CVSS: 7.5EPSS: 2%CPEs: 198EXPL: 0CVE-2008-1148
https://notcve.org/view.php?id=CVE-2008-1148
04 Mar 2008 — A certain pseudo-random number generator (PRNG) algorithm that uses ADD with 0 random hops (aka "Algorithm A0"), as used in OpenBSD 3.5 through 4.2 and NetBSD 1.6.2 through 4.0, allows remote attackers to guess sensitive values such as (1) DNS transaction IDs or (2) IP fragmentation IDs by observing a sequence of previously generated values. NOTE: this issue can be leveraged for attacks such as DNS cache poisoning, injection into TCP packets, and OS fingerprinting. Cierto algoritmo generador de números pseu... • http://secunia.com/advisories/28819 •
CVSS: 7.5EPSS: 2%CPEs: 198EXPL: 0CVE-2008-1147
https://notcve.org/view.php?id=CVE-2008-1147
04 Mar 2008 — A certain pseudo-random number generator (PRNG) algorithm that uses XOR and 2-bit random hops (aka "Algorithm X2"), as used in OpenBSD 2.6 through 3.4, Mac OS X 10 through 10.5.1, FreeBSD 4.4 through 7.0, and DragonFlyBSD 1.0 through 1.10.1, allows remote attackers to guess sensitive values such as IP fragmentation IDs by observing a sequence of previously generated values. NOTE: this issue can be leveraged for attacks such as injection into TCP packets and OS fingerprinting. Cierto algoritmo generador de n... • http://seclists.org/bugtraq/2008/Feb/0052.html •
CVSS: 6.8EPSS: 2%CPEs: 198EXPL: 0CVE-2008-1146
https://notcve.org/view.php?id=CVE-2008-1146
04 Mar 2008 — A certain pseudo-random number generator (PRNG) algorithm that uses XOR and 3-bit random hops (aka "Algorithm X3"), as used in OpenBSD 2.8 through 4.2, allows remote attackers to guess sensitive values such as DNS transaction IDs by observing a sequence of previously generated values. NOTE: this issue can be leveraged for attacks such as DNS cache poisoning against OpenBSD's modification of BIND. Cierto algoritmo generador de números pseudo-aleatorios(PRNG) que usa XOR y alterna en saltos de 3-bit (también ... • http://secunia.com/advisories/28819 •
CVSS: 10.0EPSS: 5%CPEs: 2EXPL: 0CVE-2008-0040
https://notcve.org/view.php?id=CVE-2008-0040
12 Feb 2008 — Unspecified vulnerability in NFS in Apple Mac OS X 10.5 through 10.5.1 allows remote attackers to cause a denial of service (system shutdown) or execute arbitrary code via unknown vectors related to mbuf chains that trigger memory corruption. Vulnerabilidad no especificada en NFS de Apple Mac OS X 10.5 hasta 10.5.1 permite a atacantes remotos provocar una denegación de servicio (apagado de sistema) o ejecutar código de su elección a través de vectores no conocidos relacionados a cadenas mbuf que disparan un... • http://docs.info.apple.com/article.html?artnum=307430 • CWE-399: Resource Management Errors •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2008-0038
https://notcve.org/view.php?id=CVE-2008-0038
12 Feb 2008 — Launch Services in Apple Mac OS X 10.5 through 10.5.1 allows an uninstalled application to be launched if it is in a Time Machine backup, which might allow local users to bypass intended security restrictions or exploit vulnerabilities in the application. Launch Services en Apple Mac OS X 10.5 a 10.5.1 permiten a una aplicación no instalada ser lanzada si se encuentra en una copia de seguridad de Time Machine; esto puede permitir a usuarios locales evitar restricciones de seguridad intencionadas o explotar ... • http://docs.info.apple.com/article.html?artnum=307430 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 2%CPEs: 3EXPL: 0CVE-2008-0042
https://notcve.org/view.php?id=CVE-2008-0042
12 Feb 2008 — Argument injection vulnerability in Terminal.app in Terminal in Apple Mac OS X 10.4.11 and 10.5 through 10.5.1 allows remote attackers to execute arbitrary code via unspecified URL schemes. Vulnerabilidad de inyección de argumentos en Terminal.app de Terminal en Apple Mac OS X 10.4.11 y de 10.5 a 10.5.1 permite a atacantes remotos ejecutar código de su elección a través de esquemas URL no especificados. • http://docs.info.apple.com/article.html?artnum=307430 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 2%CPEs: 2EXPL: 0CVE-2008-0037
https://notcve.org/view.php?id=CVE-2008-0037
12 Feb 2008 — X11 in Apple Mac OS X 10.5 through 10.5.1 does not properly handle when the "Allow connections from network client" preference is disabled, which allows remote attackers to bypass intended access restrictions and connect to the X server. X11 en Apple Mac OS X 10.5 hasta 10.5.1 no gestiona correctamente cuando la preferencia "Allow connections from network client" está desactivada, lo que permite a atacantes remotos evitar restricciones de acceso intencionadas y conectar con el servidor X. • http://docs.info.apple.com/article.html?artnum=307430 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 0CVE-2008-0039
https://notcve.org/view.php?id=CVE-2008-0039
12 Feb 2008 — Unspecified vulnerability in Mail in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary commands via a crafted file:// URL. Vulnerabilidad sin especificar en Apple Mail de Mac OS X 10.4.11 permite a atacantes remotos ejecutar comandos de su elección a través de un file:// URL manipulado. • http://docs.info.apple.com/article.html?artnum=307430 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 1%CPEs: 2EXPL: 0CVE-2008-0041
https://notcve.org/view.php?id=CVE-2008-0041
12 Feb 2008 — Parental Controls in Apple Mac OS X 10.5 through 10.5.1 contacts www.apple.com "when a website is unblocked," which allows remote attackers to determine when a system is running Parental Controls. Control Parental en Apple Mac OS X 10.5 hasta 10.5.1 contacta con www.apple.com "cuando un sitio web es desbloqueado", lo que permite a atacantes remotos determinar cuando un sistema esta ejecutando el Control Parental. • http://docs.info.apple.com/article.html?artnum=307430 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 7%CPEs: 22EXPL: 0CVE-2007-6427 – xfree86: memory corruption via XInput extension
https://notcve.org/view.php?id=CVE-2007-6427
18 Jan 2008 — The XInput extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via requests related to byte swapping and heap corruption within multiple functions, a different vulnerability than CVE-2007-4990. La extensión XInput de X.Org Xserver versiones anteriores a 1.4.1 permite a atacantes locales o remotos dependientes del contexto ejecutar código de su elección mediante peticiones relativas al intercambio de bytes y corrupción de cabecera dentro d múltiples funciones,... • http://bugs.gentoo.org/show_bug.cgi?id=204362 • CWE-787: Out-of-bounds Write •