.0 and earlier, when running on Opera before 9.24 on Mac OS X, has unknown "Highly Severe" impact and unknown attack vectors.
CVE-2007-5856 1 Apple 1 Mac Os X 2026-04-23 N/A
Quick Look Apple Mac OS X 10.5.1, when previewing an HTML file, does not prevent plug-ins from making network requests, which might allow remote attackers to obtain sensitive information.
CVE-2007-5849 2 Apple, Easy Software Products 2 Mac Os X, Cups 2026-04-23 N/A
Integer underflow in the asn1_get_string function in the SNMP back end (backend/snmp.c) for CUPS 1.2 through 1.3.4 allows remote attackers to execute arbitrary code via a crafted SNMP response that triggers a stack-based buffer overflow.
CVE-2006-4387 1 Apple 1 Mac Os X 2026-04-23 N/A
Apple Mac OS X 10.4 through 10.4.7, when the administrator clears the "Allow user to administer this computer" checkbox in System Preferences for a user, does not remove the user's account from the appserveradm or appserverusr groups, which still allows the user to manage WebObjects applications.