CVE-2008-0987
https://notcve.org/view.php?id=CVE-2008-0987
Stack-based buffer overflow in Image Raw in Apple Mac OS X 10.5.2, and Digital Camera RAW Compatibility before Update 2.0 for Aperture 2 and iPhoto 7.1.2, allows remote attackers to execute arbitrary code via a crafted Adobe Digital Negative (DNG) image. Un desbordamiento de búfer en la región stack de la memoria en Image Raw en Apple Mac OS X versión 10.5.2, y Digital Camera RAW Compatibility anteriores al Update 2.0 para Aperture versión 2 y iPhoto versión 7.1.2, permite a los atacantes remotos ejecutar código arbitrario por medio de una imagen Adobe Digital Negative (DNG). • http://docs.info.apple.com/article.html?artnum=307562 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://lists.apple.com/archives/security-announce/2008/Mar/msg00003.html http://secunia.com/advisories/29420 http://secunia.com/advisories/29469 http://support.apple.com/kb/HT1232 http://www.securityfocus.com/bid/28304 http://www.securityfocus.com/bid/28363 http://www.securitytracker.com/id?1019659 http://www.securitytracker.com/id?1019683 http://www • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2008-0998
https://notcve.org/view.php?id=CVE-2008-0998
Unspecified vulnerability in NetCfgTool in the System Configuration component in Apple Mac OS X 10.4.11 and 10.5.2 allows local users to bypass authorization and execute arbitrary code via crafted distributed objects. Vulnerabilidad sin especificar de NetCfgTool en el componente de configuración de sistema en Apple Mac OS X 10.4.11 y 10.5.2, permite a usuarios locales saltarse la autorización y ejecutar código de elección a través de objetos distribuidos manipulados. • http://docs.info.apple.com/article.html?artnum=307562 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://secunia.com/advisories/29420 http://www.securityfocus.com/bid/28304 http://www.securityfocus.com/bid/28385 http://www.securitytracker.com/id?1019674 http://www.us-cert.gov/cas/techalerts/TA08-079A.html http://www.vupen.com/english/advisories/2008/0924/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41281 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2008-0988
https://notcve.org/view.php?id=CVE-2008-0988
Off-by-one error in the Libsystem strnstr API in libc on Apple Mac OS X 10.4.11 allows context-dependent attackers to cause a denial of service (crash) via crafted arguments that trigger a buffer over-read. Error de superación del límite (off-by-one) en la API Libsystem strnstr de libc en Apple Mac OS X 10.4.11 permite a atacantes dependientes del contexto provocar una denegación de servicio (caída) a través de aregumentos manipulados que disparan una sobre-lectura del búfer. • http://docs.info.apple.com/article.html?artnum=307562 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://secunia.com/advisories/29420 http://www.securityfocus.com/bid/28304 http://www.securityfocus.com/bid/28374 http://www.securitytracker.com/id?1019661 http://www.us-cert.gov/cas/techalerts/TA08-079A.html http://www.vupen.com/english/advisories/2008/0924/references • CWE-189: Numeric Errors •
CVE-2008-0996
https://notcve.org/view.php?id=CVE-2008-0996
The Printing component in Apple Mac OS X 10.5.2 might save authentication credentials to disk when starting a job on an authenticated print queue, which might allow local users to obtain the credentials. El componente Printing en Apple Mac OS X 10.5.2 puede guardar las credenciales de autenticación en el disco cuando empieza una tarea en una cola de impresión autenticada, esto puede permitir a los usuarios locales obtener estos credenciales. • http://docs.info.apple.com/article.html?artnum=307562 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://secunia.com/advisories/29420 http://www.securityfocus.com/bid/28304 http://www.securityfocus.com/bid/28344 http://www.securitytracker.com/id?1019667 http://www.us-cert.gov/cas/techalerts/TA08-079A.html http://www.vupen.com/english/advisories/2008/0924/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41284 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-255: Credentials Management Errors •
CVE-2008-0055
https://notcve.org/view.php?id=CVE-2008-0055
Foundation in Apple Mac OS X 10.4.11 creates world-writable directories while NSFileManager copies files recursively and only modifies the permissions afterward, which allows local users to modify copied files to cause a denial of service and possibly gain privileges. Foundation en Apple Mac OS X 10.4.11 crea directorios "world-writable" mientras NSFileManager copia archivos progresivamente y modifica los permisos después, esto permite a usuarios locales modificar los archivos copiados lo que provoca una denegación de servicio y posiblemente, una elevación de privilegios. • http://docs.info.apple.com/article.html?artnum=307562 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://secunia.com/advisories/29420 http://www.securityfocus.com/bid/28304 http://www.securityfocus.com/bid/28343 http://www.securitytracker.com/id?1019649 http://www.us-cert.gov/cas/techalerts/TA08-079A.html http://www.vupen.com/english/advisories/2008/0924/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41299 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •