Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Apple Subscribe
Total 10175 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2007-4690 1 Apple 2 Mac Os X, Mac Os X Server 2017-07-28 9.0 HIGH N/A
Double free vulnerability in the NFS component in Apple Mac OS X 10.4 through 10.4.10 allows remote authenticated users to execute arbitrary code via a crafted AUTH_UNIX RPC packet.
CVE-2007-4691 1 Apple 2 Mac Os X, Mac Os X Server 2017-07-28 10.0 HIGH N/A
The NSURL component in Apple Mac OS X 10.4 through 10.4.10 performs case-sensitive comparisons that allow attackers to bypass intended restrictions for local file system URLs.
CVE-2007-4707 1 Apple 1 Quicktime 2017-07-28 9.3 HIGH N/A
Multiple unspecified vulnerabilities in the Flash media handler in Apple QuickTime before 7.3.1 allow remote attackers to execute arbitrary code or have other unspecified impacts via a crafted QuickTime movie.
CVE-2007-4678 1 Apple 2 Mac Os X, Mac Os X Server 2017-07-28 7.1 HIGH N/A
AppleRAID in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 allows attackers to cause a denial of service (crash) via a crafted striped disk image, which triggers a NULL pointer dereference when it is mounted.
CVE-2007-4680 1 Apple 2 Mac Os X, Mac Os X Server 2017-07-28 6.8 MEDIUM N/A
CFNetwork in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 does not properly validate certificates, which allows remote attackers to spoof trusted SSL certificates via a man-in-the-middle attack.
CVE-2007-4673 1 Apple 1 Quicktime 2017-07-28 9.3 HIGH N/A
Argument injection vulnerability in Apple QuickTime 7.2 for Windows XP SP2 and Vista allows remote attackers to execute arbitrary commands via a URL in the qtnext field in a crafted QTL file. NOTE: this issue may be related to CVE-2006-4965 or CVE-2007-5045.
CVE-2007-4692 2 Apple, Microsoft 4 Mac Os X, Mac Os X Server, Safari and 1 more 2017-07-28 4.3 MEDIUM N/A
The tabbed browsing feature in Apple Safari 3 before Beta Update 3.0.4 on Windows, and Mac OS X 10.4 through 10.4.10, allows remote attackers to spoof HTTP authentication for other sites and possibly conduct phishing attacks by causing an authentication sheet to be displayed for a tab that is not active, which makes it appear as if it is associated with the active tab.
CVE-2007-4693 1 Apple 2 Mac Os X, Mac Os X Server 2017-07-28 7.2 HIGH N/A
The SecurityAgent component in Mac OS X 10.4 through 10.4.10 allows attackers with physical access to bypass the authentication dialog of the screen saver and send keystrokes to a process, related to "handling of keyboard focus between secure text fields."
CVE-2007-4694 1 Apple 2 Mac Os X, Mac Os X Server 2017-07-28 4.3 MEDIUM N/A
Safari in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to access local content via file:// URLs.
CVE-2007-4695 1 Apple 2 Mac Os X, Mac Os X Server 2017-07-28 4.3 MEDIUM N/A
Unspecified "input validation" vulnerability in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to modify form field values via unknown vectors related to file uploads.
CVE-2007-4697 1 Apple 2 Mac Os X, Mac Os X Server 2017-07-28 6.8 MEDIUM N/A
Unspecified vulnerability in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via unknown vectors related to browser history, which triggers memory corruption.
CVE-2007-4699 1 Apple 3 Mac Os X, Mac Os X Server, Safari 2017-07-28 7.5 HIGH N/A
The default configuration of Safari in Apple Mac OS X 10.4 through 10.4.10 adds a private key to the keychain with permissions that allow other applications to access the key without warning the user, which might allow other applications to bypass intended access restrictions.
CVE-2007-4698 1 Apple 1 Safari 2017-07-28 4.3 MEDIUM N/A
Apple Safari 3 before Beta Update 3.0.4 on Windows, and Mac OS X 10.4 through 10.4.10, allows remote attackers to conduct cross-site scripting (XSS) attacks by causing JavaScript events to be associated with the wrong frame.
CVE-2007-4700 1 Apple 2 Mac Os X, Mac Os X Server 2017-07-28 7.5 HIGH N/A
Unspecified vulnerability in WebKit on Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to use Safari as an indirect proxy and send attacker-controlled data to arbitrary TCP ports via unknown vectors.
CVE-2007-4701 1 Apple 2 Mac Os X, Mac Os X Server 2017-07-28 2.1 LOW N/A
WebKit on Apple Mac OS X 10.4 through 10.4.10 does not create temporary files securely when Safari is previewing a PDF file, which allows local users to read the contents of that file.
CVE-2007-4702 1 Apple 2 Mac Os X, Mac Os X Server 2017-07-28 9.3 HIGH N/A
The Application Firewall in Apple Mac OS X 10.5, when "Block all incoming connections" is enabled, does not prevent root processes or mDNSResponder from accepting connections, which might allow remote attackers or local root processes to bypass intended access restrictions.
CVE-2007-4703 1 Apple 2 Mac Os X, Mac Os X Server 2017-07-28 10.0 HIGH N/A
The Application Firewall in Apple Mac OS X 10.5 does not prevent a root process from accepting incoming connections, even when "Block incoming connections" has been set for its associated executable, which might allow remote attackers or local root processes to bypass intended access restrictions.
CVE-2007-4704 1 Apple 1 Mac Os X 2017-07-28 10.0 HIGH N/A
The Application Firewall in Apple Mac OS X 10.5 does not apply changed settings to processes that are started by launchd until the processes are restarted, which might allow attackers to bypass intended access restrictions.
CVE-2007-4706 1 Apple 1 Quicktime 2017-07-28 6.8 MEDIUM N/A
Heap-based buffer overflow in Apple QuickTime before 7.3.1 allows remote attackers to execute arbitrary code via a crafted QTL file.
CVE-2007-4709 1 Apple 1 Mac Os X 2017-07-28 8.8 HIGH N/A
Directory traversal vulnerability in CFNetwork in Apple Mac OS X 10.5.1 allows remote attackers to overwrite arbitrary files via a crafted HTTP response.