CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2008-4368
https://notcve.org/view.php?id=CVE-2008-4368
The default configuration of Java 1.5 on Apple Mac OS X 10.5.4 and 10.5.5 contains a jurisdiction policy that limits Java Cryptography Extension (JCE) key sizes to 128 bits, which makes it easier for attackers to decrypt ciphertext produced by JCE. La configuración por defecto de Java 1.5 en Mac OS X 10.5.4 y 10.5.5 de Apple tiene una política de jurisdicción que limita los tamaños de claves de la Extensión de Criptografía de Java (JCE) a 128 bits, lo que facilita a los atacantes descifrar texto cifrado por JCE. • http://lists.apple.com/archives/security-announce//2008/Sep/msg00007.html http://support.apple.com/kb/HT3179 https://exchange.xforce.ibmcloud.com/vulnerabilities/45650 • CWE-310: Cryptographic Issues •
CVSS: 9.3EPSS: 1%CPEs: 4EXPL: 0CVE-2008-3638
https://notcve.org/view.php?id=CVE-2008-3638
Java on Apple Mac OS X 10.5.4 and 10.5.5 does not prevent applets from accessing file:// URLs, which allows remote attackers to execute arbitrary programs. Java sobre Apple Mac OS X v10.5.4 y v10.5.5 no evita el acceso de los applets a URL's del tipo "file://, lo que permite a atacantes remotos ejecutar programas de su elección. • http://lists.apple.com/archives/security-announce//2008/Sep/msg00007.html http://secunia.com/advisories/32018 http://support.apple.com/kb/HT3179 http://www.securityfocus.com/bid/31380 http://www.securitytracker.com/id?1020944 https://exchange.xforce.ibmcloud.com/vulnerabilities/45397 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 3%CPEs: 6EXPL: 0CVE-2008-3637
https://notcve.org/view.php?id=CVE-2008-3637
The Hash-based Message Authentication Code (HMAC) provider in Java on Apple Mac OS X 10.4.11, 10.5.4, and 10.5.5 uses an uninitialized variable, which allows remote attackers to execute arbitrary code via a crafted applet, related to an "error checking issue." El proveedor Hash-based Message Authentication Code en Java on Apple Mac OS X v10.4.11, 10.5.4 y 10.5.5 emplea una variable sin inicializar, esto permite a atacantes remotos ejecutar código de su elección a través de un applet manipulado, relacionado con una "cuestión de chequeo de error". • http://lists.apple.com/archives/security-announce//2008/Sep/msg00007.html http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html http://secunia.com/advisories/32018 http://support.apple.com/kb/HT3178 http://support.apple.com/kb/HT3179 http://www.securityfocus.com/bid/31379 http://www.securitytracker.com/id?1020943 https://exchange.xforce.ibmcloud.com/vulnerabilities/45396 • CWE-665: Improper Initialization •
CVSS: 9.3EPSS: 0%CPEs: 12EXPL: 0CVE-2008-2332
https://notcve.org/view.php?id=CVE-2008-2332
ImageIO in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a crafted TIFF image. ImageIO en Apple Mac OS X y 10.5 a la v10.5.4, permite a atacantes dependientes de contexto provocar una denegación de servicio (corrupción de memoria y caída de aplicación) o ejecución de ficheros de su elección a través de una imagen TIFF manipulada. • http://lists.apple.com/archives/security-announce//2008/Nov/msg00001.html http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html http://secunia.com/advisories/31882 http://secunia.com/advisories/32706 http://support.apple.com/kb/HT3276 http://support.apple.com/kb/HT3298 http://www.securityfocus.com/bid/31189 http://www.securitytracker.com/id?1020876 http://www.us-cert.gov/cas/techalerts/TA08-260A.html http://www.vupen.com/english/advisories/2008/2 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 0%CPEs: 12EXPL: 0CVE-2008-3608
https://notcve.org/view.php?id=CVE-2008-3608
ImageIO in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a crafted JPEG image with an embedded ICC profile. ImageIO en Apple Mac OS X 10.4.11 y 10.5 a la v10.5.4, permite a atacantes dependientes de contexto provocar una denegación de servicio (corrupción de memoria y caída de aplicación) o ejecutar código de su elección a través de una imagen JPG manipulada con un perfill ICC embebido (incrustado). • http://lists.apple.com/archives/security-announce//2008/Nov/msg00001.html http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html http://secunia.com/advisories/31882 http://secunia.com/advisories/32706 http://support.apple.com/kb/HT3276 http://support.apple.com/kb/HT3298 http://www.securityfocus.com/bid/31189 http://www.securitytracker.com/id?1020876 http://www.us-cert.gov/cas/techalerts/TA08-260A.html http://www.vupen.com/english/advisories/2008/2 • CWE-399: Resource Management Errors •