Search Results (817 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-0746 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
Heap-based buffer overflow in the VideoConference framework in Apple Mac OS X 10.3.9 through 10.4.9 allows remote attackers to execute arbitrary code via a "crafted SIP packet when initializing an audio/video conference".
CVE-2007-0747 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
load_webdav in Apple Mac OS X 10.3.9 through 10.4.9 does not properly clean the environment when mounting a WebDAV filesystem, which allows local users to gain privileges by setting unspecified environment variables.
CVE-2007-0752 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
The PPP daemon (pppd) in Apple Mac OS X 10.4.8 checks ownership of the stdin file descriptor to determine if the invoker has sufficient privileges, which allows local users to load arbitrary plugins and gain root privileges by bypassing this check.
CVE-2007-0753 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
Format string vulnerability in the VPN daemon (vpnd) in Apple Mac OS X 10.3.9 and 10.4.9 allows local users to execute arbitrary code via the -i parameter.
CVE-2007-1071 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
Integer overflow in the gifGetBandProc function in ImageIO in Apple Mac OS X 10.4.8 allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image that triggers the overflow during decompression. NOTE: this is a different issue than CVE-2006-3502 and CVE-2006-3503.
CVE-2007-1661 2 Apple, Pcre 3 Mac Os X, Mac Os X Server, Perl-compatible Regular Expression Library 2026-04-23 N/A
Perl-Compatible Regular Expression (PCRE) library before 7.3 backtracks too far when matching certain input bytes against some regex patterns in non-UTF-8 mode, which allows context-dependent attackers to obtain sensitive information or cause a denial of service (crash), as demonstrated by the "\X?\d" and "\P{L}?\d" patterns.
CVE-2007-2399 1 Apple 3 Iphone Os, Mac Os X, Mac Os X Server 2026-04-23 N/A
WebKit in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1 performs an "invalid type conversion", which allows remote attackers to execute arbitrary code via unspecified frame sets that trigger memory corruption.
CVE-2007-2401 1 Apple 3 Iphone Os, Mac Os X, Mac Os X Server 2026-04-23 N/A
CRLF injection vulnerability in WebCore in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1, allows remote attackers to inject arbitrary HTTP headers via LF characters in an XMLHttpRequest request, which are not filtered when serializing headers via the setRequestHeader function. NOTE: this issue can be leveraged for cross-site scripting (XSS) attacks.
CVE-2007-2404 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
CRLF injection vulnerability in CFNetwork on Apple Mac OS X 10.3.9 and 10.4.10 before 20070731 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in an unspecified context. NOTE: this can be leveraged for cross-site scripting (XSS) attacks.
CVE-2007-2406 1 Apple 3 Mac Os X, Mac Os X Server, Quartz Composer 2026-04-23 N/A
Quartz Composer on Apple Mac OS X 10.4.10 does not initialize a certain object pointer, which might allow user-assisted remote attackers to execute arbitrary code via a crafted Quartz Composer file.
CVE-2007-3745 1 Apple 3 Core Audio Technologies, Mac Os X, Mac Os X Server 2026-04-23 N/A
The Java interface to CoreAudio on Apple Mac OS X 10.3.9 and 10.4.10 contains an unsafe interface that is exposed by JDirect, which allows remote attackers to free arbitrary memory and thereby execute arbitrary code.
CVE-2007-3746 1 Apple 3 Ichat, Mac Os X, Mac Os X Server 2026-04-23 N/A
The Java interface to CoreAudio on Apple Mac OS X 10.3.9 and 10.4.10 does not properly check the bounds of heap read and write operations, which allows remote attackers to execute arbitrary code via a crafted applet.
CVE-2007-3748 1 Apple 3 Ichat, Mac Os X, Mac Os X Server 2026-04-23 N/A
Buffer overflow in the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) implementation in iChat on Apple Mac OS X 10.3.9 and 10.4.10 allows network-adjacent remote attackers to execute arbitrary code via a crafted packet.
CVE-2007-3798 7 Apple, Canonical, Debian and 4 more 8 Mac Os X, Mac Os X Server, Ubuntu Linux and 5 more 2026-04-23 9.8 Critical
Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 and earlier allows remote attackers to execute arbitrary code via crafted TLVs in a BGP packet, related to an unchecked return value.
CVE-2007-4680 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
CFNetwork in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 does not properly validate certificates, which allows remote attackers to spoof trusted SSL certificates via a man-in-the-middle attack.
CVE-2007-4685 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
The kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to gain privileges by executing setuid or setgid programs in which the stdio, stderr, or stdout file descriptors are "in an unexpected state."
CVE-2007-4687 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
The remote_cmds component in Apple Mac OS X 10.4 through 10.4.10 contains a symbolic link from the tftpboot private directory to the root directory, which allows tftpd users to escape the private directory and access arbitrary files.
CVE-2007-4688 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
The Networking component in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to obtain all addresses for a host, including link-local addresses, via a Node Information Query.
CVE-2007-4695 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
Unspecified "input validation" vulnerability in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to modify form field values via unknown vectors related to file uploads.
CVE-2008-3643 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
Unspecified vulnerability in Finder in Mac OS X 10.5.5 allows user-assisted attackers to cause a denial of service (continuous termination and restart) via a crafted Desktop file that generates an error when producing its icon, related to an "error recovery issue."