Page 483 of 2935 results (0.026 seconds)

CVSS: 9.3EPSS: 3%CPEs: 8EXPL: 0

CVE-2008-1031

https://notcve.org/view.php?id=CVE-2008-1031

CoreGraphics in Apple Mac OS X before 10.5.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document, related to an uninitialized variable. CoreGraphics en Apple Mac OS X versiones anteriores a 10.5.3, permite a los atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (bloqueo de aplicación) por medio de un documento PDF especialmente diseñado, relacionado con una variable no inicializada. • http://lists.apple.com/archives/security-announce/2008//May/msg00001.html http://secunia.com/advisories/30430 http://securitytracker.com/id?1020136 http://www.securityfocus.com/bid/29412 http://www.securityfocus.com/bid/29480 http://www.us-cert.gov/cas/techalerts/TA08-150A.html http://www.vupen.com/english/advisories/2008/1697 https://exchange.xforce.ibmcloud.com/vulnerabilities/42710 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 2%CPEs: 8EXPL: 0

CVE-2008-1574

https://notcve.org/view.php?id=CVE-2008-1574

Integer overflow in ImageIO in Apple Mac OS X before 10.5.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG2000 image that triggers a heap-based buffer overflow. Un desbordamiento de enteros en ImageIO en Apple Mac OS X versiones anteriores a 10.5.3, permite a los atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (bloqueo de aplicación) por medio de una imagen JPEG2000 diseñada que desencadena un desbordamiento de búfer en la región heap de la memoria. • http://lists.apple.com/archives/security-announce/2008//May/msg00001.html http://secunia.com/advisories/30430 http://securitytracker.com/id?1020144 http://www.securityfocus.com/bid/29412 http://www.securityfocus.com/bid/29514 http://www.us-cert.gov/cas/techalerts/TA08-150A.html http://www.vupen.com/english/advisories/2008/1697 https://exchange.xforce.ibmcloud.com/vulnerabilities/42722 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 6%CPEs: 8EXPL: 0

CVE-2008-1577

https://notcve.org/view.php?id=CVE-2008-1577

Unspecified vulnerability in the Pixlet codec in Apple Pixlet Video in Apple Mac OS X before 10.5.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file, related to "multiple memory corruption issues." Una vulnerabilidad no especificada en el códec Pixlet en Apple Pixlet Video en Apple Mac OS X versiones anteriores a 10.5.3, permite a los atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (bloqueo de aplicación) por medio de un archivo de película especialmente diseñado, relacionado con "multiple memory corruption issues." • http://lists.apple.com/archives/security-announce/2008//May/msg00001.html http://secunia.com/advisories/30430 http://securitytracker.com/id?1020132 http://www.securityfocus.com/bid/29412 http://www.securityfocus.com/bid/29489 http://www.us-cert.gov/cas/techalerts/TA08-150A.html http://www.vupen.com/english/advisories/2008/1697 https://exchange.xforce.ibmcloud.com/vulnerabilities/42706 •

CVSS: 4.3EPSS: 0%CPEs: 9EXPL: 0

CVE-2008-1580

https://notcve.org/view.php?id=CVE-2008-1580

CFNetwork in Safari in Apple Mac OS X before 10.5.3 automatically sends an SSL client certificate in response to a web server's certificate request, which allows remote web sites to obtain sensitive information (Subject data) from personally identifiable certificates, and use arbitrary certificates to track user activities across domains, a related issue to CVE-2007-4879. CFNetwork en Safari en Apple Mac OS X versiones anteriores a 10.5.3, envía automáticamente un certificado de cliente SSL en respuesta a la petición de certificado de un servidor web, lo que permite a los sitios web remotos obtener información confidencial (datos del Subject) de certificados identificables personalmente y utilizar certificados arbitrarios para rastrear las actividades de los usuarios en todos los dominios, un problema relacionado con CVE-2007-4879. • http://lists.apple.com/archives/security-announce/2008//May/msg00001.html http://secunia.com/advisories/30430 http://securitytracker.com/id?1020134 http://www.securityfocus.com/bid/29412 http://www.securityfocus.com/bid/29493 http://www.us-cert.gov/cas/techalerts/TA08-150A.html http://www.vupen.com/english/advisories/2008/1697 https://exchange.xforce.ibmcloud.com/vulnerabilities/42708 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.3EPSS: 0%CPEs: 9EXPL: 0

CVE-2008-1036 – ICU: Invalid character sequences omission during conversion of some character encodings (XSS attack possible)

https://notcve.org/view.php?id=CVE-2008-1036

The International Components for Unicode (ICU) library in Apple Mac OS X before 10.5.3, Red Hat Enterprise Linux 5, and other operating systems omits some invalid character sequences during conversion of some character encodings, which might allow remote attackers to conduct cross-site scripting (XSS) attacks. La biblioteca International Components for Unicode (ICU) en Apple Mac OS X versiones anteriores a 10.5.3, Red Hat Enterprise Linux versión 5 y otros sistemas operativos, omite algunas secuencias de caracteres no válidas durante la conversión de algunas codificaciones de caracteres, lo que podría permitir a los atacantes remotos conducir ataques de tipo cross-site scripting (XSS). • http://lists.apple.com/archives/security-announce/2008//May/msg00001.html http://secunia.com/advisories/30430 http://secunia.com/advisories/34290 http://secunia.com/advisories/34777 http://securitytracker.com/id?1020139 http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0064 http://www.debian.org/security/2009/dsa-1762 http://www.redhat.com/support/errata/RHSA-2009-0296.html http://www.securityfocus.com/bid/29412 http://www.securityfocus.com/bid/29488 http://www.ubuntu • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •