CVSS: 7.5EPSS: 2%CPEs: 198EXPL: 0CVE-2008-1147
https://notcve.org/view.php?id=CVE-2008-1147
04 Mar 2008 — A certain pseudo-random number generator (PRNG) algorithm that uses XOR and 2-bit random hops (aka "Algorithm X2"), as used in OpenBSD 2.6 through 3.4, Mac OS X 10 through 10.5.1, FreeBSD 4.4 through 7.0, and DragonFlyBSD 1.0 through 1.10.1, allows remote attackers to guess sensitive values such as IP fragmentation IDs by observing a sequence of previously generated values. NOTE: this issue can be leveraged for attacks such as injection into TCP packets and OS fingerprinting. Cierto algoritmo generador de n... • http://seclists.org/bugtraq/2008/Feb/0052.html •
CVSS: 6.8EPSS: 2%CPEs: 198EXPL: 0CVE-2008-1146
https://notcve.org/view.php?id=CVE-2008-1146
04 Mar 2008 — A certain pseudo-random number generator (PRNG) algorithm that uses XOR and 3-bit random hops (aka "Algorithm X3"), as used in OpenBSD 2.8 through 4.2, allows remote attackers to guess sensitive values such as DNS transaction IDs by observing a sequence of previously generated values. NOTE: this issue can be leveraged for attacks such as DNS cache poisoning against OpenBSD's modification of BIND. Cierto algoritmo generador de números pseudo-aleatorios(PRNG) que usa XOR y alterna en saltos de 3-bit (también ... • http://secunia.com/advisories/28819 •
CVSS: 10.0EPSS: 5%CPEs: 2EXPL: 0CVE-2008-0040
https://notcve.org/view.php?id=CVE-2008-0040
12 Feb 2008 — Unspecified vulnerability in NFS in Apple Mac OS X 10.5 through 10.5.1 allows remote attackers to cause a denial of service (system shutdown) or execute arbitrary code via unknown vectors related to mbuf chains that trigger memory corruption. Vulnerabilidad no especificada en NFS de Apple Mac OS X 10.5 hasta 10.5.1 permite a atacantes remotos provocar una denegación de servicio (apagado de sistema) o ejecutar código de su elección a través de vectores no conocidos relacionados a cadenas mbuf que disparan un... • http://docs.info.apple.com/article.html?artnum=307430 • CWE-399: Resource Management Errors •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2008-0038
https://notcve.org/view.php?id=CVE-2008-0038
12 Feb 2008 — Launch Services in Apple Mac OS X 10.5 through 10.5.1 allows an uninstalled application to be launched if it is in a Time Machine backup, which might allow local users to bypass intended security restrictions or exploit vulnerabilities in the application. Launch Services en Apple Mac OS X 10.5 a 10.5.1 permiten a una aplicación no instalada ser lanzada si se encuentra en una copia de seguridad de Time Machine; esto puede permitir a usuarios locales evitar restricciones de seguridad intencionadas o explotar ... • http://docs.info.apple.com/article.html?artnum=307430 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 2%CPEs: 3EXPL: 0CVE-2008-0042
https://notcve.org/view.php?id=CVE-2008-0042
12 Feb 2008 — Argument injection vulnerability in Terminal.app in Terminal in Apple Mac OS X 10.4.11 and 10.5 through 10.5.1 allows remote attackers to execute arbitrary code via unspecified URL schemes. Vulnerabilidad de inyección de argumentos en Terminal.app de Terminal en Apple Mac OS X 10.4.11 y de 10.5 a 10.5.1 permite a atacantes remotos ejecutar código de su elección a través de esquemas URL no especificados. • http://docs.info.apple.com/article.html?artnum=307430 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 2%CPEs: 2EXPL: 0CVE-2008-0037
https://notcve.org/view.php?id=CVE-2008-0037
12 Feb 2008 — X11 in Apple Mac OS X 10.5 through 10.5.1 does not properly handle when the "Allow connections from network client" preference is disabled, which allows remote attackers to bypass intended access restrictions and connect to the X server. X11 en Apple Mac OS X 10.5 hasta 10.5.1 no gestiona correctamente cuando la preferencia "Allow connections from network client" está desactivada, lo que permite a atacantes remotos evitar restricciones de acceso intencionadas y conectar con el servidor X. • http://docs.info.apple.com/article.html?artnum=307430 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 0CVE-2008-0039
https://notcve.org/view.php?id=CVE-2008-0039
12 Feb 2008 — Unspecified vulnerability in Mail in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary commands via a crafted file:// URL. Vulnerabilidad sin especificar en Apple Mail de Mac OS X 10.4.11 permite a atacantes remotos ejecutar comandos de su elección a través de un file:// URL manipulado. • http://docs.info.apple.com/article.html?artnum=307430 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 1%CPEs: 2EXPL: 0CVE-2008-0041
https://notcve.org/view.php?id=CVE-2008-0041
12 Feb 2008 — Parental Controls in Apple Mac OS X 10.5 through 10.5.1 contacts www.apple.com "when a website is unblocked," which allows remote attackers to determine when a system is running Parental Controls. Control Parental en Apple Mac OS X 10.5 hasta 10.5.1 contacta con www.apple.com "cuando un sitio web es desbloqueado", lo que permite a atacantes remotos determinar cuando un sistema esta ejecutando el Control Parental. • http://docs.info.apple.com/article.html?artnum=307430 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 7%CPEs: 22EXPL: 0CVE-2007-6427 – xfree86: memory corruption via XInput extension
https://notcve.org/view.php?id=CVE-2007-6427
18 Jan 2008 — The XInput extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via requests related to byte swapping and heap corruption within multiple functions, a different vulnerability than CVE-2007-4990. La extensión XInput de X.Org Xserver versiones anteriores a 1.4.1 permite a atacantes locales o remotos dependientes del contexto ejecutar código de su elección mediante peticiones relativas al intercambio de bytes y corrupción de cabecera dentro d múltiples funciones,... • http://bugs.gentoo.org/show_bug.cgi?id=204362 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 25%CPEs: 12EXPL: 0CVE-2008-0035
https://notcve.org/view.php?id=CVE-2008-0035
16 Jan 2008 — Unspecified vulnerability in Foundation, as used in Apple iPhone 1.0 through 1.1.2, iPod touch 1.1 through 1.1.2, and Mac OS X 10.5 through 10.5.1, allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted URL that triggers memory corruption in Safari. Una vulnerabilidad no especificada en Foundation, como es usado en Apple iPhone versiones 1.0 hasta 1.1.2, iPod touch versiones 1.1 hasta 1.1.2 y Mac OS X versiones 10.5 hasta 10.5.1, permite a los ... • http://docs.info.apple.com/article.html?artnum=307302 • CWE-399: Resource Management Errors •