Mac Os X@10.4.11 Security Vulnerabilities and Issues — Mac Os X@10.4.11 CVE List

Lucene search

AppleMac Os X10.4.11

13 matches found

CVE•added 2007/12/19 9:46 p.m.•61 views

CVE-2007-5848

Buffer overflow in CUPS in Apple Mac OS X 10.4.11 allows local admin users to execute arbitrary code via a crafted URI to the CUPS service.

7.2CVSS8.9AI score0.00271EPSS

CVE•added 2007/11/07 11:46 p.m.•52 views

CVE-2007-1661

Perl-Compatible Regular Expression (PCRE) library before 7.3 backtracks too far when matching certain input bytes against some regex patterns in non-UTF-8 mode, which allows context-dependent attackers to obtain sensitive information or cause a denial of service (crash), as demonstrated by the "\X?...

6.4CVSS9.2AI score0.02716EPSS

CVE•added 2007/12/19 9:46 p.m.•50 views

CVE-2007-4710

Unspecified vulnerability in ColorSync in Apple Mac OS X 10.4.11 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via an image with a crafted ColorSync profile, which triggers memory corruption.

9.3CVSS9.2AI score0.05499EPSS

CVE•added 2007/12/19 9:46 p.m.•47 views

CVE-2007-4708

Format string vulnerability in Address Book in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via the URL handler.

9.3CVSS9.2AI score0.03425EPSS

CVE•added 2007/12/19 9:46 p.m.•45 views

CVE-2007-5853

Unspecified vulnerability in IO Storage Family in Apple Mac OS X 10.4.11 allows user-assisted attackers to cause a denial of service (system shutdown) or execute arbitrary code via a disk image with crafted GUID partition maps, which triggers memory corruption.

9.3CVSS9.1AI score0.00837EPSS

CVE•added 2007/12/19 9:46 p.m.•43 views

CVE-2007-3876

Stack-based buffer overflow in SMB in Apple Mac OS X 10.4.11 allows local users to execute arbitrary code via (1) a long workgroup (-W) option to mount_smbfs or (2) an unspecified manipulation of the command line to smbutil.

6.6CVSS9.2AI score0.00221EPSS

CVE•added 2007/12/19 9:46 p.m.•43 views

CVE-2007-5850

Heap-based buffer overflow in Desktop Services in Apple Mac OS X 10.4.11 allows user-assisted attackers to execute arbitrary code via a directory with a crafted .DS_Store file.

8.8CVSS9.2AI score0.00757EPSS

CVE•added 2007/12/19 9:46 p.m.•40 views

CVE-2007-5851

iChat in Apple Mac OS X 10.4.11 allows network-adjacent remote attackers to automatically initiate a video connection to another user via unknown vectors.

3.6CVSS8.5AI score0.00237EPSS

CVE•added 2007/12/19 9:46 p.m.•39 views

CVE-2007-5855

Mail in Apple Mac OS X 10.4.11 and 10.5.1, when an SMTP account has been set up using Account Assistant, can use plaintext authentication even when MD5 Challenge-Response authentication is available, which makes it easier for remote attackers to sniff account activity.

6.4CVSS8.9AI score0.00483EPSS

CVE•added 2007/12/18 8:46 p.m.•38 views

CVE-2007-5862

Java in Mac OS X 10.4 through 10.4.11 allows remote attackers to bypass Keychain access controls and add or delete arbitrary Keychain items via a crafted Java applet.

9.4CVSS6.8AI score0.00207EPSS

CVE•added 2007/12/19 9:46 p.m.•35 views

CVE-2007-5861

Unspecified vulnerability in Spotlight in Apple Mac OS X 10.4.11 allows user-assisted attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted .XLS file that triggers memory corruption in the Microsoft Office Spotlight Importer.

6.8CVSS9.2AI score0.00751EPSS

CVE•added 2007/12/19 9:46 p.m.•34 views

CVE-2007-5854

Launch Services in Apple Mac OS X 10.4.11 and 10.5.1 does not treat HTML files as unsafe content, which allows attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via a crafted HTML file.

4.3CVSS7.7AI score0.00309EPSS

CVE•added 2007/12/19 9:46 p.m.•33 views

CVE-2007-5847

Race condition in the CFURLWriteDataAndPropertiesToResource API in Core Foundation in Apple Mac OS X 10.4.11 creates files with insecure permissions, which might allow local users to obtain sensitive information.

6.6CVSS8.1AI score0.00044EPSS