CVSS: 9.3EPSS: 5%CPEs: 4EXPL: 0CVE-2008-3647
https://notcve.org/view.php?id=CVE-2008-3647
10 Oct 2008 — Buffer overflow in PSNormalizer in Mac OS X 10.4.11 and 10.5.5 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a PostScript file with a crafted bounding box comment. Desbordamiento de búfer en PSNormalizer en Mac OS X v10.4.11 y v10.5.5 permite a atacantes remotos provocar una denegación de servicio (finalización de la aplicación) y ejecutar código de su elección mediante un fichero PostScript con un comentario manipulado en un elemento "bounding... • http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 14%CPEs: 23EXPL: 0CVE-2008-4211
https://notcve.org/view.php?id=CVE-2008-4211
10 Oct 2008 — Integer signedness error in (1) QuickLook in Apple Mac OS X 10.5.5 and (2) Office Viewer in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted Microsoft Excel file that triggers an out-of-bounds memory access, related to "handling of columns." Un error en la propiedad signedness de enteros en (1) QuickLook en Mac OS X versión 10.5.5 de Apple y (2) Office Viewer en... • http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html • CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2008-4212
https://notcve.org/view.php?id=CVE-2008-4212
10 Oct 2008 — Unspecified vulnerability in rlogind in the rlogin component in Mac OS X 10.4.11 and 10.5.5 applies hosts.equiv entries to root despite what is stated in documentation, which might allow remote attackers to bypass intended access restrictions. Vulnerabilidad sin especificar en rlogind en el componente rlogin en Mac OS X v10.4.11 v10.5.5 aplica entradas hosts.equiv a root a pesar de que en la documentación se indica que podría permitir a atacantes remotos evitar las restricciones de acceso establecidas. • http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html • CWE-16: Configuration •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2008-4214
https://notcve.org/view.php?id=CVE-2008-4214
10 Oct 2008 — Unspecified vulnerability in Script Editor in Mac OS X 10.4.11 and 10.5.5 allows local users to cause the scripting dictionary to be written to arbitrary locations, related to an "insecure file operation" on temporary files. Vulnerabilidad no especificada en el editor de scripts de Mac OS X v10.4.11 y v10.5.5 que permite a usuarios locales producir que el diccionario de scripts se escriba en lugares arbitrarios, relacionado con una "operación insegura de fichero" en los ficheros temporales. • http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2008-4215
https://notcve.org/view.php?id=CVE-2008-4215
10 Oct 2008 — Weblog in Mac OS X Server 10.4.11 does not properly check an error condition when a weblog posting access control list is specified for a user that has multiple short names, which might allow attackers to bypass intended access restrictions. Vulnerabilidad en la lista de control de acceso a publicación de el Weblog en el servidor Mac OS X v10.4.11 que no comprueba adecuadamente cuando un usuario posee múltiples nombres cortos que permite a los atacantes evitar las restricciones de seguridad. • http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 12%CPEs: 6EXPL: 0CVE-2008-3637
https://notcve.org/view.php?id=CVE-2008-3637
26 Sep 2008 — The Hash-based Message Authentication Code (HMAC) provider in Java on Apple Mac OS X 10.4.11, 10.5.4, and 10.5.5 uses an uninitialized variable, which allows remote attackers to execute arbitrary code via a crafted applet, related to an "error checking issue." El proveedor Hash-based Message Authentication Code en Java on Apple Mac OS X v10.4.11, 10.5.4 y 10.5.5 emplea una variable sin inicializar, esto permite a atacantes remotos ejecutar código de su elección a través de un applet manipulado, relacionado ... • http://lists.apple.com/archives/security-announce//2008/Sep/msg00007.html • CWE-665: Improper Initialization •
CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0CVE-2008-3638
https://notcve.org/view.php?id=CVE-2008-3638
26 Sep 2008 — Java on Apple Mac OS X 10.5.4 and 10.5.5 does not prevent applets from accessing file:// URLs, which allows remote attackers to execute arbitrary programs. Java sobre Apple Mac OS X v10.5.4 y v10.5.5 no evita el acceso de los applets a URL's del tipo "file://, lo que permite a atacantes remotos ejecutar programas de su elección. • http://lists.apple.com/archives/security-announce//2008/Sep/msg00007.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2008-2312
https://notcve.org/view.php?id=CVE-2008-2312
16 Sep 2008 — Network Preferences in Apple Mac OS X 10.4.11 stores PPP passwords in cleartext in a world-readable file, which allows local users to obtain sensitive information by reading this file. Network Preferences en Apple Mac OS X 10.4.11, almacena contraseñas PPP en texto planto en un fichero de "lectura por todos", lo que permite a usuarios locales obtener información sensible mediante la lectura de este fichero. • http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html • CWE-255: Credentials Management Errors •
CVSS: 5.3EPSS: 0%CPEs: 10EXPL: 0CVE-2008-2329
https://notcve.org/view.php?id=CVE-2008-2329
16 Sep 2008 — Directory Services in Apple Mac OS X 10.5 through 10.5.4, when Active Directory is used, allows attackers to enumerate user names via wildcard characters in the Login Window. Directory Services en Mac OS X de Apple versiones 10.5 hasta 10.5.4, cuando es usado Active Directory, permite a los atacantes enumerar los nombres de usuario por medio de caracteres comodín (o wildcard) en la Ventana de Inicio de Sesión. • http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2008-2330
https://notcve.org/view.php?id=CVE-2008-2330
16 Sep 2008 — slapconfig in Directory Services in Apple Mac OS X 10.5 through 10.5.4 allows local users to select a readable output file into which the server password will be written by an OpenLDAP system administrator, related to the mkfifo function, aka an "insecure file operation issue." slapconfig en Directory Services en Apple Mac OS X 10.5 a la v10.5.4, permite a usuarios locales seleccionar un fichero con permisos de lectura de salida en el que ha sido escrito la contraseña del servidor mediante el administrador ... • http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •