Page 480 of 2946 results (0.026 seconds)

CVSS: 7.2EPSS: 0%CPEs: 10EXPL: 0

CVE-2008-3609

https://notcve.org/view.php?id=CVE-2008-3609

The kernel in Apple Mac OS X 10.5 through 10.5.4 does not properly flush cached credentials during recycling (aka purging) of a vnode, which might allow local users to bypass the intended read or write permissions of a file. kernel en Apple Mac OS X 10.5 a la 10.5.4 no limpia adecuadamente las credenciales cacheadas durante el reciclaje (también conocido como purgado) de un "vnode", lo que permite a usuarios locales evitar los permisos de lectura y escritura establecidos de manera previa. • http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html http://secunia.com/advisories/31882 http://www.securityfocus.com/bid/31189 http://www.securitytracker.com/id?1020877 http://www.us-cert.gov/cas/techalerts/TA08-260A.html http://www.vupen.com/english/advisories/2008/2584 https://exchange.xforce.ibmcloud.com/vulnerabilities/45169 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 9.3EPSS: 3%CPEs: 12EXPL: 0

CVE-2008-3621

https://notcve.org/view.php?id=CVE-2008-3621

VideoConference in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via vectors involving H.264 encoded media. VideoConference en Apple Mac OS X 10.4.11 y 10.5 a la v 10.5.4, permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de aplicación) o ejecutar código de su elección a través de vectores involucrados con el codec/encoder H.264. • http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html http://secunia.com/advisories/31882 http://securitytracker.com/id?1020885 http://www.securityfocus.com/bid/31189 http://www.us-cert.gov/cas/techalerts/TA08-260A.html http://www.vupen.com/english/advisories/2008/2584 https://exchange.xforce.ibmcloud.com/vulnerabilities/45177 • CWE-399: Resource Management Errors •

CVSS: 1.9EPSS: 0%CPEs: 10EXPL: 0

CVE-2008-2329

https://notcve.org/view.php?id=CVE-2008-2329

Directory Services in Apple Mac OS X 10.5 through 10.5.4, when Active Directory is used, allows attackers to enumerate user names via wildcard characters in the Login Window. Directory Services en Mac OS X de Apple versiones 10.5 hasta 10.5.4, cuando es usado Active Directory, permite a los atacantes enumerar los nombres de usuario por medio de caracteres comodín (o wildcard) en la Ventana de Inicio de Sesión. • http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html http://secunia.com/advisories/31882 http://securitytracker.com/id?1020874 http://www.securityfocus.com/bid/31189 http://www.us-cert.gov/cas/techalerts/TA08-260A.html http://www.vupen.com/english/advisories/2008/2584 https://exchange.xforce.ibmcloud.com/vulnerabilities/45163 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 10.0EPSS: 0%CPEs: 12EXPL: 0

CVE-2008-3616

https://notcve.org/view.php?id=CVE-2008-3616

Multiple integer overflows in the SearchKit API in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allow context-dependent attackers to cause a denial of service (application crash) or execute arbitrary code via vectors associated with "passing untrusted input" to unspecified API functions. Múltiples desbordamientos de entero en SearchKit API en Apple Mac OS X 10.4.11 y 10.5 a la v10.5.4, permiten a atacantes dependientes de contexto provocar una denegación de servicio (caída de aplicación) o ejecutar código de su elección a través de vectores asociados con "evasión de entrada de datos no confiable" a funciones API no especificadas. • http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html http://secunia.com/advisories/31882 http://securitytracker.com/id?1020880 http://www.securityfocus.com/bid/31189 http://www.us-cert.gov/cas/techalerts/TA08-260A.html http://www.vupen.com/english/advisories/2008/2584 https://exchange.xforce.ibmcloud.com/vulnerabilities/45172 • CWE-189: Numeric Errors •

CVSS: 10.0EPSS: 88%CPEs: 15EXPL: 1

CVE-2008-3529 – Apple Safari - RSS 'feed://' Buffer Overflow via libxml2 (PoC)

https://notcve.org/view.php?id=CVE-2008-3529

Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name. Desbordamiento de búfer basado en pila en la función xmlParseAttValueComplex en el módulo parser.c de libxml2 versiones anteriores a 2.7.0 permite a atacantes dependientes del contexto provocar una denegación de servicio (parada inesperada) o la posibilidad de ejecutar código de su elección al utilizar un nombre largo de entidad XML. • https://www.exploit-db.com/exploits/8798 http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html http://lists.apple.com/archives/security-announce/2009/May/msg00000.html http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html http://secunia.com/advisories/31558 http://secunia.com/advisories/31855 http://secunia.com/advisories/31860 http://secunia.com/advisories/31868 http:/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •