CVE-2008-0037
https://notcve.org/view.php?id=CVE-2008-0037
X11 in Apple Mac OS X 10.5 through 10.5.1 does not properly handle when the "Allow connections from network client" preference is disabled, which allows remote attackers to bypass intended access restrictions and connect to the X server. X11 en Apple Mac OS X 10.5 hasta 10.5.1 no gestiona correctamente cuando la preferencia "Allow connections from network client" está desactivada, lo que permite a atacantes remotos evitar restricciones de acceso intencionadas y conectar con el servidor X. • http://docs.info.apple.com/article.html?artnum=307430 http://lists.apple.com/archives/security-announce/2008/Feb/msg00002.html http://secunia.com/advisories/28891 http://www.securityfocus.com/bid/27736 http://www.securitytracker.com/id?1019365 http://www.us-cert.gov/cas/techalerts/TA08-043B.html http://www.vupen.com/english/advisories/2008/0495/references • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2008-0038
https://notcve.org/view.php?id=CVE-2008-0038
Launch Services in Apple Mac OS X 10.5 through 10.5.1 allows an uninstalled application to be launched if it is in a Time Machine backup, which might allow local users to bypass intended security restrictions or exploit vulnerabilities in the application. Launch Services en Apple Mac OS X 10.5 a 10.5.1 permiten a una aplicación no instalada ser lanzada si se encuentra en una copia de seguridad de Time Machine; esto puede permitir a usuarios locales evitar restricciones de seguridad intencionadas o explotar vulnerabilidades en la aplicación. • http://docs.info.apple.com/article.html?artnum=307430 http://lists.apple.com/archives/security-announce/2008/Feb/msg00002.html http://secunia.com/advisories/28891 http://www.securityfocus.com/bid/27736 http://www.securitytracker.com/id?1019360 http://www.us-cert.gov/cas/techalerts/TA08-043B.html http://www.vupen.com/english/advisories/2008/0495/references • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2008-0039
https://notcve.org/view.php?id=CVE-2008-0039
Unspecified vulnerability in Mail in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary commands via a crafted file:// URL. Vulnerabilidad sin especificar en Apple Mail de Mac OS X 10.4.11 permite a atacantes remotos ejecutar comandos de su elección a través de un file:// URL manipulado. • http://docs.info.apple.com/article.html?artnum=307430 http://lists.apple.com/archives/security-announce/2008/Feb/msg00002.html http://secunia.com/advisories/28891 http://www.securityfocus.com/bid/27736 http://www.securitytracker.com/id?1019361 http://www.us-cert.gov/cas/techalerts/TA08-043B.html http://www.vupen.com/english/advisories/2008/0495/references • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2007-6427 – xfree86: memory corruption via XInput extension
https://notcve.org/view.php?id=CVE-2007-6427
The XInput extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via requests related to byte swapping and heap corruption within multiple functions, a different vulnerability than CVE-2007-4990. La extensión XInput de X.Org Xserver versiones anteriores a 1.4.1 permite a atacantes locales o remotos dependientes del contexto ejecutar código de su elección mediante peticiones relativas al intercambio de bytes y corrupción de cabecera dentro d múltiples funciones, vulnerabilidad distinta de CVE-2007-4990. • http://bugs.gentoo.org/show_bug.cgi?id=204362 http://docs.info.apple.com/article.html?artnum=307562 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=643 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://lists.freedesktop.org/archives/xorg/2008-January/031918.html http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00004.html http://lists.opensuse.org/ope • CWE-787: Out-of-bounds Write •
CVE-2008-0035
https://notcve.org/view.php?id=CVE-2008-0035
Unspecified vulnerability in Foundation, as used in Apple iPhone 1.0 through 1.1.2, iPod touch 1.1 through 1.1.2, and Mac OS X 10.5 through 10.5.1, allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted URL that triggers memory corruption in Safari. Una vulnerabilidad no especificada en Foundation, como es usado en Apple iPhone versiones 1.0 hasta 1.1.2, iPod touch versiones 1.1 hasta 1.1.2 y Mac OS X versiones 10.5 hasta 10.5.1, permite a los atacantes remotos causar una denegación de servicio (finalización de aplicación) o ejecutar código arbitrario por medio de una URL diseñada que desencadena una corrupción de memoria en Safari. • http://docs.info.apple.com/article.html?artnum=307302 http://docs.info.apple.com/article.html?artnum=307430 http://lists.apple.com/archives/security-announce/2008/Feb/msg00002.html http://lists.apple.com/archives/security-announce/2008/Jan/msg00000.html http://secunia.com/advisories/28497 http://secunia.com/advisories/28891 http://www.securityfocus.com/bid/27296 http://www.securitytracker.com/id?1019220 http://www.us-cert.gov/cas/techalerts/TA08-043B.html http://www.vupen.c • CWE-399: Resource Management Errors •