CVSS: 9.3EPSS: 11%CPEs: 6EXPL: 0CVE-2008-3637
https://notcve.org/view.php?id=CVE-2008-3637
26 Sep 2008 — The Hash-based Message Authentication Code (HMAC) provider in Java on Apple Mac OS X 10.4.11, 10.5.4, and 10.5.5 uses an uninitialized variable, which allows remote attackers to execute arbitrary code via a crafted applet, related to an "error checking issue." El proveedor Hash-based Message Authentication Code en Java on Apple Mac OS X v10.4.11, 10.5.4 y 10.5.5 emplea una variable sin inicializar, esto permite a atacantes remotos ejecutar código de su elección a través de un applet manipulado, relacionado ... • http://lists.apple.com/archives/security-announce//2008/Sep/msg00007.html • CWE-665: Improper Initialization •
CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0CVE-2008-3638
https://notcve.org/view.php?id=CVE-2008-3638
26 Sep 2008 — Java on Apple Mac OS X 10.5.4 and 10.5.5 does not prevent applets from accessing file:// URLs, which allows remote attackers to execute arbitrary programs. Java sobre Apple Mac OS X v10.5.4 y v10.5.5 no evita el acceso de los applets a URL's del tipo "file://, lo que permite a atacantes remotos ejecutar programas de su elección. • http://lists.apple.com/archives/security-announce//2008/Sep/msg00007.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.2EPSS: 0%CPEs: 10EXPL: 0CVE-2008-3609
https://notcve.org/view.php?id=CVE-2008-3609
16 Sep 2008 — The kernel in Apple Mac OS X 10.5 through 10.5.4 does not properly flush cached credentials during recycling (aka purging) of a vnode, which might allow local users to bypass the intended read or write permissions of a file. kernel en Apple Mac OS X 10.5 a la 10.5.4 no limpia adecuadamente las credenciales cacheadas durante el reciclaje (también conocido como purgado) de un "vnode", lo que permite a usuarios locales evitar los permisos de lectura y escritura establecidos de manera previa. • http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2008-2312
https://notcve.org/view.php?id=CVE-2008-2312
16 Sep 2008 — Network Preferences in Apple Mac OS X 10.4.11 stores PPP passwords in cleartext in a world-readable file, which allows local users to obtain sensitive information by reading this file. Network Preferences en Apple Mac OS X 10.4.11, almacena contraseñas PPP en texto planto en un fichero de "lectura por todos", lo que permite a usuarios locales obtener información sensible mediante la lectura de este fichero. • http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html • CWE-255: Credentials Management Errors •
CVSS: 9.3EPSS: 0%CPEs: 12EXPL: 0CVE-2008-3608
https://notcve.org/view.php?id=CVE-2008-3608
16 Sep 2008 — ImageIO in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a crafted JPEG image with an embedded ICC profile. ImageIO en Apple Mac OS X 10.4.11 y 10.5 a la v10.5.4, permite a atacantes dependientes de contexto provocar una denegación de servicio (corrupción de memoria y caída de aplicación) o ejecutar código de su elección a través de una imagen JPG manipulada con un perfill... • http://lists.apple.com/archives/security-announce//2008/Nov/msg00001.html • CWE-399: Resource Management Errors •
CVSS: 9.0EPSS: 0%CPEs: 5EXPL: 0CVE-2008-3618
https://notcve.org/view.php?id=CVE-2008-3618
16 Sep 2008 — The File Sharing pane in the Sharing preference pane in Apple Mac OS X 10.5 through 10.5.4 does not inform users that the complete contents of their own home directories are shared for their own use, which might allow attackers to leverage other vulnerabilities and access files for which sharing was unintended. El Panel File Sharing en las preferencias Sharing en Apple Mac OS X 10.5 a la v10.5.4, no informa a los usuarios del contenido completo de que su directorio personal está siendo compartido para uso p... • http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.3EPSS: 0%CPEs: 10EXPL: 0CVE-2008-2329
https://notcve.org/view.php?id=CVE-2008-2329
16 Sep 2008 — Directory Services in Apple Mac OS X 10.5 through 10.5.4, when Active Directory is used, allows attackers to enumerate user names via wildcard characters in the Login Window. Directory Services en Mac OS X de Apple versiones 10.5 hasta 10.5.4, cuando es usado Active Directory, permite a los atacantes enumerar los nombres de usuario por medio de caracteres comodín (o wildcard) en la Ventana de Inicio de Sesión. • http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 10EXPL: 0CVE-2008-3622
https://notcve.org/view.php?id=CVE-2008-3622
16 Sep 2008 — Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac OS X 10.5 through 10.5.4 allows remote attackers to inject arbitrary web script or HTML via an e-mail message that reaches a mailing-list archive, aka "persistent JavaScript injection." Vulnerabilidad de ejecución de comandos en sitios cruzados en Wiki Server en Apple Mac OS X 10.5 a la v10.5.4, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de un mensaje de e-mail que llega al archivo "maili... • http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 10EXPL: 0CVE-2008-2331
https://notcve.org/view.php?id=CVE-2008-2331
16 Sep 2008 — Finder in Apple Mac OS X 10.5 through 10.5.4 does not properly update permission data in the Get Info window after a lock operation that modifies Sharing & Permissions in a filesystem, which might allow local users to leverage weak permissions that were not intended by an administrator. Finder en Apple Mac OS X 10.5 a la 10.5.4 no actualiza adecuadamente los permisos en la ventana "Get Info" después de una operación "Lock" (bloqueada) que modifica los permisos de Sharing & Permissions en el sistema de fiche... • http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 0%CPEs: 12EXPL: 0CVE-2008-3616
https://notcve.org/view.php?id=CVE-2008-3616
16 Sep 2008 — Multiple integer overflows in the SearchKit API in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allow context-dependent attackers to cause a denial of service (application crash) or execute arbitrary code via vectors associated with "passing untrusted input" to unspecified API functions. Múltiples desbordamientos de entero en SearchKit API en Apple Mac OS X 10.4.11 y 10.5 a la v10.5.4, permiten a atacantes dependientes de contexto provocar una denegación de servicio (caída de aplicación) o ejecutar código... • http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html • CWE-189: Numeric Errors •