CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2008-0046
https://notcve.org/view.php?id=CVE-2008-0046
18 Mar 2008 — The Application Firewall in Apple Mac OS X 10.5.2 has an incorrect German translation for the "Set access for specific services and applications" radio button that might cause the user to believe that the button is used to restrict access only to specific services and applications, which might allow attackers to bypass intended access restrictions. La Application Firewall en Apple Mac OS X 10.5.2 tiene una traducción al alemán incorrecta para el botón de radio "Permitir acceso para servicios y aplicaciones ... • http://docs.info.apple.com/article.html?artnum=307562 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 2%CPEs: 2EXPL: 0CVE-2008-0997
https://notcve.org/view.php?id=CVE-2008-0997
18 Mar 2008 — Stack-based buffer overflow in AppKit in Apple Mac OS X 10.4.11 allows user-assisted remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted PostScript Printer Description (PPD) file that is not properly handled when querying a network printer. Desbordamiento de búfer basado en pila de AppKit en Apple Mac OS X 10.4.11, permite a atacantes remotos ayudados por el usuario provocar una denegación de servicio (caída de aplicación) y ejecutar código de su ... • http://docs.info.apple.com/article.html?artnum=307562 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.1EPSS: 2%CPEs: 2EXPL: 0CVE-2008-0045
https://notcve.org/view.php?id=CVE-2008-0045
18 Mar 2008 — Unspecified vulnerability in AFP Server in Apple Mac OS X 10.4.11 allows remote attackers to bypass cross-realm authentication via unknown manipulations of Kerberos principal realm names. Vulnerabilidad sin especificar de AFP Server en Apple Mac OS X 10.4.11, que permite a atacantes remotos evitar la identificación entre dominios (realm) a través de manipulaciones desconocidas sobre los nombres de dominio Kerberos principales. • http://docs.info.apple.com/article.html?artnum=307562 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 1%CPEs: 2EXPL: 0CVE-2008-0050
https://notcve.org/view.php?id=CVE-2008-0050
18 Mar 2008 — CFNetwork in Apple Mac OS X 10.4.11 allows remote HTTPS proxy servers to spoof secure websites via data in a 502 Bad Gateway error. CFNetwork en Apple Mac OS X versión 10.4.11, permite que los servidores proxy HTTPS remotos falsifiquen sitios web seguros por medio de datos en un error 502 Bad Gateway. • http://docs.info.apple.com/article.html?artnum=307562 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 2%CPEs: 198EXPL: 0CVE-2008-1146
https://notcve.org/view.php?id=CVE-2008-1146
04 Mar 2008 — A certain pseudo-random number generator (PRNG) algorithm that uses XOR and 3-bit random hops (aka "Algorithm X3"), as used in OpenBSD 2.8 through 4.2, allows remote attackers to guess sensitive values such as DNS transaction IDs by observing a sequence of previously generated values. NOTE: this issue can be leveraged for attacks such as DNS cache poisoning against OpenBSD's modification of BIND. Cierto algoritmo generador de números pseudo-aleatorios(PRNG) que usa XOR y alterna en saltos de 3-bit (también ... • http://secunia.com/advisories/28819 •
CVSS: 7.5EPSS: 2%CPEs: 198EXPL: 0CVE-2008-1147
https://notcve.org/view.php?id=CVE-2008-1147
04 Mar 2008 — A certain pseudo-random number generator (PRNG) algorithm that uses XOR and 2-bit random hops (aka "Algorithm X2"), as used in OpenBSD 2.6 through 3.4, Mac OS X 10 through 10.5.1, FreeBSD 4.4 through 7.0, and DragonFlyBSD 1.0 through 1.10.1, allows remote attackers to guess sensitive values such as IP fragmentation IDs by observing a sequence of previously generated values. NOTE: this issue can be leveraged for attacks such as injection into TCP packets and OS fingerprinting. Cierto algoritmo generador de n... • http://seclists.org/bugtraq/2008/Feb/0052.html •
CVSS: 7.5EPSS: 2%CPEs: 198EXPL: 0CVE-2008-1148
https://notcve.org/view.php?id=CVE-2008-1148
04 Mar 2008 — A certain pseudo-random number generator (PRNG) algorithm that uses ADD with 0 random hops (aka "Algorithm A0"), as used in OpenBSD 3.5 through 4.2 and NetBSD 1.6.2 through 4.0, allows remote attackers to guess sensitive values such as (1) DNS transaction IDs or (2) IP fragmentation IDs by observing a sequence of previously generated values. NOTE: this issue can be leveraged for attacks such as DNS cache poisoning, injection into TCP packets, and OS fingerprinting. Cierto algoritmo generador de números pseu... • http://secunia.com/advisories/28819 •
CVSS: 9.8EPSS: 2%CPEs: 3EXPL: 0CVE-2008-0042
https://notcve.org/view.php?id=CVE-2008-0042
12 Feb 2008 — Argument injection vulnerability in Terminal.app in Terminal in Apple Mac OS X 10.4.11 and 10.5 through 10.5.1 allows remote attackers to execute arbitrary code via unspecified URL schemes. Vulnerabilidad de inyección de argumentos en Terminal.app de Terminal en Apple Mac OS X 10.4.11 y de 10.5 a 10.5.1 permite a atacantes remotos ejecutar código de su elección a través de esquemas URL no especificados. • http://docs.info.apple.com/article.html?artnum=307430 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 5%CPEs: 2EXPL: 0CVE-2008-0040
https://notcve.org/view.php?id=CVE-2008-0040
12 Feb 2008 — Unspecified vulnerability in NFS in Apple Mac OS X 10.5 through 10.5.1 allows remote attackers to cause a denial of service (system shutdown) or execute arbitrary code via unknown vectors related to mbuf chains that trigger memory corruption. Vulnerabilidad no especificada en NFS de Apple Mac OS X 10.5 hasta 10.5.1 permite a atacantes remotos provocar una denegación de servicio (apagado de sistema) o ejecutar código de su elección a través de vectores no conocidos relacionados a cadenas mbuf que disparan un... • http://docs.info.apple.com/article.html?artnum=307430 • CWE-399: Resource Management Errors •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2008-0038
https://notcve.org/view.php?id=CVE-2008-0038
12 Feb 2008 — Launch Services in Apple Mac OS X 10.5 through 10.5.1 allows an uninstalled application to be launched if it is in a Time Machine backup, which might allow local users to bypass intended security restrictions or exploit vulnerabilities in the application. Launch Services en Apple Mac OS X 10.5 a 10.5.1 permiten a una aplicación no instalada ser lanzada si se encuentra en una copia de seguridad de Time Machine; esto puede permitir a usuarios locales evitar restricciones de seguridad intencionadas o explotar ... • http://docs.info.apple.com/article.html?artnum=307430 • CWE-264: Permissions, Privileges, and Access Controls •