CVE-2008-3637
https://notcve.org/view.php?id=CVE-2008-3637
The Hash-based Message Authentication Code (HMAC) provider in Java on Apple Mac OS X 10.4.11, 10.5.4, and 10.5.5 uses an uninitialized variable, which allows remote attackers to execute arbitrary code via a crafted applet, related to an "error checking issue." El proveedor Hash-based Message Authentication Code en Java on Apple Mac OS X v10.4.11, 10.5.4 y 10.5.5 emplea una variable sin inicializar, esto permite a atacantes remotos ejecutar código de su elección a través de un applet manipulado, relacionado con una "cuestión de chequeo de error". • http://lists.apple.com/archives/security-announce//2008/Sep/msg00007.html http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html http://secunia.com/advisories/32018 http://support.apple.com/kb/HT3178 http://support.apple.com/kb/HT3179 http://www.securityfocus.com/bid/31379 http://www.securitytracker.com/id?1020943 https://exchange.xforce.ibmcloud.com/vulnerabilities/45396 • CWE-665: Improper Initialization •
CVE-2008-3638
https://notcve.org/view.php?id=CVE-2008-3638
Java on Apple Mac OS X 10.5.4 and 10.5.5 does not prevent applets from accessing file:// URLs, which allows remote attackers to execute arbitrary programs. Java sobre Apple Mac OS X v10.5.4 y v10.5.5 no evita el acceso de los applets a URL's del tipo "file://, lo que permite a atacantes remotos ejecutar programas de su elección. • http://lists.apple.com/archives/security-announce//2008/Sep/msg00007.html http://secunia.com/advisories/32018 http://support.apple.com/kb/HT3179 http://www.securityfocus.com/bid/31380 http://www.securitytracker.com/id?1020944 https://exchange.xforce.ibmcloud.com/vulnerabilities/45397 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2008-2312
https://notcve.org/view.php?id=CVE-2008-2312
Network Preferences in Apple Mac OS X 10.4.11 stores PPP passwords in cleartext in a world-readable file, which allows local users to obtain sensitive information by reading this file. Network Preferences en Apple Mac OS X 10.4.11, almacena contraseñas PPP en texto planto en un fichero de "lectura por todos", lo que permite a usuarios locales obtener información sensible mediante la lectura de este fichero. • http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html http://secunia.com/advisories/31882 http://securitytracker.com/id?1020881 http://www.securityfocus.com/bid/31189 http://www.us-cert.gov/cas/techalerts/TA08-260A.html http://www.vupen.com/english/advisories/2008/2584 https://exchange.xforce.ibmcloud.com/vulnerabilities/45173 • CWE-255: Credentials Management Errors •
CVE-2008-3621
https://notcve.org/view.php?id=CVE-2008-3621
VideoConference in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via vectors involving H.264 encoded media. VideoConference en Apple Mac OS X 10.4.11 y 10.5 a la v 10.5.4, permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de aplicación) o ejecutar código de su elección a través de vectores involucrados con el codec/encoder H.264. • http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html http://secunia.com/advisories/31882 http://securitytracker.com/id?1020885 http://www.securityfocus.com/bid/31189 http://www.us-cert.gov/cas/techalerts/TA08-260A.html http://www.vupen.com/english/advisories/2008/2584 https://exchange.xforce.ibmcloud.com/vulnerabilities/45177 • CWE-399: Resource Management Errors •
CVE-2008-3611
https://notcve.org/view.php?id=CVE-2008-3611
Login Window in Apple Mac OS X 10.4.11 does not clear the current password when a user makes a password-change attempt that is denied by policy, which allows opportunistic, physically proximate attackers to bypass authentication and change this user's password by later entering an acceptable new password on the same login screen. La Ventana de Inicio de Sesión en Mac OS X versión 10.4.11 de Apple, no borra la contraseña actual cuando un usuario realiza un intento de cambio de contraseña que es negado por la política, lo que permite a los atacantes oportunistas, físicamente cercanos, omitir la autenticación y cambiar la contraseña de este usuario mediante un ingreso posterior a una nueva contraseña aceptable en la misma pantalla de inicio de sesión. • http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html http://secunia.com/advisories/31882 http://securitytracker.com/id?1020878 http://www.securityfocus.com/bid/31189 http://www.us-cert.gov/cas/techalerts/TA08-260A.html http://www.vupen.com/english/advisories/2008/2584 https://exchange.xforce.ibmcloud.com/vulnerabilities/45171 • CWE-287: Improper Authentication •