CVSS: 9.3EPSS: 4%CPEs: 8EXPL: 0CVE-2008-1031
https://notcve.org/view.php?id=CVE-2008-1031
02 Jun 2008 — CoreGraphics in Apple Mac OS X before 10.5.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document, related to an uninitialized variable. CoreGraphics en Apple Mac OS X versiones anteriores a 10.5.3, permite a los atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (bloqueo de aplicación) por medio de un documento PDF especialmente diseñado, relacionado con una variable no inicializada. • http://lists.apple.com/archives/security-announce/2008//May/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2008-1572
https://notcve.org/view.php?id=CVE-2008-1572
02 Jun 2008 — Image Capture in Apple Mac OS X before 10.5 does not properly use temporary files, which allows local users to overwrite arbitrary files, and display images that are being resized by this application. Image Capture en Apple Mac OS X versiones anteriores a 10.5, no utiliza apropiadamente los archivos temporales, lo que permite a los usuarios locales sobrescribir archivos arbitrarios y desplegar imágenes que están siendo redimensionadas por ésta aplicación. • http://lists.apple.com/archives/security-announce/2008//May/msg00001.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.1EPSS: 2%CPEs: 8EXPL: 0CVE-2008-1573
https://notcve.org/view.php?id=CVE-2008-1573
02 Jun 2008 — The BMP and GIF image decoding engine in ImageIO in Apple Mac OS X before 10.5.3 allows remote attackers to obtain sensitive information (memory contents) via a crafted (1) BMP or (2) GIF image, which causes an out-of-bounds read. El motor de decodificación de imágenes BMP y GIF en ImageIO en Apple Mac OS X versiones anteriores a 10.5.3, permite a los atacantes remotos obtener información confidencial (contenido de memoria) por medio de una imagen (1) BMP o (2) GIF diseñada, lo que causa una lectura fuera d... • http://lists.apple.com/archives/security-announce/2008//Jun/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 14%CPEs: 8EXPL: 0CVE-2008-1574
https://notcve.org/view.php?id=CVE-2008-1574
02 Jun 2008 — Integer overflow in ImageIO in Apple Mac OS X before 10.5.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG2000 image that triggers a heap-based buffer overflow. Un desbordamiento de enteros en ImageIO en Apple Mac OS X versiones anteriores a 10.5.3, permite a los atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (bloqueo de aplicación) por medio de una imagen JPEG2000 diseñada que desencadena un desbordamie... • http://lists.apple.com/archives/security-announce/2008//May/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 5%CPEs: 9EXPL: 0CVE-2008-1036 – ICU: Invalid character sequences omission during conversion of some character encodings (XSS attack possible)
https://notcve.org/view.php?id=CVE-2008-1036
02 Jun 2008 — The International Components for Unicode (ICU) library in Apple Mac OS X before 10.5.3, Red Hat Enterprise Linux 5, and other operating systems omits some invalid character sequences during conversion of some character encodings, which might allow remote attackers to conduct cross-site scripting (XSS) attacks. La biblioteca International Components for Unicode (ICU) en Apple Mac OS X versiones anteriores a 10.5.3, Red Hat Enterprise Linux versión 5 y otros sistemas operativos, omite algunas secuencias de ca... • http://lists.apple.com/archives/security-announce/2008//May/msg00001.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 8%CPEs: 2EXPL: 0CVE-2008-1028
https://notcve.org/view.php?id=CVE-2008-1028
02 Jun 2008 — Unspecified vulnerability in AppKit in Apple Mac OS X before 10.5 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document file, as demonstrated by opening the document with TextEdit. Una vulnerabilidad no especificada en AppKit en Apple Mac OS X versiones anteriores a 10.5, permite a los atacantes remotos asistidos por el usuario ejecutar código arbitrario o causar una denegación de servicio (bloqueo de aplicación) por medio de ... • http://lists.apple.com/archives/security-announce/2008//May/msg00001.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2008-1571
https://notcve.org/view.php?id=CVE-2008-1571
02 Jun 2008 — Directory traversal vulnerability in the embedded web server in Image Capture in Apple Mac OS X before 10.5 allows remote attackers to read arbitrary files via directory traversal sequences in the URI. Una vulnerabilidad de salto de directorio en el servidor web incorporado en Image Capture en Apple Mac OS X versiones anteriores a 10.5, permite a los atacantes remotos leer archivos arbitrarios por medio de secuencias de salto de directorio en el URI. • http://lists.apple.com/archives/security-announce/2008//May/msg00001.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.3EPSS: 1%CPEs: 8EXPL: 0CVE-2008-1579
https://notcve.org/view.php?id=CVE-2008-1579
02 Jun 2008 — Wiki Server in Apple Mac OS X 10.5 before 10.5.3 allows remote attackers to obtain sensitive information (user names) by reading the error message produced upon access to a nonexistent blog. Wiki Server en Apple Mac OS X versiones 10.5 anteriores a 10.5.3, permite a los atacantes remotos obtener información confidencial (nombres de usuario) mediante la lectura del mensaje de error producido al acceder a un blog inexistente. • http://lists.apple.com/archives/security-announce/2008//May/msg00001.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 3%CPEs: 6EXPL: 0CVE-2008-1575
https://notcve.org/view.php?id=CVE-2008-1575
02 Jun 2008 — Unspecified vulnerability in the Apple Type Services (ATS) server in Apple Mac OS X 10.5 before 10.5.3 allows user-assisted remote attackers to execute arbitrary code via a crafted embedded font in a PDF document, related to memory corruption that occurs during printing. Una vulnerabilidad no especificada en el servidor Apple Type Services (ATS) en Apple Mac OS X versiones 10.5 anteriores a 10.5.3, permite a los atacantes remotos asistidos por el usuario ejecutar código arbitrario por medio de una fuente di... • http://lists.apple.com/archives/security-announce/2008//May/msg00001.html • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 3%CPEs: 8EXPL: 0CVE-2008-1032
https://notcve.org/view.php?id=CVE-2008-1032
02 Jun 2008 — Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.5.3 allows user-assisted remote attackers to execute arbitrary code via an (1) Automator, (2) Help, (3) Safari, or (4) Terminal content type for a downloadable object, which does not trigger a "potentially unsafe" warning message in (a) the Download Validation feature in Mac OS X 10.4 or (b) the Quarantine feature in Mac OS X 10.5. Una vulnerabilidad de lista negra incompleta en CoreTypes en Apple Mac OS X versiones anteriores a 10.... • http://lists.apple.com/archives/security-announce/2008//May/msg00001.html •