CVSS: 4.6EPSS: 0%CPEs: 2EXPL: 0CVE-2008-2324
https://notcve.org/view.php?id=CVE-2008-2324
The Repair Permissions tool in Disk Utility in Apple Mac OS X 10.4.11 adds the setuid bit to the emacs executable file, which allows local users to gain privileges by executing commands within emacs. La herramienta Repair Permissions de Disk Utility en Apple Mac OS X 10.4.11, añade el bit setuid al archivo ejecutable emacs, lo cual permite a los usuarios locales obtener privilegios ejecutando comandos sin emacs. • http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html http://secunia.com/advisories/31326 http://www.securityfocus.com/bid/30483 http://www.securityfocus.com/bid/30492 http://www.securitytracker.com/id?1020605 http://www.vupen.com/english/advisories/2008/2268 https://exchange.xforce.ibmcloud.com/vulnerabilities/44132 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 0%CPEs: 5EXPL: 0CVE-2008-2320
https://notcve.org/view.php?id=CVE-2008-2320
Stack-based buffer overflow in CarbonCore in Apple Mac OS X 10.4.11 and 10.5.4, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long filename to the file management API. Un desbordamiento de búfer en la región stack de la memoria en CarbonCore en Mac OS X versiones 10.4.11 y 10.5.4, iPhone OS versiones 1.0 hasta 2.2.1, y iPhone OS para iPod touch versiones 1.1 hasta 2.2.1, de Apple, permite a los atacantes dependiendo del contexto ejecutar código arbitrario o causar una denegación de servicio (bloqueo de aplicación) por medio de un nombre de archivo largo en la API de administración de archivos. • http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html http://secunia.com/advisories/31326 http://secunia.com/advisories/35379 http://support.apple.com/kb/HT3613 http://support.apple.com/kb/HT3639 http://www.securityfocus.com/archive/1/495040/100/0/threaded http://www.securityfocus.com/bid/30483 http://www. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 12%CPEs: 5EXPL: 1CVE-2008-2321 – Apple Mac OSX 10.x - CoreGraphics Multiple Memory Corruption Vulnerabilities
https://notcve.org/view.php?id=CVE-2008-2321
Unspecified vulnerability in CoreGraphics in Apple Mac OS X 10.4.11 and 10.5.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unknown vectors involving "processing of arguments." Vulnerabilidad no especificada en CoreGraphics de Apple Mac OS X 10.4.11 and 10.5.4, permite a atacantes ejecutar código arbitrariamente o provocar una denegación de servicio (corrupción de memoria y caída de aplicación) a través de vectores desconocidos que implican el "procesado de argumentos" • https://www.exploit-db.com/exploits/32136 http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html http://secunia.com/advisories/31326 http://secunia.com/advisories/32756 http://secunia.com/advisories/35379 http://support.apple.com/kb/HT3318 http://support.apple.com/kb/HT3613 http://www.securityfocus.com/bid/30483 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 1%CPEs: 5EXPL: 0CVE-2008-2322
https://notcve.org/view.php?id=CVE-2008-2322
Integer overflow in CoreGraphics in Apple Mac OS X 10.4.11, 10.5.2, and 10.5.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PDF file with a long Type 1 font, which triggers a heap-based buffer overflow. Desbordamiento de Entero en CoreGraphics in Apple Mac OS X 10.4.11, 10.5.2 y 10.5.4, permite a atacantes remotos ejecutar código arbitrariamente o provocar una denegación de servicio (caída de aplicación) mediante un archvo PDF con una fuente Type 1 larga, la cual provoca un desbordamiento de búfer basado en monticulo. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=730 http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html http://secunia.com/advisories/31326 http://www.securityfocus.com/bid/30483 http://www.securityfocus.com/bid/30489 http://www.securitytracker.com/id?1020604 http://www.vupen.com/english/advisories/2008/2268 https://exchange.xforce.ibmcloud.com/vulnerabilities/44128 • CWE-189: Numeric Errors •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2008-3438
https://notcve.org/view.php?id=CVE-2008-3438
Apple Mac OS X does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning. Apple Mac OS X no verifica adecuadamente la autenticidad de las actualizaciones, lo cual permite a atacantes de tipo 'hombre en el medio' (man-in-the-middle) ejecutar código de su elección a través de la actualización de un Caballo de Troya, como se demuestra por el grado de daño y el envenenamiento de la caché DNS. • http://archives.neohapsis.com/archives/bugtraq/2008-07/0250.html http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf http://www.infobyte.com.ar/down/isr-evilgrade-1.0.0.tar.gz • CWE-494: Download of Code Without Integrity Check •