CVSS: 5.8EPSS: 0%CPEs: 2EXPL: 0CVE-2008-0059
https://notcve.org/view.php?id=CVE-2008-0059
Race condition in NSXML in Foundation for Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via a crafted XML file, related to "error handling logic." Condiciones de carrera en NSXML de Foundation para Apple Mac OS X 10.4.11 permite a atacantes dependientes del contexto ejecutar código de su elección a través de un archivo XML manipulado, relacionado con "error handling logic (lógica de manipulación de error)". • http://docs.info.apple.com/article.html?artnum=307562 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://secunia.com/advisories/29420 http://www.securityfocus.com/bid/28304 http://www.securityfocus.com/bid/28367 http://www.securitytracker.com/id?1019650 http://www.us-cert.gov/cas/techalerts/TA08-079A.html http://www.vupen.com/english/advisories/2008/0924/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41296 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2008-0056
https://notcve.org/view.php?id=CVE-2008-0056
Stack-based buffer overflow in Foundation in Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via a "long pathname with an unexpected structure" that triggers the overflow in NSFileManager. Desbordamiento de búfer basado en pila en Foundation de Apple Mac OS X 10.4.11 permite a atacantes dependientes del contexto ejecutar código de su elección a través de "un nombre de ruta largo con una estructura inesperada" que dispara el desbordamiento en NSFileManager. • http://docs.info.apple.com/article.html?artnum=307562 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://secunia.com/advisories/29420 http://www.securityfocus.com/bid/28304 http://www.securityfocus.com/bid/28357 http://www.securitytracker.com/id?1019649 http://www.us-cert.gov/cas/techalerts/TA08-079A.html http://www.vupen.com/english/advisories/2008/0924/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41309 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2008-0045
https://notcve.org/view.php?id=CVE-2008-0045
Unspecified vulnerability in AFP Server in Apple Mac OS X 10.4.11 allows remote attackers to bypass cross-realm authentication via unknown manipulations of Kerberos principal realm names. Vulnerabilidad sin especificar de AFP Server en Apple Mac OS X 10.4.11, que permite a atacantes remotos evitar la identificación entre dominios (realm) a través de manipulaciones desconocidas sobre los nombres de dominio Kerberos principales. • http://docs.info.apple.com/article.html?artnum=307562 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://secunia.com/advisories/29420 http://www.securityfocus.com/bid/28304 http://www.securityfocus.com/bid/28323 http://www.securitytracker.com/id?1019642 http://www.us-cert.gov/cas/techalerts/TA08-079A.html http://www.vupen.com/english/advisories/2008/0924/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41318 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2008-0046
https://notcve.org/view.php?id=CVE-2008-0046
The Application Firewall in Apple Mac OS X 10.5.2 has an incorrect German translation for the "Set access for specific services and applications" radio button that might cause the user to believe that the button is used to restrict access only to specific services and applications, which might allow attackers to bypass intended access restrictions. La Application Firewall en Apple Mac OS X 10.5.2 tiene una traducción al alemán incorrecta para el botón de radio "Permitir acceso para servicios y aplicaciones concretas" -Set access for specific services and applications- lo que puede provocar que el usuario crea que el botón sirve para restringir el acceso sólo a determinados servicios y aplicaciones; esto puede permitir a los atacantes evitar las restricciones de acceso pretendidas. • http://docs.info.apple.com/article.html?artnum=307562 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://secunia.com/advisories/29420 http://www.securityfocus.com/bid/28304 http://www.securityfocus.com/bid/28368 http://www.securitytracker.com/id?1019658 http://www.us-cert.gov/cas/techalerts/TA08-079A.html http://www.vupen.com/english/advisories/2008/0924/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41317 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 1%CPEs: 2EXPL: 0CVE-2008-0050
https://notcve.org/view.php?id=CVE-2008-0050
CFNetwork in Apple Mac OS X 10.4.11 allows remote HTTPS proxy servers to spoof secure websites via data in a 502 Bad Gateway error. CFNetwork en Apple Mac OS X versión 10.4.11, permite que los servidores proxy HTTPS remotos falsifiquen sitios web seguros por medio de datos en un error 502 Bad Gateway. • http://docs.info.apple.com/article.html?artnum=307562 http://docs.info.apple.com/article.html?artnum=307563 http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://secunia.com/advisories/29420 http://secunia.com/advisories/31074 http://www.securityfocus.com/bid/28290 http://www.securityfocus.com/bid/28356 http://www.securitytracker.com/id?1019655 http://www.us-cert.gov/cas/te • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •