CVSS: 6.8EPSS: 0%CPEs: 30EXPL: 0CVE-2008-2314
https://notcve.org/view.php?id=CVE-2008-2314
01 Jul 2008 — Dock in Apple Mac OS X 10.5 before 10.5.4, when Exposé hot corners is enabled, allows physically proximate attackers to gain access to a locked session in (1) sleep mode or (2) screen saver mode via unspecified vectors. Dock en Apple Mac OS X 10.5 anterior a la versión 10.5.4, cuando las zonas activas de Exposé están habilitadas, permite a los atacantes físicamente próximos obtener acceso a una sesión bloqueada en (1) modo de suspensión o (2) modo de protector de pantalla a través de vectores no especificad... • http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 24EXPL: 0CVE-2008-2308
https://notcve.org/view.php?id=CVE-2008-2308
01 Jul 2008 — Unspecified vulnerability in Alias Manager in Apple Mac OS X 10.5.1 and earlier on Intel platforms allows local users to gain privileges or cause a denial of service (memory corruption and application crash) by resolving an alias that contains crafted AFP volume mount information. Vulnerabilidad sin especificar en Alias Manager en Apple Mac OS X 10.5.1 y versiones anteriores sobre plataformas Intel, permite a usuarios locales obtener provilegios o provocar una denegación de servicio (caída de aplicación o c... • http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2008-1027
https://notcve.org/view.php?id=CVE-2008-1027
02 Jun 2008 — Apple Filing Protocol (AFP) Server in Apple Mac OS X before 10.5.3 does not verify that requested files and directories are inside shared folders, which allows remote attackers to read arbitrary files via unspecified AFP traffic. Apple Filing Protocol (AFP) Server en Apple Mac OS X versiones anteriores a 10.5.3, no comprueba que los archivos y directorios solicitados estén dentro de carpetas compartidas, lo que permite a los atacantes remotos leer archivos arbitrarios por medio de tráfico AFP no especificad... • http://lists.apple.com/archives/security-announce/2008//May/msg00001.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 1%CPEs: 8EXPL: 0CVE-2008-1030
https://notcve.org/view.php?id=CVE-2008-1030
02 Jun 2008 — Integer overflow in the CFDataReplaceBytes function in the CFData API in CoreFoundation in Apple Mac OS X before 10.5.3 allows context-dependent attackers to execute arbitrary code or cause a denial of service (crash) via an invalid length argument, which triggers a heap-based buffer overflow. Un desbordamiento de enteros en la función CFDataReplaceBytes en la API CFData en CoreFoundation en Apple Mac OS X versiones anteriores a 10.5.3, permite a los atacantes dependiendo del contexto ejecutar código arbitr... • http://lists.apple.com/archives/security-announce/2008//May/msg00001.html • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 3%CPEs: 8EXPL: 0CVE-2008-1031
https://notcve.org/view.php?id=CVE-2008-1031
02 Jun 2008 — CoreGraphics in Apple Mac OS X before 10.5.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document, related to an uninitialized variable. CoreGraphics en Apple Mac OS X versiones anteriores a 10.5.3, permite a los atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (bloqueo de aplicación) por medio de un documento PDF especialmente diseñado, relacionado con una variable no inicializada. • http://lists.apple.com/archives/security-announce/2008//May/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 3%CPEs: 8EXPL: 0CVE-2008-1032
https://notcve.org/view.php?id=CVE-2008-1032
02 Jun 2008 — Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.5.3 allows user-assisted remote attackers to execute arbitrary code via an (1) Automator, (2) Help, (3) Safari, or (4) Terminal content type for a downloadable object, which does not trigger a "potentially unsafe" warning message in (a) the Download Validation feature in Mac OS X 10.4 or (b) the Quarantine feature in Mac OS X 10.5. Una vulnerabilidad de lista negra incompleta en CoreTypes en Apple Mac OS X versiones anteriores a 10.... • http://lists.apple.com/archives/security-announce/2008//May/msg00001.html •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2008-1033
https://notcve.org/view.php?id=CVE-2008-1033
02 Jun 2008 — The scheduler in CUPS in Apple Mac OS X 10.5 before 10.5.3, when debug logging is enabled and a printer requires a password, allows attackers to obtain sensitive information (credentials) by reading the log data, related to "authentication environment variables." El planificador en CUPS en Apple Mac OS X versiones 10.5 anteriores a 10.5.3, cuando el registro de depuración está habilitado y una impresora requiere una contraseña, permite a los atacantes obtener información confidencial (credenciales) mediante... • http://lists.apple.com/archives/security-announce/2008//May/msg00001.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 2%CPEs: 9EXPL: 0CVE-2008-1036 – ICU: Invalid character sequences omission during conversion of some character encodings (XSS attack possible)
https://notcve.org/view.php?id=CVE-2008-1036
02 Jun 2008 — The International Components for Unicode (ICU) library in Apple Mac OS X before 10.5.3, Red Hat Enterprise Linux 5, and other operating systems omits some invalid character sequences during conversion of some character encodings, which might allow remote attackers to conduct cross-site scripting (XSS) attacks. La biblioteca International Components for Unicode (ICU) en Apple Mac OS X versiones anteriores a 10.5.3, Red Hat Enterprise Linux versión 5 y otros sistemas operativos, omite algunas secuencias de ca... • http://lists.apple.com/archives/security-announce/2008//May/msg00001.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2008-1573
https://notcve.org/view.php?id=CVE-2008-1573
02 Jun 2008 — The BMP and GIF image decoding engine in ImageIO in Apple Mac OS X before 10.5.3 allows remote attackers to obtain sensitive information (memory contents) via a crafted (1) BMP or (2) GIF image, which causes an out-of-bounds read. El motor de decodificación de imágenes BMP y GIF en ImageIO en Apple Mac OS X versiones anteriores a 10.5.3, permite a los atacantes remotos obtener información confidencial (contenido de memoria) por medio de una imagen (1) BMP o (2) GIF diseñada, lo que causa una lectura fuera d... • http://lists.apple.com/archives/security-announce/2008//Jun/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 8%CPEs: 8EXPL: 0CVE-2008-1574
https://notcve.org/view.php?id=CVE-2008-1574
02 Jun 2008 — Integer overflow in ImageIO in Apple Mac OS X before 10.5.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG2000 image that triggers a heap-based buffer overflow. Un desbordamiento de enteros en ImageIO en Apple Mac OS X versiones anteriores a 10.5.3, permite a los atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (bloqueo de aplicación) por medio de una imagen JPEG2000 diseñada que desencadena un desbordamie... • http://lists.apple.com/archives/security-announce/2008//May/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •