CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2008-0049
https://notcve.org/view.php?id=CVE-2008-0049
18 Mar 2008 — AppKit in Apple Mac OS X 10.4.11 inadvertently makes an NSApplication mach port available for inter-process communication instead of inter-thread communication, which allows local users to execute arbitrary code via crafted messages to privileged applications. AppKit en Apple Mac OS X versión 10.4.11, inadvertidamente realiza una habilitación de un puerto mach NSApplication para la comunicación entre procesos en lugar de la comunicación entre subprocesos (hilos), lo que permite a los usuarios locales ejecut... • http://docs.info.apple.com/article.html?artnum=307562 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 4%CPEs: 2EXPL: 0CVE-2008-0057
https://notcve.org/view.php?id=CVE-2008-0057
18 Mar 2008 — Multiple integer overflows in a "legacy serialization format" parser in AppKit in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via a crafted serialized property list. Múltiples desbordamientos de enteros en un analizador de "legacy serialization format" en AppKit en Apple Mac OS X versión 10.4.11, permite a los atacantes remotos ejecutar código arbitrario por medio de una lista de propiedades serializadas. • http://docs.info.apple.com/article.html?artnum=307562 • CWE-189: Numeric Errors •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2008-0046
https://notcve.org/view.php?id=CVE-2008-0046
18 Mar 2008 — The Application Firewall in Apple Mac OS X 10.5.2 has an incorrect German translation for the "Set access for specific services and applications" radio button that might cause the user to believe that the button is used to restrict access only to specific services and applications, which might allow attackers to bypass intended access restrictions. La Application Firewall en Apple Mac OS X 10.5.2 tiene una traducción al alemán incorrecta para el botón de radio "Permitir acceso para servicios y aplicaciones ... • http://docs.info.apple.com/article.html?artnum=307562 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 2%CPEs: 2EXPL: 0CVE-2008-0997
https://notcve.org/view.php?id=CVE-2008-0997
18 Mar 2008 — Stack-based buffer overflow in AppKit in Apple Mac OS X 10.4.11 allows user-assisted remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted PostScript Printer Description (PPD) file that is not properly handled when querying a network printer. Desbordamiento de búfer basado en pila de AppKit en Apple Mac OS X 10.4.11, permite a atacantes remotos ayudados por el usuario provocar una denegación de servicio (caída de aplicación) y ejecutar código de su ... • http://docs.info.apple.com/article.html?artnum=307562 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.1EPSS: 2%CPEs: 2EXPL: 0CVE-2008-0045
https://notcve.org/view.php?id=CVE-2008-0045
18 Mar 2008 — Unspecified vulnerability in AFP Server in Apple Mac OS X 10.4.11 allows remote attackers to bypass cross-realm authentication via unknown manipulations of Kerberos principal realm names. Vulnerabilidad sin especificar de AFP Server en Apple Mac OS X 10.4.11, que permite a atacantes remotos evitar la identificación entre dominios (realm) a través de manipulaciones desconocidas sobre los nombres de dominio Kerberos principales. • http://docs.info.apple.com/article.html?artnum=307562 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 1%CPEs: 2EXPL: 0CVE-2008-0050
https://notcve.org/view.php?id=CVE-2008-0050
18 Mar 2008 — CFNetwork in Apple Mac OS X 10.4.11 allows remote HTTPS proxy servers to spoof secure websites via data in a 502 Bad Gateway error. CFNetwork en Apple Mac OS X versión 10.4.11, permite que los servidores proxy HTTPS remotos falsifiquen sitios web seguros por medio de datos en un error 502 Bad Gateway. • http://docs.info.apple.com/article.html?artnum=307562 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 1%CPEs: 4EXPL: 0CVE-2008-0044
https://notcve.org/view.php?id=CVE-2008-0044
18 Mar 2008 — Multiple buffer overflows in AFP Client in Apple Mac OS X 10.4.11 and 10.5.2 allow remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted afp:// URL. Múltiples Desbordamientos de búfer de AFP Client en Apple Mac OS X 10.4.11 y 10.5.2, que permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) y ejecutar código de su elección a través de una URL afp:// manipulada. • http://docs.info.apple.com/article.html?artnum=307562 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2008-0048
https://notcve.org/view.php?id=CVE-2008-0048
18 Mar 2008 — Stack-based buffer overflow in AppKit in Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via the a long file name to the NSDocument API. Desbordamiento de búfer basado en pila en AppKit de Apple Mac OS X 10.4.11 permite a atacantes dependientes del contexto ejecutar código de su elección a través de un nombre de archivo largo a la API NSDocument. • http://docs.info.apple.com/article.html?artnum=307562 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2008-0051
https://notcve.org/view.php?id=CVE-2008-0051
18 Mar 2008 — Integer overflow in CoreFoundation in Apple Mac OS X 10.4.11 might allow local users to execute arbitrary code via crafted time zone data. Desbordamiento de entero de CoreFoundation en Apple Mac OS X 10.4.11, debería permitir a los usuarios locales, ejecutar código de su elección mediante datos de zona horaria manipulados. • http://docs.info.apple.com/article.html?artnum=307562 • CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 2%CPEs: 198EXPL: 0CVE-2008-1148
https://notcve.org/view.php?id=CVE-2008-1148
04 Mar 2008 — A certain pseudo-random number generator (PRNG) algorithm that uses ADD with 0 random hops (aka "Algorithm A0"), as used in OpenBSD 3.5 through 4.2 and NetBSD 1.6.2 through 4.0, allows remote attackers to guess sensitive values such as (1) DNS transaction IDs or (2) IP fragmentation IDs by observing a sequence of previously generated values. NOTE: this issue can be leveraged for attacks such as DNS cache poisoning, injection into TCP packets, and OS fingerprinting. Cierto algoritmo generador de números pseu... • http://secunia.com/advisories/28819 •