CVSS: 9.8EPSS: 25%CPEs: 4EXPL: 0CVE-2008-3642
https://notcve.org/view.php?id=CVE-2008-3642
10 Oct 2008 — Buffer overflow in ColorSync in Mac OS X 10.4.11 and 10.5.5 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via an image with a crafted ICC profile. Desbordamiento de búfer en ColorSync en Mac OS X 10.4.11 y 10.5.5 que permite a los atacantes remotos causar una denegación de servicios (terminación de la aplicación) y posiblemente ejecutar arbitrariamente código a través de una imagen o un perfil ICC manipulado. • http://lists.apple.com/archives/security-announce//2008/Nov/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 1%CPEs: 2EXPL: 0CVE-2008-3643
https://notcve.org/view.php?id=CVE-2008-3643
10 Oct 2008 — Unspecified vulnerability in Finder in Mac OS X 10.5.5 allows user-assisted attackers to cause a denial of service (continuous termination and restart) via a crafted Desktop file that generates an error when producing its icon, related to an "error recovery issue." Vulnerabilidad inespecífica en Finder en Mac OS X 10.5.5 que permite a atacantes remotos con la ayuda del usuario producir una denegación de servicio (reinicios continuos) a través de un fichero Desktop manipulado que produce un error cuando su i... • http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2008-3645
https://notcve.org/view.php?id=CVE-2008-3645
10 Oct 2008 — Heap-based buffer overflow in the local IPC component in the EAPOLController plugin for configd (Networking component) in Mac OS X 10.4.11 and 10.5.5 allows local users to execute arbitrary code via unknown vectors. Desbordamiento de búfer basado en montículo en en el componente IPC local de el plugin de EAPOLController para configd (Componente de red) en Mac OS X 10.4.11 y 10.5.5 que permite a usuarios locales ejecutar código a su elección a través de vectores desconocidos. • http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 5%CPEs: 4EXPL: 0CVE-2008-3647
https://notcve.org/view.php?id=CVE-2008-3647
10 Oct 2008 — Buffer overflow in PSNormalizer in Mac OS X 10.4.11 and 10.5.5 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a PostScript file with a crafted bounding box comment. Desbordamiento de búfer en PSNormalizer en Mac OS X v10.4.11 y v10.5.5 permite a atacantes remotos provocar una denegación de servicio (finalización de la aplicación) y ejecutar código de su elección mediante un fichero PostScript con un comentario manipulado en un elemento "bounding... • http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 14%CPEs: 23EXPL: 0CVE-2008-4211
https://notcve.org/view.php?id=CVE-2008-4211
10 Oct 2008 — Integer signedness error in (1) QuickLook in Apple Mac OS X 10.5.5 and (2) Office Viewer in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted Microsoft Excel file that triggers an out-of-bounds memory access, related to "handling of columns." Un error en la propiedad signedness de enteros en (1) QuickLook en Mac OS X versión 10.5.5 de Apple y (2) Office Viewer en... • http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html • CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2008-4212
https://notcve.org/view.php?id=CVE-2008-4212
10 Oct 2008 — Unspecified vulnerability in rlogind in the rlogin component in Mac OS X 10.4.11 and 10.5.5 applies hosts.equiv entries to root despite what is stated in documentation, which might allow remote attackers to bypass intended access restrictions. Vulnerabilidad sin especificar en rlogind en el componente rlogin en Mac OS X v10.4.11 v10.5.5 aplica entradas hosts.equiv a root a pesar de que en la documentación se indica que podría permitir a atacantes remotos evitar las restricciones de acceso establecidas. • http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html • CWE-16: Configuration •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2008-4214
https://notcve.org/view.php?id=CVE-2008-4214
10 Oct 2008 — Unspecified vulnerability in Script Editor in Mac OS X 10.4.11 and 10.5.5 allows local users to cause the scripting dictionary to be written to arbitrary locations, related to an "insecure file operation" on temporary files. Vulnerabilidad no especificada en el editor de scripts de Mac OS X v10.4.11 y v10.5.5 que permite a usuarios locales producir que el diccionario de scripts se escriba en lugares arbitrarios, relacionado con una "operación insegura de fichero" en los ficheros temporales. • http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 12%CPEs: 6EXPL: 0CVE-2008-3637
https://notcve.org/view.php?id=CVE-2008-3637
26 Sep 2008 — The Hash-based Message Authentication Code (HMAC) provider in Java on Apple Mac OS X 10.4.11, 10.5.4, and 10.5.5 uses an uninitialized variable, which allows remote attackers to execute arbitrary code via a crafted applet, related to an "error checking issue." El proveedor Hash-based Message Authentication Code en Java on Apple Mac OS X v10.4.11, 10.5.4 y 10.5.5 emplea una variable sin inicializar, esto permite a atacantes remotos ejecutar código de su elección a través de un applet manipulado, relacionado ... • http://lists.apple.com/archives/security-announce//2008/Sep/msg00007.html • CWE-665: Improper Initialization •
CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0CVE-2008-3638
https://notcve.org/view.php?id=CVE-2008-3638
26 Sep 2008 — Java on Apple Mac OS X 10.5.4 and 10.5.5 does not prevent applets from accessing file:// URLs, which allows remote attackers to execute arbitrary programs. Java sobre Apple Mac OS X v10.5.4 y v10.5.5 no evita el acceso de los applets a URL's del tipo "file://, lo que permite a atacantes remotos ejecutar programas de su elección. • http://lists.apple.com/archives/security-announce//2008/Sep/msg00007.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: 10EXPL: 0CVE-2008-2329
https://notcve.org/view.php?id=CVE-2008-2329
16 Sep 2008 — Directory Services in Apple Mac OS X 10.5 through 10.5.4, when Active Directory is used, allows attackers to enumerate user names via wildcard characters in the Login Window. Directory Services en Mac OS X de Apple versiones 10.5 hasta 10.5.4, cuando es usado Active Directory, permite a los atacantes enumerar los nombres de usuario por medio de caracteres comodín (o wildcard) en la Ventana de Inicio de Sesión. • http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •