Apple : Security Vulnerabilities, CVEs, Published In January 2008 (Code Execution)
Buffer overflow in Apple Quicktime Player 7.3.1.70 and other versions before 7.4.1, when RTSP tunneling is enabled, allows remote attackers to execute arbitrary code via a long Reason-Phrase response to an rtsp:// request, as demonstrated using a 404 error message.
Max CVSS
9.3
EPSS Score
75.91%
Published
2008-01-11
Updated
2018-10-15
CVE-2008-0226
Public exploit
Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) "input_buffer& operator>>" in yassl_imp.cpp.
Max CVSS
7.5
EPSS Score
97.45%
Published
2008-01-10
Updated
2019-12-17
Buffer overflow in Apple QuickTime before 7.4 allows remote attackers to execute arbitrary code via a crafted compressed PICT image, which triggers the overflow during decoding.
Max CVSS
6.8
EPSS Score
7.18%
Published
2008-01-16
Updated
2017-08-08
Unspecified vulnerability in Foundation, as used in Apple iPhone 1.0 through 1.1.2, iPod touch 1.1 through 1.1.2, and Mac OS X 10.5 through 10.5.1, allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted URL that triggers memory corruption in Safari.
Max CVSS
6.8
EPSS Score
9.55%
Published
2008-01-16
Updated
2022-08-09
Unspecified vulnerability in Apple QuickTime before 7.4 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a movie file with Image Descriptor (IDSC) atoms containing an invalid atom size, which triggers memory corruption.
Max CVSS
9.3
EPSS Score
70.61%
Published
2008-01-16
Updated
2018-10-15
Apple QuickTime before 7.4 allows remote attackers to execute arbitrary code via a movie file containing a Macintosh Resource record with a modified length value in the resource header, which triggers heap corruption.
Max CVSS
5.8
EPSS Score
9.87%
Published
2008-01-16
Updated
2017-08-08
Unspecified vulnerability in Apple QuickTime before 7.4 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted Sorenson 3 video file, which triggers memory corruption.
Max CVSS
5.8
EPSS Score
5.48%
Published
2008-01-16
Updated
2017-08-08
The XInput extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via requests related to byte swapping and heap corruption within multiple functions, a different vulnerability than CVE-2007-4990.
Max CVSS
9.3
EPSS Score
0.71%
Published
2008-01-18
Updated
2020-11-20
8 vulnerabilities found