CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apple : Security Vulnerabilities Published In 2007 (Denial Of Service)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2007-6359 189 DoS 2007-12-14 2008-09-05
4.9
None Local Low Not required None None Complete
The cs_validate_page function in bsd/kern/ubc_subr.c in the xnu kernel 1228.0 and earlier in Apple Mac OS X 10.5.1 allows local users to cause a denial of service (failed assertion and system crash) via a crafted signed Mach-O binary that causes the hashes function to return NULL.
2 CVE-2007-6276 189 1 DoS 2007-12-07 2011-07-18
7.8
None Remote Low Not required None None Complete
The accept_connections function in the virtual private network daemon (vpnd) in Apple Mac OS X 10.5 before 10.5.4 allows remote attackers to cause a denial of service (divide-by-zero error and daemon crash) via a crafted load balancing packet to UDP port 4112.
3 CVE-2007-6261 189 DoS Overflow 2007-12-05 2008-09-05
4.9
None Local Low Not required None None Complete
Integer overflow in the load_threadstack function in the Mach-O loader (mach_loader.c) in the xnu kernel in Apple Mac OS X 10.4 through 10.5.1 allows local users to cause a denial of service (infinite loop) via a crafted Mach-O binary.
4 CVE-2007-5861 399 DoS Exec Code Mem. Corr. 2007-12-19 2008-09-05
6.8
None Remote Medium Not required Partial Partial Partial
Unspecified vulnerability in Spotlight in Apple Mac OS X 10.4.11 allows user-assisted attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted .XLS file that triggers memory corruption in the Microsoft Office Spotlight Importer.
5 CVE-2007-5859 399 DoS Exec Code Mem. Corr. 2007-12-19 2008-09-05
9.3
Admin Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Safari RSS in Apple Mac OS X 10.4.11 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted feed: URL that triggers memory corruption.
6 CVE-2007-5853 DoS Exec Code Mem. Corr. 2007-12-19 2008-09-05
9.3
Admin Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in IO Storage Family in Apple Mac OS X 10.4.11 allows user-assisted attackers to cause a denial of service (system shutdown) or execute arbitrary code via a disk image with crafted GUID partition maps, which triggers memory corruption.
7 CVE-2007-5450 119 1 DoS Overflow 2007-10-14 2008-09-05
9.3
Admin Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Safari on the Apple iPod touch (aka iTouch) and iPhone 1.1.1 allows user-assisted remote attackers to cause a denial of service (application crash), and enable filesystem browsing by the local user, via a certain TIFF file.
8 CVE-2007-4812 119 DoS Overflow 2007-09-11 2009-02-05
5.0
None Remote Low Not required None None Partial
Buffer overflow in Apple Safari 3.0.3 522.15.5, and other versions before Beta Update 3.0.4, allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact by setting document.location.hash to a long string. NOTE: the crash might actually occur in the alert method.
9 CVE-2007-4710 399 DoS Exec Code Mem. Corr. 2007-12-19 2008-09-05
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in ColorSync in Apple Mac OS X 10.4.11 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via an image with a crafted ColorSync profile, which triggers memory corruption.
10 CVE-2007-4697 DoS Exec Code Mem. Corr. 2007-11-14 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
Unspecified vulnerability in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via unknown vectors related to browser history, which triggers memory corruption.
11 CVE-2007-4689 399 DoS Exec Code 2007-11-14 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Double free vulnerability in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to cause a denial of service (system shutdown) or execute arbitrary code via crafted IPV6 packets.
12 CVE-2007-4686 189 DoS +Priv 2007-11-14 2011-06-20
7.2
None Local Low Not required Complete Complete Complete
Integer signedness error in the ttioctl function in bsd/kern/tty.c in the xnu kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to cause a denial of service (system shutdown) or gain privileges via a crafted TIOCSETD ioctl request.
13 CVE-2007-4682 119 DoS Exec Code Overflow 2007-11-14 2013-01-03
6.8
None Remote Medium Not required Partial Partial Partial
CoreText in Apple Mac OS X 10.4 through 10.4.10 allows attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted text content that triggers an access of an uninitialized object pointer.
14 CVE-2007-4681 119 DoS Exec Code Overflow 2007-11-14 2013-01-03
6.9
Admin Local Medium Not required Complete Complete Complete
Buffer overflow in CoreFoundation in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 allows local users to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted directory hierarchy.
15 CVE-2007-4678 DoS 2007-11-14 2010-07-07
7.1
None Remote Medium Not required None None Complete
AppleRAID in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 allows attackers to cause a denial of service (crash) via a crafted striped disk image, which triggers a NULL pointer dereference when it is mounted.
16 CVE-2007-3753 20 DoS Exec Code 2007-09-27 2008-11-15
7.5
User Remote Low Not required Partial Partial Partial
Apple iPhone 1.1.1, with Bluetooth enabled, allows physically proximate attackers to cause a denial of service (application termination) and execute arbitrary code via crafted Service Discovery Protocol (SDP) packets, related to insufficient input validation.
17 CVE-2007-3752 119 DoS Exec Code Overflow 2007-09-06 2013-11-02
9.3
Admin Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in Apple iTunes before 7.4 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via crafted album cover art in the covr atom of an MP4/AAC file.
18 CVE-2007-3743 119 DoS Exec Code Overflow 2007-08-03 2012-10-30
6.8
User Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in bookmark handling in Apple Safari 3 Beta before Update 3.0.3 on Windows allows user-assisted remote attackers to cause a denial of service (application crash) or execute arbitrary code via a bookmark with a long title.
19 CVE-2007-3376 DoS Exec Code Overflow 2007-06-25 2012-10-30
9.3
Admin Remote Medium Not required Complete Complete Complete
Buffer overflow in Apple Safari 3.0.2 on Windows XP SP2 allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long value in the title HTML tag, which triggers the overflow when the user adds the page as a bookmark.
20 CVE-2007-3284 DoS 2007-06-19 2012-10-30
7.8
None Remote Low Not required None None Complete
corefoundation.dll in Apple Safari 3.0.1 (552.12.2) for Windows allows remote attackers to cause a denial of service (crash) via certain forms that trigger errors related to History, possibly involving multiple form fields with the same name.
21 CVE-2007-3274 399 DoS 2007-06-19 2013-10-07
4.3
None Remote Medium Not required None None Partial
Apple Safari 3.0 and 3.0.1 on Windows XP SP2 allows attackers to cause a denial of service (application crash) via JavaScript that sets the document.location variable, as demonstrated by an empty value of document.location.
22 CVE-2007-3187 DoS Exec Code Mem. Corr. 2007-06-12 2008-11-15
7.5
User Remote Low Not required Partial Partial Partial
Multiple unspecified vulnerabilities in Apple Safari for Windows allow remote attackers to cause a denial of service or execute arbitrary code, possibly involving memory corruption, and a different issue from CVE-2007-3185 and CVE-2007-3186. NOTE: as of 20070612, the original disclosure has no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
23 CVE-2007-3185 399 DoS Mem. Corr. 2007-06-12 2008-11-15
7.8
None Remote Low Not required None None Complete
Apple Safari Beta 3.0.1 for Windows public beta allows remote attackers to cause a denial of service (crash) via unspecified DHTML manipulations that trigger memory corruption, as demonstrated using Hamachi.
24 CVE-2007-2390 DoS Exec Code Overflow 2007-05-24 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in iChat in Apple Mac OS X 10.3.9 and 10.4.9 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted UPnP Internet Gateway Device (IGD) packet.
25 CVE-2007-2386 DoS Exec Code Overflow 2007-05-24 2008-09-05
9.4
None Remote Low Not required Complete None Complete
Buffer overflow in mDNSResponder in Apple Mac OS X 10.4 up to 10.4.9 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted UPnP Internet Gateway Device (IGD) packet.
26 CVE-2007-2163 DoS 2007-04-22 2008-09-05
5.0
None Remote Low Not required None None Partial
Apple Safari allows remote attackers to cause a denial of service (browser crash) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/.
27 CVE-2007-1863 DoS 2007-06-27 2012-10-30
5.0
None Remote Low Not required None None Partial
cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
28 CVE-2007-1661 DoS +Info 2007-11-07 2013-08-19
6.4
None Remote Low Not required Partial None Partial
Perl-Compatible Regular Expression (PCRE) library before 7.3 backtracks too far when matching certain input bytes against some regex patterns in non-UTF-8 mode, which allows context-dependent attackers to obtain sensitive information or cause a denial of service (crash), as demonstrated by the "\X?\d" and "\P{L}?\d" patterns.
29 CVE-2007-1071 DoS Exec Code Overflow 2007-02-22 2008-09-05
7.8
None Remote Low Not required None None Complete
Integer overflow in the gifGetBandProc function in ImageIO in Apple Mac OS X 10.4.8 allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image that triggers the overflow during decompression. NOTE: this is a different issue than CVE-2006-3502 and CVE-2006-3503.
30 CVE-2007-1008 DoS Mem. Corr. 2007-02-19 2013-11-02
2.6
None Remote High Not required None None Partial
Apple iTunes 7.0.2 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted XML list of radio stations, which results in memory corruption. NOTE: iTunes retrieves the XML document from a static URL, which requires an attacker to perform DNS spoofing or man-in-the-middle attacks for exploitation.
31 CVE-2007-0751 DoS 2007-05-24 2008-09-05
2.1
None Local Low Not required None None Partial
A cleanup script in crontabs in Apple Mac OS X 10.3.9 and 10.4.9 might delete filesystems that have been mounted in /tmp, which might allow local users to cause a denial of service, related to the find command.
32 CVE-2007-0750 DoS Exec Code Overflow 2007-05-24 2008-09-05
9.3
Admin Remote Medium Not required Complete Complete Complete
Integer overflow in CoreGraphics in Apple Mac OS X 10.4 up to 10.4.9 allows remote user-assisted attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted PDF file.
33 CVE-2007-0735 DoS Exec Code 2007-04-24 2008-09-05
9.3
Admin Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in Libinfo in Apple Mac OS X 10.3.9 through 10.4.9 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors involving crafted web pages that trigger certain error conditions that are not properly reported in certain circumstances, resulting in accessing deallocated memory.
34 CVE-2007-0733 DoS Exec Code Mem. Corr. 2007-03-13 2008-09-05
9.3
Admin Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in ImageIO in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote user-assisted attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted RAW image that triggers memory corruption.
35 CVE-2007-0726 DoS 2007-03-13 2008-09-05
5.0
None Remote Low Not required None None Partial
The SSH key generation process in OpenSSH in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote attackers to cause a denial of service by connecting to the server before SSH has finished creating keys, which causes the keys to be regenerated and can break trust relationships that were based on the original keys.
36 CVE-2007-0718 119 DoS Exec Code Overflow Mem. Corr. 2007-03-05 2011-10-18
5.8
None Remote Medium Not required None Partial Partial
Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a QTIF file with a Video Sample Description containing a Color table ID of 0, which triggers memory corruption when QuickTime assumes that a color table exists.
37 CVE-2007-0717 DoS Exec Code Overflow 2007-03-05 2008-11-13
5.8
None Remote Medium Not required None Partial Partial
Integer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QTIF file.
38 CVE-2007-0716 DoS Exec Code Overflow 2007-03-05 2008-11-13
5.8
None Remote Medium Not required None Partial Partial
Stack-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QTIF file.
39 CVE-2007-0715 DoS Exec Code Overflow 2007-03-05 2008-11-13
5.8
None Remote Medium Not required None Partial Partial
Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PICT file.
40 CVE-2007-0714 189 DoS Exec Code Overflow 2007-03-05 2009-03-16
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QuickTime movie with a User Data Atom (UDTA) with an Atom size field with a large value.
41 CVE-2007-0713 DoS Exec Code Overflow 2007-03-05 2008-09-05
5.8
None Remote Medium Not required None Partial Partial
Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QuickTime movie file.
42 CVE-2007-0712 119 DoS Exec Code Overflow 2007-03-05 2009-03-16
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MIDI file.
43 CVE-2007-0711 189 DoS Exec Code Overflow 2007-03-05 2009-03-16
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in Apple QuickTime before 7.1.5, when installed on Windows operating systems, allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted 3GP video file.
44 CVE-2007-0710 399 DoS 2007-02-16 2008-09-05
2.1
None Local Low Not required None None Partial
The Bonjour functionality in iChat in Apple Mac OS X 10.3.9 allows remote attackers to cause a denial of service (persistent application crash) via unspecified vectors, possibly related to CVE-2007-0614.
45 CVE-2007-0647 DoS 2007-01-31 2008-09-05
7.1
None Remote Medium Not required None None Complete
Format string vulnerability in Help Viewer 3.0.0 allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in a filename, which is not properly handled when calling the NSBeginAlertSheet Apple AppKit function.
46 CVE-2007-0646 134 DoS 2007-01-31 2008-09-05
7.1
None Remote Medium Not required None None Complete
Format string vulnerability in iMovie HD 6.0.3, and Safari in Apple Mac OS X 10.4 through 10.4.10, allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in a filename, which is not properly handled when calling the NSRunCriticalAlertPanel Apple AppKit function.
47 CVE-2007-0645 DoS 2007-01-31 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
Format string vulnerability in iPhoto 6.0.5 allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in a filename, which is not properly handled when calling certain Apple AppKit functions.
48 CVE-2007-0644 DoS 2007-01-31 2008-09-05
7.1
None Remote Medium Not required None None Complete
Format string vulnerability in Apple Safari 2.0.4 (419.3) allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in filenames that are not properly handled when calling the (1) NSLog and (2) NSBeginAlertSheet Apple AppKit functions.
49 CVE-2007-0614 DoS 2007-01-31 2008-09-05
7.8
None Remote Low Not required None None Complete
The Bonjour functionality in mDNSResponder, iChat 3.1.6, and InstantMessage framework 428 in Apple Mac OS X 10.4.8 allows remote attackers to cause a denial of service (persistent application crash) via a crafted phsh hash attribute in a TXT key.
50 CVE-2007-0613 DoS 2007-01-31 2008-09-05
5.0
None Remote Low Not required None None Partial
The Bonjour functionality in mDNSResponder, iChat 3.1.6, and InstantMessage framework 428 in Apple Mac OS X 10.4.8 does not check for duplicate entries when adding newly discovered available contacts, which allows remote attackers to cause a denial of service (disrupted communication) via a flood of duplicate _presence._tcp mDNS queries.
Total number of vulnerabilities : 63   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.