CVSS: 4.4EPSS: 0%CPEs: 30EXPL: 0CVE-2008-2314
https://notcve.org/view.php?id=CVE-2008-2314
Dock in Apple Mac OS X 10.5 before 10.5.4, when Exposé hot corners is enabled, allows physically proximate attackers to gain access to a locked session in (1) sleep mode or (2) screen saver mode via unspecified vectors. Dock en Apple Mac OS X 10.5 anterior a la versión 10.5.4, cuando las zonas activas de Exposé están habilitadas, permite a los atacantes físicamente próximos obtener acceso a una sesión bloqueada en (1) modo de suspensión o (2) modo de protector de pantalla a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html http://secunia.com/advisories/30802 http://securitytracker.com/id?1020395 http://support.apple.com/kb/HT2163 http://www.securityfocus.com/bid/30018 http://www.vupen.com/english/advisories/2008/1981/references https://exchange.xforce.ibmcloud.com/vulnerabilities/43497 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.6EPSS: 0%CPEs: 24EXPL: 0CVE-2008-2308
https://notcve.org/view.php?id=CVE-2008-2308
Unspecified vulnerability in Alias Manager in Apple Mac OS X 10.5.1 and earlier on Intel platforms allows local users to gain privileges or cause a denial of service (memory corruption and application crash) by resolving an alias that contains crafted AFP volume mount information. Vulnerabilidad sin especificar en Alias Manager en Apple Mac OS X 10.5.1 y versiones anteriores sobre plataformas Intel, permite a usuarios locales obtener provilegios o provocar una denegación de servicio (caída de aplicación o corrupción de memoria) resolviendo un alias que contiene una información AFP manipulada del volumen montado. • http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html http://secunia.com/advisories/30802 http://securitytracker.com/id?1020390 http://support.apple.com/kb/HT2163 http://www.securityfocus.com/bid/30018 http://www.vupen.com/english/advisories/2008/1981/references https://exchange.xforce.ibmcloud.com/vulnerabilities/43474 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 9%CPEs: 60EXPL: 0CVE-2008-2307
https://notcve.org/view.php?id=CVE-2008-2307
Unspecified vulnerability in WebKit in Apple Safari before 3.1.2, as distributed in Mac OS X before 10.5.4, and standalone for Windows and Mac OS X 10.4, allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors involving JavaScript arrays that trigger memory corruption. Una vulnerabilidad no especificada en WebKit en Apple Safari anterior a la versión 3.1.2, distribuida en Mac OS X anterior a la versión 10.5.4, e independiente para Windows y Mac OS X versión 10.4, permite a los atacantes remotos causar una denegación de servicio (bloqueo de aplicación) o ejecutar código arbitrario por medio de vectores que involucra a la matriz JavaScript que desencadena una corrupción de memoria. • http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html http://lists.apple.com/archives/security-announce/2008//Jun/msg00001.html http://lists.apple.com/archives/security-announce/2008//Jun/msg00003.html http://secunia.com/advisories/30775 http://secunia.com/advisories/30801 http://secunia.com/advisories/30992 http://secunia.com/advisories/31074 http://support.apple.com/kb/HT2092 http://support.apple.com/kb/HT2163 http://support.apple.com/kb/HT2165 h • CWE-399: Resource Management Errors •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 2CVE-2008-2830 – Apple Mac OSX 10.x - Applescript ARDAgent Shell Privilege Escalation
https://notcve.org/view.php?id=CVE-2008-2830
Open Scripting Architecture in Apple Mac OS X 10.4.11 and 10.5.4, and some other 10.4 and 10.5 versions, does not properly restrict the loading of scripting addition plugins, which allows local users to gain privileges via scripting addition commands to a privileged application, as originally demonstrated by an osascript tell command to ARDAgent. Open Scripting Architecture en Mac OS X de Apple versiones 10.4.11 y 10.5.4, y algunas otras versiones 10.4 y 10.5, no restringe apropiadamente la carga de plugins de adición de scripting, lo que permite a los usuarios locales alcanzar privilegios mediante comandos de adición de scripting hacia una aplicación privilegiada, como es originalmente demostrado por un comando osascript tell para ARDAgent. • https://www.exploit-db.com/exploits/31940 http://it.slashdot.org/it/08/06/18/1919224.shtml http://lists.apple.com/archives/security-announce//2008//Sep/msg00006.html http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html http://secunia.com/advisories/30776 http://www.securityfocus.com/bid/29831 http://www.securitytracker.com/id?1020345 http://www.vupen.com/english/advisories/2008/1905/references https://exchange.xforce.ibmcloud.com/vulnerabilities/43294 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 4%CPEs: 6EXPL: 0CVE-2008-1575
https://notcve.org/view.php?id=CVE-2008-1575
Unspecified vulnerability in the Apple Type Services (ATS) server in Apple Mac OS X 10.5 before 10.5.3 allows user-assisted remote attackers to execute arbitrary code via a crafted embedded font in a PDF document, related to memory corruption that occurs during printing. Una vulnerabilidad no especificada en el servidor Apple Type Services (ATS) en Apple Mac OS X versiones 10.5 anteriores a 10.5.3, permite a los atacantes remotos asistidos por el usuario ejecutar código arbitrario por medio de una fuente diseñada incorporada en un documento PDF, relacionado con una corrupción de memoria que ocurre durante la impresión. • http://lists.apple.com/archives/security-announce/2008//May/msg00001.html http://secunia.com/advisories/30430 http://securitytracker.com/id?1020133 http://www.securityfocus.com/bid/29412 http://www.securityfocus.com/bid/29492 http://www.us-cert.gov/cas/techalerts/TA08-150A.html http://www.vupen.com/english/advisories/2008/1697 https://exchange.xforce.ibmcloud.com/vulnerabilities/42707 • CWE-399: Resource Management Errors •