CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2008-1580
https://notcve.org/view.php?id=CVE-2008-1580
02 Jun 2008 — CFNetwork in Safari in Apple Mac OS X before 10.5.3 automatically sends an SSL client certificate in response to a web server's certificate request, which allows remote web sites to obtain sensitive information (Subject data) from personally identifiable certificates, and use arbitrary certificates to track user activities across domains, a related issue to CVE-2007-4879. CFNetwork en Safari en Apple Mac OS X versiones anteriores a 10.5.3, envía automáticamente un certificado de cliente SSL en respuesta a l... • http://lists.apple.com/archives/security-announce/2008//May/msg00001.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 47%CPEs: 9EXPL: 1CVE-2008-0599 – php: buffer overflow in a CGI path translation
https://notcve.org/view.php?id=CVE-2008-0599
05 May 2008 — The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI. La función init_request_info en sapi/cgi/cgi_main.c en PHP en versiones anteriores a 5.2.6 no considera correctamente la precedencia del operador cuando calcula la longitud de PATH_TRANSLATED, lo que podrían permitir a atacantes remotos ejecutar código arbitrario... • http://cvs.php.net/viewvc.cgi/php-src/sapi/cgi/cgi_main.c?r1=1.267.2.15.2.50.2.12&r2=1.267.2.15.2.50.2.13&diff_format=u • CWE-131: Incorrect Calculation of Buffer Size •
CVSS: 9.8EPSS: 5%CPEs: 8EXPL: 0CVE-2008-1026 – Apple Safari WebKit PCRE Handling Integer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2008-1026
16 Apr 2008 — Integer overflow in the PCRE regular expression compiler (JavaScriptCore/pcre/pcre_compile.cpp) in Apple WebKit, as used in Safari before 3.1.1, allows remote attackers to execute arbitrary code via a regular expression with large, nested repetition counts, which triggers a heap-based buffer overflow. Desbordamiento de entero en el compilador de expresiones regulares PCRE (JavaScriptCore/pcre/pcre_compile.cpp) en Apple WebKit, como se utiliza en Safari en versiones anteriores a 3.1.1, permite a atacantes re... • http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 4%CPEs: 19EXPL: 0CVE-2008-0063 – krb5: possible leak of sensitive data from krb5kdc using krb4 request
https://notcve.org/view.php?id=CVE-2008-0063
19 Mar 2008 — The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values." El soporte Kerberos 4 en KDC en MIT Kerberos 5 (krb5kdc) no borra apropiadamente la parte no utilizada de un búfer cuando se genera un mensaje de error, lo que podría permitir a los atacantes remotos obtener información confidencial, también se conoce como "Unini... • http://docs.info.apple.com/article.html?artnum=307562 • CWE-908: Use of Uninitialized Resource •
CVSS: 7.8EPSS: 27%CPEs: 4EXPL: 0CVE-2008-0987
https://notcve.org/view.php?id=CVE-2008-0987
18 Mar 2008 — Stack-based buffer overflow in Image Raw in Apple Mac OS X 10.5.2, and Digital Camera RAW Compatibility before Update 2.0 for Aperture 2 and iPhoto 7.1.2, allows remote attackers to execute arbitrary code via a crafted Adobe Digital Negative (DNG) image. Un desbordamiento de búfer en la región stack de la memoria en Image Raw en Apple Mac OS X versión 10.5.2, y Digital Camera RAW Compatibility anteriores al Update 2.0 para Aperture versión 2 y iPhoto versión 7.1.2, permite a los atacantes remotos ejecutar c... • http://docs.info.apple.com/article.html?artnum=307562 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2008-0988
https://notcve.org/view.php?id=CVE-2008-0988
18 Mar 2008 — Off-by-one error in the Libsystem strnstr API in libc on Apple Mac OS X 10.4.11 allows context-dependent attackers to cause a denial of service (crash) via crafted arguments that trigger a buffer over-read. Error de superación del límite (off-by-one) en la API Libsystem strnstr de libc en Apple Mac OS X 10.4.11 permite a atacantes dependientes del contexto provocar una denegación de servicio (caída) a través de aregumentos manipulados que disparan una sobre-lectura del búfer. • http://docs.info.apple.com/article.html?artnum=307562 • CWE-189: Numeric Errors •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2008-0989
https://notcve.org/view.php?id=CVE-2008-0989
18 Mar 2008 — Format string vulnerability in mDNSResponderHelper in Apple Mac OS X 10.5.2 allows local users to execute arbitrary code via format string specifiers in the local hostname. Vulnerabilidad de formato de cadena en mDNSResponderHelper en Apple Mac OS X 10.5.2, permite a usuarios locales ejecutar código de su elección a través de especificadores de formatos de cadena en el hostname local. • http://docs.info.apple.com/article.html?artnum=307562 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2008-0990
https://notcve.org/view.php?id=CVE-2008-0990
18 Mar 2008 — notifyd in Apple Mac OS X 10.4.11 does not verify that Mach port death notifications have originated from the kernel, which allows local users to cause a denial of service via spoofed death notifications that prevent other applications from receiving notifications. notifyd en Apple Mac OS X 10.4.11 no verifica que las notificaciones death (muerte) del puerto Mach sean originadas desde el kernel, lo que permite a usuarios locales provocar una denegación de servicio a través de notificaciones death falsas que... • http://docs.info.apple.com/article.html?artnum=307562 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 0CVE-2008-0992
https://notcve.org/view.php?id=CVE-2008-0992
18 Mar 2008 — Array index error in pax in Apple Mac OS X 10.5.2 allows context-dependent attackers to execute arbitrary code via an archive with a crafted length value. Error en el índice de matriz de pax en Apple Mac OS X 10.5.2 permite a atacantes remotos dependientes del contexto ejecutar código de su elección a través de un archivo con un valor de tamaño manipulado. • http://docs.info.apple.com/article.html?artnum=307562 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2008-0993
https://notcve.org/view.php?id=CVE-2008-0993
18 Mar 2008 — Podcast Capture in Podcast Producer for Apple Mac OS X 10.5.2 invokes a subtask with passwords in command line arguments, which allows local users to read the passwords via process listings. Podcast Capture en Podcast Producer de Apple Mac OS X 10.5.2, invoca una subtarea con contraseñas en argumentos de línea de comandos, esto permite a usuarios locales leer las contraseñas mediante listados de procesos. • http://docs.info.apple.com/article.html?artnum=307562 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •