CVSS: 9.8EPSS: 3%CPEs: 30EXPL: 0CVE-2008-2309
https://notcve.org/view.php?id=CVE-2008-2309
01 Jul 2008 — Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.5.4 allows user-assisted remote attackers to execute arbitrary code via a (1) .xht or (2) .xhtm file, which does not trigger a "potentially unsafe" warning message in (a) the Download Validation feature in Mac OS X 10.4 or (b) the Quarantine feature in Mac OS X 10.5. Vulnerabilidad de lista negra incompleta en CoreTypes en Apple Mac OS X anterior a 10.5.4, permite a atacantes asistidos por el usuario ejecutar código de su elección a... • http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.8EPSS: 0%CPEs: 30EXPL: 0CVE-2008-2314
https://notcve.org/view.php?id=CVE-2008-2314
01 Jul 2008 — Dock in Apple Mac OS X 10.5 before 10.5.4, when Exposé hot corners is enabled, allows physically proximate attackers to gain access to a locked session in (1) sleep mode or (2) screen saver mode via unspecified vectors. Dock en Apple Mac OS X 10.5 anterior a la versión 10.5.4, cuando las zonas activas de Exposé están habilitadas, permite a los atacantes físicamente próximos obtener acceso a una sesión bloqueada en (1) modo de suspensión o (2) modo de protector de pantalla a través de vectores no especificad... • http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.1EPSS: 5%CPEs: 30EXPL: 0CVE-2008-2311
https://notcve.org/view.php?id=CVE-2008-2311
01 Jul 2008 — Launch Services in Apple Mac OS X before 10.5, when Open Safe Files is enabled, allows remote attackers to execute arbitrary code via a symlink attack, probably related to a race condition and automatic execution of a downloaded file. Ejecución de servicios en Apple MAc OS X anterior a 10.5, cuando Open Safe Files está activado, permite a atacantes remotos ejecutar código de su elección a través de un ataque de enlace simbólico, probablemente en relación con una condición de carrera y la ejecución automátic... • http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 30EXPL: 0CVE-2008-2310
https://notcve.org/view.php?id=CVE-2008-2310
01 Jul 2008 — Format string vulnerability in c++filt in Apple Mac OS X 10.5 before 10.5.4 allows user-assisted attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string in (1) C++ or (2) Java source code. Vulnerabilidad de formato de cadena en c++filt en Apple Mac OS X 10.5 anterior a la v10.5.4, permite a atacantes asistidos por el usuario ejecutar código de su elección o provocar una denegación de servicio (caída de aplicación) a través de una cadena manipulada en código ... • http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html • CWE-134: Use of Externally-Controlled Format String •
CVSS: 7.8EPSS: 0%CPEs: 30EXPL: 0CVE-2008-2313
https://notcve.org/view.php?id=CVE-2008-2313
01 Jul 2008 — Apple Mac OS X before 10.5 uses weak permissions for the User Template directory, which allows local users to gain privileges by inserting a Trojan horse file into this directory. Apple Mac OS X anterior a 10.5 usa permisos débiles para el directorio User Template, lo que permite a usuarios locales elevar sus privilegios insertando un troyano en este directorio. • http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 24EXPL: 0CVE-2008-2308
https://notcve.org/view.php?id=CVE-2008-2308
01 Jul 2008 — Unspecified vulnerability in Alias Manager in Apple Mac OS X 10.5.1 and earlier on Intel platforms allows local users to gain privileges or cause a denial of service (memory corruption and application crash) by resolving an alias that contains crafted AFP volume mount information. Vulnerabilidad sin especificar en Alias Manager en Apple Mac OS X 10.5.1 y versiones anteriores sobre plataformas Intel, permite a usuarios locales obtener provilegios o provocar una denegación de servicio (caída de aplicación o c... • http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 2CVE-2008-2830 – Apple Mac OSX 10.x - Applescript ARDAgent Shell Privilege Escalation
https://notcve.org/view.php?id=CVE-2008-2830
23 Jun 2008 — Open Scripting Architecture in Apple Mac OS X 10.4.11 and 10.5.4, and some other 10.4 and 10.5 versions, does not properly restrict the loading of scripting addition plugins, which allows local users to gain privileges via scripting addition commands to a privileged application, as originally demonstrated by an osascript tell command to ARDAgent. Open Scripting Architecture en Mac OS X de Apple versiones 10.4.11 y 10.5.4, y algunas otras versiones 10.4 y 10.5, no restringe apropiadamente la carga de plugins... • https://www.exploit-db.com/exploits/31940 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 31%CPEs: 60EXPL: 0CVE-2008-2307
https://notcve.org/view.php?id=CVE-2008-2307
23 Jun 2008 — Unspecified vulnerability in WebKit in Apple Safari before 3.1.2, as distributed in Mac OS X before 10.5.4, and standalone for Windows and Mac OS X 10.4, allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors involving JavaScript arrays that trigger memory corruption. Una vulnerabilidad no especificada en WebKit en Apple Safari anterior a la versión 3.1.2, distribuida en Mac OS X anterior a la versión 10.5.4, e independiente para Windows y Mac OS X ver... • http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 3%CPEs: 8EXPL: 0CVE-2008-1032
https://notcve.org/view.php?id=CVE-2008-1032
02 Jun 2008 — Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.5.3 allows user-assisted remote attackers to execute arbitrary code via an (1) Automator, (2) Help, (3) Safari, or (4) Terminal content type for a downloadable object, which does not trigger a "potentially unsafe" warning message in (a) the Download Validation feature in Mac OS X 10.4 or (b) the Quarantine feature in Mac OS X 10.5. Una vulnerabilidad de lista negra incompleta en CoreTypes en Apple Mac OS X versiones anteriores a 10.... • http://lists.apple.com/archives/security-announce/2008//May/msg00001.html •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2008-1571
https://notcve.org/view.php?id=CVE-2008-1571
02 Jun 2008 — Directory traversal vulnerability in the embedded web server in Image Capture in Apple Mac OS X before 10.5 allows remote attackers to read arbitrary files via directory traversal sequences in the URI. Una vulnerabilidad de salto de directorio en el servidor web incorporado en Image Capture en Apple Mac OS X versiones anteriores a 10.5, permite a los atacantes remotos leer archivos arbitrarios por medio de secuencias de salto de directorio en el URI. • http://lists.apple.com/archives/security-announce/2008//May/msg00001.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •