CVSS: 7.8EPSS: 0%CPEs: 24EXPL: 0CVE-2008-2308
https://notcve.org/view.php?id=CVE-2008-2308
01 Jul 2008 — Unspecified vulnerability in Alias Manager in Apple Mac OS X 10.5.1 and earlier on Intel platforms allows local users to gain privileges or cause a denial of service (memory corruption and application crash) by resolving an alias that contains crafted AFP volume mount information. Vulnerabilidad sin especificar en Alias Manager en Apple Mac OS X 10.5.1 y versiones anteriores sobre plataformas Intel, permite a usuarios locales obtener provilegios o provocar una denegación de servicio (caída de aplicación o c... • http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 2CVE-2008-2830 – Apple Mac OSX 10.x - Applescript ARDAgent Shell Privilege Escalation
https://notcve.org/view.php?id=CVE-2008-2830
23 Jun 2008 — Open Scripting Architecture in Apple Mac OS X 10.4.11 and 10.5.4, and some other 10.4 and 10.5 versions, does not properly restrict the loading of scripting addition plugins, which allows local users to gain privileges via scripting addition commands to a privileged application, as originally demonstrated by an osascript tell command to ARDAgent. Open Scripting Architecture en Mac OS X de Apple versiones 10.4.11 y 10.5.4, y algunas otras versiones 10.4 y 10.5, no restringe apropiadamente la carga de plugins... • https://www.exploit-db.com/exploits/31940 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 31%CPEs: 60EXPL: 0CVE-2008-2307
https://notcve.org/view.php?id=CVE-2008-2307
23 Jun 2008 — Unspecified vulnerability in WebKit in Apple Safari before 3.1.2, as distributed in Mac OS X before 10.5.4, and standalone for Windows and Mac OS X 10.4, allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors involving JavaScript arrays that trigger memory corruption. Una vulnerabilidad no especificada en WebKit en Apple Safari anterior a la versión 3.1.2, distribuida en Mac OS X anterior a la versión 10.5.4, e independiente para Windows y Mac OS X ver... • http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 1%CPEs: 8EXPL: 0CVE-2008-1030
https://notcve.org/view.php?id=CVE-2008-1030
02 Jun 2008 — Integer overflow in the CFDataReplaceBytes function in the CFData API in CoreFoundation in Apple Mac OS X before 10.5.3 allows context-dependent attackers to execute arbitrary code or cause a denial of service (crash) via an invalid length argument, which triggers a heap-based buffer overflow. Un desbordamiento de enteros en la función CFDataReplaceBytes en la API CFData en CoreFoundation en Apple Mac OS X versiones anteriores a 10.5.3, permite a los atacantes dependiendo del contexto ejecutar código arbitr... • http://lists.apple.com/archives/security-announce/2008//May/msg00001.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2008-1580
https://notcve.org/view.php?id=CVE-2008-1580
02 Jun 2008 — CFNetwork in Safari in Apple Mac OS X before 10.5.3 automatically sends an SSL client certificate in response to a web server's certificate request, which allows remote web sites to obtain sensitive information (Subject data) from personally identifiable certificates, and use arbitrary certificates to track user activities across domains, a related issue to CVE-2007-4879. CFNetwork en Safari en Apple Mac OS X versiones anteriores a 10.5.3, envía automáticamente un certificado de cliente SSL en respuesta a l... • http://lists.apple.com/archives/security-announce/2008//May/msg00001.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 4%CPEs: 8EXPL: 0CVE-2008-1577
https://notcve.org/view.php?id=CVE-2008-1577
02 Jun 2008 — Unspecified vulnerability in the Pixlet codec in Apple Pixlet Video in Apple Mac OS X before 10.5.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file, related to "multiple memory corruption issues." Una vulnerabilidad no especificada en el códec Pixlet en Apple Pixlet Video en Apple Mac OS X versiones anteriores a 10.5.3, permite a los atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (bloqueo de aplicac... • http://lists.apple.com/archives/security-announce/2008//May/msg00001.html •
CVSS: 9.1EPSS: 8%CPEs: 5EXPL: 0CVE-2008-1576
https://notcve.org/view.php?id=CVE-2008-1576
02 Jun 2008 — Mail in Apple Mac OS X before 10.5, when an IPv6 SMTP server is used, does not properly initialize memory, which might allow remote attackers to execute arbitrary code or cause a denial of service (application crash), or obtain sensitive information (memory contents) in opportunistic circumstances, by sending an e-mail message. Mail en Apple Mac OS X versiones anteriores a 10.5, cuando un servidor IPv6 SMTP es usado, no inicializa correctamente la memoria, lo que podría permitir a los atacantes remotos ejec... • http://lists.apple.com/archives/security-announce/2008//May/msg00001.html • CWE-399: Resource Management Errors •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2008-1578
https://notcve.org/view.php?id=CVE-2008-1578
02 Jun 2008 — The sso_util program in Single Sign-On in Apple Mac OS X before 10.5.3 places passwords on the command line, which allows local users to obtain sensitive information by listing the process. El programa sso_util en Single Sign-On en Apple Mac OS X versiones anteriores a 10.5.3, coloca las contraseñas en la línea de comando, lo que permite a los usuarios locales obtener información confidencial mediante la enumeración de los procesos. • http://lists.apple.com/archives/security-announce/2008//May/msg00001.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 15%CPEs: 5EXPL: 0CVE-2008-1034
https://notcve.org/view.php?id=CVE-2008-1034
02 Jun 2008 — Integer underflow in Help Viewer in Apple Mac OS X before 10.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted help:topic URL that triggers a buffer overflow. Un desbordamiento de enteros en Help Viewer en Apple Mac OS X versiones anteriores a 10.5, permite a los atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (bloqueo de aplicación) por medio de una URL help:topic que desencadena un desbordamiento de búfer. • http://lists.apple.com/archives/security-announce/2008//May/msg00001.html • CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 1%CPEs: 8EXPL: 0CVE-2008-1027
https://notcve.org/view.php?id=CVE-2008-1027
02 Jun 2008 — Apple Filing Protocol (AFP) Server in Apple Mac OS X before 10.5.3 does not verify that requested files and directories are inside shared folders, which allows remote attackers to read arbitrary files via unspecified AFP traffic. Apple Filing Protocol (AFP) Server en Apple Mac OS X versiones anteriores a 10.5.3, no comprueba que los archivos y directorios solicitados estén dentro de carpetas compartidas, lo que permite a los atacantes remotos leer archivos arbitrarios por medio de tráfico AFP no especificad... • http://lists.apple.com/archives/security-announce/2008//May/msg00001.html • CWE-264: Permissions, Privileges, and Access Controls •