CVSS: 7.5EPSS: 2%CPEs: 2EXPL: 0CVE-2008-0037
https://notcve.org/view.php?id=CVE-2008-0037
12 Feb 2008 — X11 in Apple Mac OS X 10.5 through 10.5.1 does not properly handle when the "Allow connections from network client" preference is disabled, which allows remote attackers to bypass intended access restrictions and connect to the X server. X11 en Apple Mac OS X 10.5 hasta 10.5.1 no gestiona correctamente cuando la preferencia "Allow connections from network client" está desactivada, lo que permite a atacantes remotos evitar restricciones de acceso intencionadas y conectar con el servidor X. • http://docs.info.apple.com/article.html?artnum=307430 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 0CVE-2008-0039
https://notcve.org/view.php?id=CVE-2008-0039
12 Feb 2008 — Unspecified vulnerability in Mail in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary commands via a crafted file:// URL. Vulnerabilidad sin especificar en Apple Mail de Mac OS X 10.4.11 permite a atacantes remotos ejecutar comandos de su elección a través de un file:// URL manipulado. • http://docs.info.apple.com/article.html?artnum=307430 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 1%CPEs: 2EXPL: 0CVE-2008-0041
https://notcve.org/view.php?id=CVE-2008-0041
12 Feb 2008 — Parental Controls in Apple Mac OS X 10.5 through 10.5.1 contacts www.apple.com "when a website is unblocked," which allows remote attackers to determine when a system is running Parental Controls. Control Parental en Apple Mac OS X 10.5 hasta 10.5.1 contacta con www.apple.com "cuando un sitio web es desbloqueado", lo que permite a atacantes remotos determinar cuando un sistema esta ejecutando el Control Parental. • http://docs.info.apple.com/article.html?artnum=307430 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 7%CPEs: 22EXPL: 0CVE-2007-6427 – xfree86: memory corruption via XInput extension
https://notcve.org/view.php?id=CVE-2007-6427
18 Jan 2008 — The XInput extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via requests related to byte swapping and heap corruption within multiple functions, a different vulnerability than CVE-2007-4990. La extensión XInput de X.Org Xserver versiones anteriores a 1.4.1 permite a atacantes locales o remotos dependientes del contexto ejecutar código de su elección mediante peticiones relativas al intercambio de bytes y corrupción de cabecera dentro d múltiples funciones,... • http://bugs.gentoo.org/show_bug.cgi?id=204362 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 25%CPEs: 12EXPL: 0CVE-2008-0035
https://notcve.org/view.php?id=CVE-2008-0035
16 Jan 2008 — Unspecified vulnerability in Foundation, as used in Apple iPhone 1.0 through 1.1.2, iPod touch 1.1 through 1.1.2, and Mac OS X 10.5 through 10.5.1, allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted URL that triggers memory corruption in Safari. Una vulnerabilidad no especificada en Foundation, como es usado en Apple iPhone versiones 1.0 hasta 1.1.2, iPod touch versiones 1.1 hasta 1.1.2 y Mac OS X versiones 10.5 hasta 10.5.1, permite a los ... • http://docs.info.apple.com/article.html?artnum=307302 • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 97%CPEs: 75EXPL: 3CVE-2008-0226 – MySQL 6.0 yaSSL 1.7.5 - Hello Message Buffer Overflow
https://notcve.org/view.php?id=CVE-2008-0226
10 Jan 2008 — Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) "input_buffer& operator>>" in yassl_imp.cpp. Múltiples desbordamientos de búfer en yaSSL 1.7.5 y anteriores, como el utilizado en MySQL y posiblemente otros productos, permite a atacantes remotos ejecutar código de su elección mediante (1) la función ProcessOldClientHello en handshake.cpp o (2) ... • https://www.exploit-db.com/exploits/9953 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2007-5848
https://notcve.org/view.php?id=CVE-2007-5848
19 Dec 2007 — Buffer overflow in CUPS in Apple Mac OS X 10.4.11 allows local admin users to execute arbitrary code via a crafted URI to the CUPS service. Desbordamiento de búfer en CUPS de Apple Mac OS X 10.4.11 permite a usuarios administradores locales ejecutar código de su elección mediante un URI manipulado en el servicio CUPS. • http://docs.info.apple.com/article.html?artnum=307179 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2007-5861
https://notcve.org/view.php?id=CVE-2007-5861
19 Dec 2007 — Unspecified vulnerability in Spotlight in Apple Mac OS X 10.4.11 allows user-assisted attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted .XLS file that triggers memory corruption in the Microsoft Office Spotlight Importer. Vulnerabilidad no especificada en Spotlight en Apple Mac OS X 10.4.11 permite a atacantes con la intervención de un usuario en provocar denegación de servico (fin de la aplicación) o ejecutar código de su elección a través de un archiv... • http://docs.info.apple.com/article.html?artnum=307179 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 91%CPEs: 2EXPL: 1CVE-2007-5863 – Apple Mac OSX Software Update - Command Execution
https://notcve.org/view.php?id=CVE-2007-5863
19 Dec 2007 — Software Update in Apple Mac OS X 10.5.1 allows remote attackers to execute arbitrary commands via a man-in-the-middle (MITM) attack between the client and the server, using a modified distribution definition file with the "allow-external-scripts" option. Software Update en Apple Mac OS X 10.5.1 permite a atacantes remotos ejecutar comandos mediante un ataque de hombre-en-medio (man-in-the-middle o MITM) entre el cliente y el servidor, usando un archivo de definición de distribución modificado con la opción... • https://www.exploit-db.com/exploits/16867 • CWE-310: Cryptographic Issues •
CVSS: 6.1EPSS: 16%CPEs: 12EXPL: 0CVE-2007-5858
https://notcve.org/view.php?id=CVE-2007-5858
19 Dec 2007 — WebKit in Safari in Apple Mac OS X 10.4.11 and 10.5.1, iPhone 1.0 through 1.1.2, and iPod touch 1.1 through 1.1.2 allows remote attackers to "navigate the subframes of any other page," which can be leveraged to conduct cross-site scripting (XSS) attacks and obtain sensitive information. WebKit en Safari en Apple Mac OS X versiones 10.4.11 y 10.5.1, iPhone versiones 1.0 hasta 1.1.2, y iPod touch versiones 1.1 hasta 1.1.2, permite a los atacantes remotos "navigate the subframes of any other page", lo que se p... • http://docs.info.apple.com/article.html?artnum=307178 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •