Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2007-4690

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-15 Nov, 2007 | 01:00
Updated At-07 Aug, 2024 | 15:01
Rejected At-
Credits

Double free vulnerability in the NFS component in Apple Mac OS X 10.4 through 10.4.10 allows remote authenticated users to execute arbitrary code via a crafted AUTH_UNIX RPC packet.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:15 Nov, 2007 | 01:00
Updated At:07 Aug, 2024 | 15:01
Rejected At:
▼CVE Numbering Authority (CNA)

Double free vulnerability in the NFS component in Apple Mac OS X 10.4 through 10.4.10 allows remote authenticated users to execute arbitrary code via a crafted AUTH_UNIX RPC packet.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://exchange.xforce.ibmcloud.com/vulnerabilities/38477
vdb-entry
x_refsource_XF
http://www.securityfocus.com/bid/26444
vdb-entry
x_refsource_BID
http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html
vendor-advisory
x_refsource_APPLE
http://docs.info.apple.com/article.html?artnum=307041
x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2007/3868
vdb-entry
x_refsource_VUPEN
http://www.securitytracker.com/id?1018949
vdb-entry
x_refsource_SECTRACK
http://secunia.com/advisories/27643
third-party-advisory
x_refsource_SECUNIA
http://www.us-cert.gov/cas/techalerts/TA07-319A.html
third-party-advisory
x_refsource_CERT
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/38477
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://www.securityfocus.com/bid/26444
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html
Resource:
vendor-advisory
x_refsource_APPLE
Hyperlink: http://docs.info.apple.com/article.html?artnum=307041
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.vupen.com/english/advisories/2007/3868
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.securitytracker.com/id?1018949
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://secunia.com/advisories/27643
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA07-319A.html
Resource:
third-party-advisory
x_refsource_CERT
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://exchange.xforce.ibmcloud.com/vulnerabilities/38477
vdb-entry
x_refsource_XF
x_transferred
http://www.securityfocus.com/bid/26444
vdb-entry
x_refsource_BID
x_transferred
http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html
vendor-advisory
x_refsource_APPLE
x_transferred
http://docs.info.apple.com/article.html?artnum=307041
x_refsource_CONFIRM
x_transferred
http://www.vupen.com/english/advisories/2007/3868
vdb-entry
x_refsource_VUPEN
x_transferred
http://www.securitytracker.com/id?1018949
vdb-entry
x_refsource_SECTRACK
x_transferred
http://secunia.com/advisories/27643
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.us-cert.gov/cas/techalerts/TA07-319A.html
third-party-advisory
x_refsource_CERT
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/38477
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://www.securityfocus.com/bid/26444
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html
Resource:
vendor-advisory
x_refsource_APPLE
x_transferred
Hyperlink: http://docs.info.apple.com/article.html?artnum=307041
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2007/3868
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.securitytracker.com/id?1018949
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://secunia.com/advisories/27643
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA07-319A.html
Resource:
third-party-advisory
x_refsource_CERT
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:15 Nov, 2007 | 01:46
Updated At:29 Jul, 2017 | 01:33

Double free vulnerability in the NFS component in Apple Mac OS X 10.4 through 10.4.10 allows remote authenticated users to execute arbitrary code via a crafted AUTH_UNIX RPC packet.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.09.0HIGH
AV:N/AC:L/Au:S/C:C/I:C/A:C
Type: Primary
Version: 2.0
Base score: 9.0
Base severity: HIGH
Vector:
AV:N/AC:L/Au:S/C:C/I:C/A:C
CPE Matches
Apple Inc.
apple
>>mac_os_x>>10.4.1
cpe:2.3:o:apple:mac_os_x:10.4.1:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.4.2
cpe:2.3:o:apple:mac_os_x:10.4.2:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.4.3
cpe:2.3:o:apple:mac_os_x:10.4.3:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.4.4
cpe:2.3:o:apple:mac_os_x:10.4.4:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.4.5
cpe:2.3:o:apple:mac_os_x:10.4.5:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.4.6
cpe:2.3:o:apple:mac_os_x:10.4.6:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.4.7
cpe:2.3:o:apple:mac_os_x:10.4.7:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.4.8
cpe:2.3:o:apple:mac_os_x:10.4.8:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.4.9
cpe:2.3:o:apple:mac_os_x:10.4.9:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.4.10
cpe:2.3:o:apple:mac_os_x:10.4.10:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x_server>>10.4.1
cpe:2.3:o:apple:mac_os_x_server:10.4.1:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x_server>>10.4.2
cpe:2.3:o:apple:mac_os_x_server:10.4.2:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x_server>>10.4.3
cpe:2.3:o:apple:mac_os_x_server:10.4.3:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x_server>>10.4.4
cpe:2.3:o:apple:mac_os_x_server:10.4.4:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x_server>>10.4.5
cpe:2.3:o:apple:mac_os_x_server:10.4.5:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x_server>>10.4.6
cpe:2.3:o:apple:mac_os_x_server:10.4.6:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x_server>>10.4.7
cpe:2.3:o:apple:mac_os_x_server:10.4.7:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x_server>>10.4.8
cpe:2.3:o:apple:mac_os_x_server:10.4.8:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x_server>>10.4.9
cpe:2.3:o:apple:mac_os_x_server:10.4.9:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x_server>>10.4.10
cpe:2.3:o:apple:mac_os_x_server:10.4.10:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-399Primarynvd@nist.gov
CWE ID: CWE-399
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://docs.info.apple.com/article.html?artnum=307041cve@mitre.org
N/A
http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.htmlcve@mitre.org
Patch
http://secunia.com/advisories/27643cve@mitre.org
Vendor Advisory
http://www.securityfocus.com/bid/26444cve@mitre.org
N/A
http://www.securitytracker.com/id?1018949cve@mitre.org
N/A
http://www.us-cert.gov/cas/techalerts/TA07-319A.htmlcve@mitre.org
US Government Resource
http://www.vupen.com/english/advisories/2007/3868cve@mitre.org
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/38477cve@mitre.org
N/A
Hyperlink: http://docs.info.apple.com/article.html?artnum=307041
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html
Source: cve@mitre.org
Resource:
Patch
Hyperlink: http://secunia.com/advisories/27643
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/26444
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1018949
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA07-319A.html
Source: cve@mitre.org
Resource:
US Government Resource
Hyperlink: http://www.vupen.com/english/advisories/2007/3868
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/38477
Source: cve@mitre.org
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

82Records found
CVE-2007-0710
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-1.18% / 77.87%
||
7 Day CHG~0.00%
Published-16 Feb, 2007 | 19:00
Updated-07 Aug, 2024 | 12:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Bonjour functionality in iChat in Apple Mac OS X 10.3.9 allows remote attackers to cause a denial of service (persistent application crash) via unspecified vectors, possibly related to CVE-2007-0614.

Action-Not Available
Vendor-n/aApple Inc.
Product-ichatmac_os_xn/a
CWE ID-CWE-399
Not Available
CVE-2008-2323
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.1||HIGH
EPSS-0.96% / 75.50%
||
7 Day CHG~0.00%
Published-04 Aug, 2008 | 01:00
Updated-07 Aug, 2024 | 08:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Data Detectors Engine in Apple Mac OS X 10.5.4 allows attackers to cause a denial of service (resource consumption) via crafted textual content in messages.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xdata_detectors_enginen/a
CWE ID-CWE-399
Not Available
CVE-2008-2332
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-5.43% / 89.78%
||
7 Day CHG~0.00%
Published-16 Sep, 2008 | 23:00
Updated-07 Aug, 2024 | 08:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ImageIO in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a crafted TIFF image.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_x_servermac_os_xn/a
CWE ID-CWE-399
Not Available
CVE-2008-2325
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-4.83% / 89.11%
||
7 Day CHG~0.00%
Published-04 Aug, 2008 | 01:00
Updated-07 Aug, 2024 | 08:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

QuickLook in Apple Mac OS X 10.4.11 and 10.5.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Microsoft Office file, related to insufficient "bounds checking."

Action-Not Available
Vendor-n/aApple Inc.
Product-quicklookmac_os_x_servermac_os_xn/a
CWE ID-CWE-399
Not Available
CVE-2008-1590
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.88% / 82.42%
||
7 Day CHG~0.00%
Published-14 Jul, 2008 | 18:00
Updated-07 Aug, 2024 | 08:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

JavaScriptCore in WebKit on Apple iPhone before 2.0 and iPod touch before 2.0 does not properly perform runtime garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors that trigger memory corruption, a different vulnerability than CVE-2008-2317.

Action-Not Available
Vendor-webkitn/aApple Inc.
Product-iphone_osjavascriptcoreiphoneipod_touchn/a
CWE ID-CWE-399
Not Available
CVE-2008-1739
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.26% / 78.58%
||
7 Day CHG~0.00%
Published-03 Sep, 2008 | 19:00
Updated-07 Aug, 2024 | 08:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apple QuickTime before 7.4.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted ftyp atoms in a movie file, which triggers memory corruption.

Action-Not Available
Vendor-n/aApple Inc.
Product-quicktimen/a
CWE ID-CWE-399
Not Available
CVE-2008-1575
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-6.47% / 90.69%
||
7 Day CHG~0.00%
Published-02 Jun, 2008 | 14:00
Updated-07 Aug, 2024 | 08:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Apple Type Services (ATS) server in Apple Mac OS X 10.5 before 10.5.3 allows user-assisted remote attackers to execute arbitrary code via a crafted embedded font in a PDF document, related to memory corruption that occurs during printing.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_x_servermac_os_xn/a
CWE ID-CWE-399
Not Available
CVE-2008-1576
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.56% / 80.76%
||
7 Day CHG~0.00%
Published-02 Jun, 2008 | 14:00
Updated-07 Aug, 2024 | 08:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mail in Apple Mac OS X before 10.5, when an IPv6 SMTP server is used, does not properly initialize memory, which might allow remote attackers to execute arbitrary code or cause a denial of service (application crash), or obtain sensitive information (memory contents) in opportunistic circumstances, by sending an e-mail message.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-399
Not Available
CVE-2008-1024
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-2.58% / 85.00%
||
7 Day CHG~0.00%
Published-17 Apr, 2008 | 17:00
Updated-07 Aug, 2024 | 08:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apple Safari before 3.1.1, when running on Windows XP or Vista, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a file download with a crafted file name, which triggers memory corruption.

Action-Not Available
Vendor-n/aApple Inc.Microsoft Corporation
Product-safariwindows_xpwindows_vistan/a
CWE ID-CWE-399
Not Available
CVE-2008-1582
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-11.11% / 93.19%
||
7 Day CHG~0.00%
Published-10 Jun, 2008 | 18:00
Updated-07 Aug, 2024 | 08:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Apple QuickTime before 7.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted AAC-encoded file that triggers memory corruption.

Action-Not Available
Vendor-n/aApple Inc.
Product-quicktimen/a
CWE ID-CWE-399
Not Available
CVE-2008-0729
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.1||HIGH
EPSS-9.13% / 92.35%
||
7 Day CHG~0.00%
Published-12 Feb, 2008 | 20:00
Updated-07 Aug, 2024 | 07:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mobile Safari on Apple iPhone 1.1.2 and 1.1.3 allows remote attackers to cause a denial of service (memory exhaustion and device crash) via certain JavaScript code that constructs a long string and an array containing long string elements, possibly a related issue to CVE-2006-3677. NOTE: some of these details are obtained from third party information.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osmobile_safariiphonen/a
CWE ID-CWE-399
Not Available
CVE-2007-6694
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.44% / 79.94%
||
7 Day CHG~0.00%
Published-29 Jan, 2008 | 19:00
Updated-07 Aug, 2024 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The chrp_show_cpuinfo function (chrp/setup.c) in Linux kernel 2.4.21 through 2.6.18-53, when running on PowerPC, might allow local users to cause a denial of service (crash) via unknown vectors that cause the of_get_property function to fail, which triggers a NULL pointer dereference.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncApple Inc.
Product-powerpclinux_kerneln/a
CWE ID-CWE-399
Not Available
CVE-2008-0033
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-33.61% / 96.79%
||
7 Day CHG~0.00%
Published-16 Jan, 2008 | 02:00
Updated-07 Aug, 2024 | 07:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Apple QuickTime before 7.4 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a movie file with Image Descriptor (IDSC) atoms containing an invalid atom size, which triggers memory corruption.

Action-Not Available
Vendor-n/aApple Inc.
Product-quicktimen/a
CWE ID-CWE-399
Not Available
CVE-2008-0031
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.8||MEDIUM
EPSS-2.76% / 85.46%
||
7 Day CHG~0.00%
Published-16 Jan, 2008 | 01:00
Updated-07 Aug, 2024 | 07:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Apple QuickTime before 7.4 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted Sorenson 3 video file, which triggers memory corruption.

Action-Not Available
Vendor-n/aApple Inc.
Product-quicktimen/a
CWE ID-CWE-399
Not Available
CVE-2008-0035
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-29.26% / 96.42%
||
7 Day CHG~0.00%
Published-16 Jan, 2008 | 01:00
Updated-07 Aug, 2024 | 07:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Foundation, as used in Apple iPhone 1.0 through 1.1.2, iPod touch 1.1 through 1.1.2, and Mac OS X 10.5 through 10.5.1, allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted URL that triggers memory corruption in Safari.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osipod_touchsafarimac_os_xiphonen/a
CWE ID-CWE-399
Not Available
CVE-2008-0040
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-6.94% / 91.04%
||
7 Day CHG~0.00%
Published-12 Feb, 2008 | 19:00
Updated-07 Aug, 2024 | 07:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in NFS in Apple Mac OS X 10.5 through 10.5.1 allows remote attackers to cause a denial of service (system shutdown) or execute arbitrary code via unknown vectors related to mbuf chains that trigger memory corruption.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-399
Not Available
CVE-2007-5901
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.08% / 24.38%
||
7 Day CHG~0.00%
Published-06 Dec, 2007 | 02:00
Updated-07 Aug, 2024 | 15:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the gss_indicate_mechs function in lib/gssapi/mechglue/g_initialize.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors. NOTE: this might be the result of a typo in the source code.

Action-Not Available
Vendor-n/aApple Inc.MIT (Massachusetts Institute of Technology)
Product-kerberos_5mac_os_x_servermac_os_xn/a
CWE ID-CWE-399
Not Available
CVE-2007-5861
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.75% / 72.19%
||
7 Day CHG~0.00%
Published-19 Dec, 2007 | 21:00
Updated-07 Aug, 2024 | 15:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Spotlight in Apple Mac OS X 10.4.11 allows user-assisted attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted .XLS file that triggers memory corruption in the Microsoft Office Spotlight Importer.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-399
Not Available
CVE-2007-5859
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-19.89% / 95.24%
||
7 Day CHG~0.00%
Published-19 Dec, 2007 | 21:00
Updated-07 Aug, 2024 | 15:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Safari RSS in Apple Mac OS X 10.4.11 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted feed: URL that triggers memory corruption.

Action-Not Available
Vendor-n/aApple Inc.
Product-safarimac_os_xn/a
CWE ID-CWE-399
Not Available
CVE-2007-4710
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-4.77% / 89.04%
||
7 Day CHG~0.00%
Published-19 Dec, 2007 | 21:00
Updated-07 Aug, 2024 | 15:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in ColorSync in Apple Mac OS X 10.4.11 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via an image with a crafted ColorSync profile, which triggers memory corruption.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-399
Not Available
CVE-2007-4689
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-6.35% / 90.60%
||
7 Day CHG~0.00%
Published-15 Nov, 2007 | 01:00
Updated-07 Aug, 2024 | 15:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Double free vulnerability in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to cause a denial of service (system shutdown) or execute arbitrary code via crafted IPV6 packets.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_x_servermac_os_xn/a
CWE ID-CWE-399
Not Available
CVE-2007-3739
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-4.7||MEDIUM
EPSS-0.09% / 26.62%
||
7 Day CHG~0.00%
Published-14 Sep, 2007 | 01:00
Updated-07 Aug, 2024 | 14:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

mm/mmap.c in the hugetlb kernel, when run on PowerPC systems, does not prevent stack expansion from entering into reserved kernel page memory, which allows local users to cause a denial of service (OOPS) via unspecified vectors.

Action-Not Available
Vendor-n/aRed Hat, Inc.Apple Inc.
Product-powerpcenterprise_linuxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-399
Not Available
CVE-2007-3185
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.48% / 80.23%
||
7 Day CHG~0.00%
Published-12 Jun, 2007 | 22:00
Updated-07 Aug, 2024 | 14:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apple Safari Beta 3.0.1 for Windows public beta allows remote attackers to cause a denial of service (crash) via unspecified DHTML manipulations that trigger memory corruption, as demonstrated using Hamachi.

Action-Not Available
Vendor-n/aApple Inc.
Product-safarin/a
CWE ID-CWE-399
Not Available
CVE-2007-3274
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.39% / 59.11%
||
7 Day CHG~0.00%
Published-19 Jun, 2007 | 21:00
Updated-07 Aug, 2024 | 14:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apple Safari 3.0 and 3.0.1 on Windows XP SP2 allows attackers to cause a denial of service (application crash) via JavaScript that sets the document.location variable, as demonstrated by an empty value of document.location.

Action-Not Available
Vendor-n/aApple Inc.Microsoft Corporation
Product-safariwindows_xpn/a
CWE ID-CWE-399
Not Available
CVE-2007-0267
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.6||MEDIUM
EPSS-0.44% / 62.17%
||
7 Day CHG~0.00%
Published-17 Jan, 2007 | 00:00
Updated-07 Aug, 2024 | 12:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ufs_lookup function in the Mac OS X 10.4.8 and FreeBSD 6.1 kernels allows local users to cause a denial of service (kernel panic) and possibly corrupt other filesystems by mounting a crafted UNIX File System (UFS) DMG image that contains a corrupted directory entry (struct direct), related to the ufs_dirbad function. NOTE: a third party states that the FreeBSD issue does not cross privilege boundaries.

Action-Not Available
Vendor-n/aFreeBSD FoundationApple Inc.
Product-freebsdmac_os_xn/a
CWE ID-CWE-399
Not Available
CVE-2007-0197
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-53.85% / 97.91%
||
7 Day CHG~0.00%
Published-11 Jan, 2007 | 11:00
Updated-07 Aug, 2024 | 12:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Finder 10.4.6 on Apple Mac OS X 10.4.8 allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a long volume name in a DMG disk image, which results in memory corruption.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-399
Not Available
CVE-2009-3272
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-4.44% / 88.62%
||
7 Day CHG~0.00%
Published-21 Sep, 2009 | 19:00
Updated-07 Aug, 2024 | 06:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack consumption vulnerability in WebKit.dll in WebKit in Apple Safari 3.2.3, and possibly other versions before 4.1.2, allows remote attackers to cause a denial of service (application crash) via JavaScript code that calls eval on a long string composed of A/ sequences.

Action-Not Available
Vendor-n/aApple Inc.
Product-safarin/a
CWE ID-CWE-399
Not Available
CVE-2009-1692
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.1||HIGH
EPSS-4.00% / 87.97%
||
7 Day CHG~0.00%
Published-19 Jun, 2009 | 16:00
Updated-07 Aug, 2024 | 05:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit before r41741, as used in Apple iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Safari, and other software, allows remote attackers to cause a denial of service (memory consumption or device reset) via a web page containing an HTMLSelectElement object with a large length attribute, related to the length property of a Select object.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_ossafariipod_touchn/a
CWE ID-CWE-399
Not Available
CVE-2009-0188
Matching Score-6
Assigner-Flexera Software LLC
ShareView Details
Matching Score-6
Assigner-Flexera Software LLC
CVSS Score-9.3||HIGH
EPSS-9.03% / 92.30%
||
7 Day CHG~0.00%
Published-02 Jun, 2009 | 18:00
Updated-07 Aug, 2024 | 04:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie composed of a Sorenson 3 video file.

Action-Not Available
Vendor-n/aApple Inc.
Product-quicktimen/a
CWE ID-CWE-399
Not Available
CVE-2008-4231
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-7.66% / 91.54%
||
7 Day CHG~0.00%
Published-25 Nov, 2008 | 23:00
Updated-07 Aug, 2024 | 10:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not properly handle HTML TABLE elements, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_ossafariipod_touchn/a
CWE ID-CWE-399
Not Available
CVE-2008-3629
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-1.37% / 79.45%
||
7 Day CHG~0.00%
Published-10 Sep, 2008 | 16:00
Updated-07 Aug, 2024 | 09:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apple QuickTime before 7.5.5 allows remote attackers to cause a denial of service (application crash) via a crafted PICT image that triggers an out-of-bounds read.

Action-Not Available
Vendor-n/aApple Inc.Microsoft Corporation
Product-windows_vistawindows_xpwindows-ntmac_os_xquicktimemac_os_x_servern/a
CWE ID-CWE-399
Not Available
CVE-2009-1544
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-36.62% / 97.01%
||
7 Day CHG~0.00%
Published-12 Aug, 2009 | 17:00
Updated-21 Oct, 2024 | 17:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Double free vulnerability in the Workstation service in Microsoft Windows allows remote authenticated users to gain privileges via a crafted RPC message to a Windows XP SP2 or SP3 or Server 2003 SP2 system, or cause a denial of service via a crafted RPC message to a Vista Gold, SP1, or SP2 or Server 2008 Gold or SP2 system, aka "Workstation Service Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_2003_serverwindows_xpwindows_server_2008windows_vistan/a
CWE ID-CWE-415
Double Free
CWE ID-CWE-399
Not Available
  • Previous
  • 1
  • 2
  • Next
Details not found