Page 426 of 2650 results (0.008 seconds)

CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0

CVE-2008-1027

https://notcve.org/view.php?id=CVE-2008-1027

Apple Filing Protocol (AFP) Server in Apple Mac OS X before 10.5.3 does not verify that requested files and directories are inside shared folders, which allows remote attackers to read arbitrary files via unspecified AFP traffic. Apple Filing Protocol (AFP) Server en Apple Mac OS X versiones anteriores a 10.5.3, no comprueba que los archivos y directorios solicitados estén dentro de carpetas compartidas, lo que permite a los atacantes remotos leer archivos arbitrarios por medio de tráfico AFP no especificado. • http://lists.apple.com/archives/security-announce/2008//May/msg00001.html http://secunia.com/advisories/30430 http://securitytracker.com/id?1020130 http://www.securityfocus.com/bid/29412 http://www.securityfocus.com/bid/29490 http://www.us-cert.gov/cas/techalerts/TA08-150A.html http://www.vupen.com/english/advisories/2008/1697 https://exchange.xforce.ibmcloud.com/vulnerabilities/42703 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 9.3EPSS: 3%CPEs: 2EXPL: 0

CVE-2008-1028

https://notcve.org/view.php?id=CVE-2008-1028

Unspecified vulnerability in AppKit in Apple Mac OS X before 10.5 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document file, as demonstrated by opening the document with TextEdit. Una vulnerabilidad no especificada en AppKit en Apple Mac OS X versiones anteriores a 10.5, permite a los atacantes remotos asistidos por el usuario ejecutar código arbitrario o causar una denegación de servicio (bloqueo de aplicación) por medio de un archivo de documento especialmente diseñado, como es demostrado al abrir el documento con TextEdit. • http://lists.apple.com/archives/security-announce/2008//May/msg00001.html http://secunia.com/advisories/30430 http://securitytracker.com/id?1020131 http://www.securityfocus.com/bid/29412 http://www.securityfocus.com/bid/29487 http://www.us-cert.gov/cas/techalerts/TA08-150A.html http://www.vupen.com/english/advisories/2008/1697 https://exchange.xforce.ibmcloud.com/vulnerabilities/42705 • CWE-20: Improper Input Validation •

CVSS: 10.0EPSS: 0%CPEs: 8EXPL: 0

CVE-2008-1030

https://notcve.org/view.php?id=CVE-2008-1030

Integer overflow in the CFDataReplaceBytes function in the CFData API in CoreFoundation in Apple Mac OS X before 10.5.3 allows context-dependent attackers to execute arbitrary code or cause a denial of service (crash) via an invalid length argument, which triggers a heap-based buffer overflow. Un desbordamiento de enteros en la función CFDataReplaceBytes en la API CFData en CoreFoundation en Apple Mac OS X versiones anteriores a 10.5.3, permite a los atacantes dependiendo del contexto ejecutar código arbitrario o causar una denegación de servicio (bloqueo) por medio de un argumento de longitud no válida, lo que desencadena un desbordamiento de búfer en la región heap de la memoria. • http://lists.apple.com/archives/security-announce/2008//May/msg00001.html http://secunia.com/advisories/30430 http://securitytracker.com/id?1020135 http://www.securityfocus.com/bid/29412 http://www.securityfocus.com/bid/29491 http://www.us-cert.gov/cas/techalerts/TA08-150A.html http://www.vupen.com/english/advisories/2008/1697 https://exchange.xforce.ibmcloud.com/vulnerabilities/42709 • CWE-20: Improper Input Validation •

CVSS: 9.3EPSS: 3%CPEs: 8EXPL: 0

CVE-2008-1031

https://notcve.org/view.php?id=CVE-2008-1031

CoreGraphics in Apple Mac OS X before 10.5.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document, related to an uninitialized variable. CoreGraphics en Apple Mac OS X versiones anteriores a 10.5.3, permite a los atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (bloqueo de aplicación) por medio de un documento PDF especialmente diseñado, relacionado con una variable no inicializada. • http://lists.apple.com/archives/security-announce/2008//May/msg00001.html http://secunia.com/advisories/30430 http://securitytracker.com/id?1020136 http://www.securityfocus.com/bid/29412 http://www.securityfocus.com/bid/29480 http://www.us-cert.gov/cas/techalerts/TA08-150A.html http://www.vupen.com/english/advisories/2008/1697 https://exchange.xforce.ibmcloud.com/vulnerabilities/42710 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 6.8EPSS: 3%CPEs: 8EXPL: 0

CVE-2008-1032

https://notcve.org/view.php?id=CVE-2008-1032

Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.5.3 allows user-assisted remote attackers to execute arbitrary code via an (1) Automator, (2) Help, (3) Safari, or (4) Terminal content type for a downloadable object, which does not trigger a "potentially unsafe" warning message in (a) the Download Validation feature in Mac OS X 10.4 or (b) the Quarantine feature in Mac OS X 10.5. Una vulnerabilidad de lista negra incompleta en CoreTypes en Apple Mac OS X versiones anteriores a 10.5.3, permite a los atacantes remotos asistidos por el usuario ejecutar código arbitrario por medio de un tipo de contenido de (1) Automator, (2) Help, (3) Safari o (4) Terminal para un objeto descargable, que no activa un mensaje de advertencia "potentially unsafe" en (a) la funcionalidad Download Validation en Mac OS X versión 10.4 o (b) la funcionalidad Quarantine en Mac OS X versión 10.5. • http://lists.apple.com/archives/security-announce/2008//May/msg00001.html http://secunia.com/advisories/30430 http://securitytracker.com/id?1020137 http://www.securityfocus.com/bid/29412 http://www.securityfocus.com/bid/29481 http://www.us-cert.gov/cas/techalerts/TA08-150A.html http://www.vupen.com/english/advisories/2008/1697 https://exchange.xforce.ibmcloud.com/vulnerabilities/42711 •