CVSS: 5.0EPSS: 0%CPEs: 8EXPL: 0CVE-2008-1579
https://notcve.org/view.php?id=CVE-2008-1579
Wiki Server in Apple Mac OS X 10.5 before 10.5.3 allows remote attackers to obtain sensitive information (user names) by reading the error message produced upon access to a nonexistent blog. Wiki Server en Apple Mac OS X versiones 10.5 anteriores a 10.5.3, permite a los atacantes remotos obtener información confidencial (nombres de usuario) mediante la lectura del mensaje de error producido al acceder a un blog inexistente. • http://lists.apple.com/archives/security-announce/2008//May/msg00001.html http://secunia.com/advisories/30430 http://securitytracker.com/id?1020143 http://www.securityfocus.com/bid/29412 http://www.us-cert.gov/cas/techalerts/TA08-150A.html http://www.vupen.com/english/advisories/2008/1697 https://exchange.xforce.ibmcloud.com/vulnerabilities/42727 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 4%CPEs: 6EXPL: 0CVE-2008-1575
https://notcve.org/view.php?id=CVE-2008-1575
Unspecified vulnerability in the Apple Type Services (ATS) server in Apple Mac OS X 10.5 before 10.5.3 allows user-assisted remote attackers to execute arbitrary code via a crafted embedded font in a PDF document, related to memory corruption that occurs during printing. Una vulnerabilidad no especificada en el servidor Apple Type Services (ATS) en Apple Mac OS X versiones 10.5 anteriores a 10.5.3, permite a los atacantes remotos asistidos por el usuario ejecutar código arbitrario por medio de una fuente diseñada incorporada en un documento PDF, relacionado con una corrupción de memoria que ocurre durante la impresión. • http://lists.apple.com/archives/security-announce/2008//May/msg00001.html http://secunia.com/advisories/30430 http://securitytracker.com/id?1020133 http://www.securityfocus.com/bid/29412 http://www.securityfocus.com/bid/29492 http://www.us-cert.gov/cas/techalerts/TA08-150A.html http://www.vupen.com/english/advisories/2008/1697 https://exchange.xforce.ibmcloud.com/vulnerabilities/42707 • CWE-399: Resource Management Errors •
CVSS: 6.8EPSS: 3%CPEs: 5EXPL: 0CVE-2008-1576
https://notcve.org/view.php?id=CVE-2008-1576
Mail in Apple Mac OS X before 10.5, when an IPv6 SMTP server is used, does not properly initialize memory, which might allow remote attackers to execute arbitrary code or cause a denial of service (application crash), or obtain sensitive information (memory contents) in opportunistic circumstances, by sending an e-mail message. Mail en Apple Mac OS X versiones anteriores a 10.5, cuando un servidor IPv6 SMTP es usado, no inicializa correctamente la memoria, lo que podría permitir a los atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (bloqueo de aplicación) u obtener información confidencial (contenido de la memoria ) en circunstancias oportunistas, mediante el envío de un mensaje de correo electrónico. • http://lists.apple.com/archives/security-announce/2008//May/msg00001.html http://secunia.com/advisories/30430 http://securitytracker.com/id?1020140 http://www.securityfocus.com/bid/29412 http://www.securityfocus.com/bid/29500 http://www.us-cert.gov/cas/techalerts/TA08-150A.html http://www.vupen.com/english/advisories/2008/1697 https://exchange.xforce.ibmcloud.com/vulnerabilities/42723 • CWE-399: Resource Management Errors •
CVSS: 6.8EPSS: 3%CPEs: 8EXPL: 0CVE-2008-1032
https://notcve.org/view.php?id=CVE-2008-1032
Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.5.3 allows user-assisted remote attackers to execute arbitrary code via an (1) Automator, (2) Help, (3) Safari, or (4) Terminal content type for a downloadable object, which does not trigger a "potentially unsafe" warning message in (a) the Download Validation feature in Mac OS X 10.4 or (b) the Quarantine feature in Mac OS X 10.5. Una vulnerabilidad de lista negra incompleta en CoreTypes en Apple Mac OS X versiones anteriores a 10.5.3, permite a los atacantes remotos asistidos por el usuario ejecutar código arbitrario por medio de un tipo de contenido de (1) Automator, (2) Help, (3) Safari o (4) Terminal para un objeto descargable, que no activa un mensaje de advertencia "potentially unsafe" en (a) la funcionalidad Download Validation en Mac OS X versión 10.4 o (b) la funcionalidad Quarantine en Mac OS X versión 10.5. • http://lists.apple.com/archives/security-announce/2008//May/msg00001.html http://secunia.com/advisories/30430 http://securitytracker.com/id?1020137 http://www.securityfocus.com/bid/29412 http://www.securityfocus.com/bid/29481 http://www.us-cert.gov/cas/techalerts/TA08-150A.html http://www.vupen.com/english/advisories/2008/1697 https://exchange.xforce.ibmcloud.com/vulnerabilities/42711 •
CVSS: 9.3EPSS: 4%CPEs: 5EXPL: 0CVE-2008-1034
https://notcve.org/view.php?id=CVE-2008-1034
Integer underflow in Help Viewer in Apple Mac OS X before 10.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted help:topic URL that triggers a buffer overflow. Un desbordamiento de enteros en Help Viewer en Apple Mac OS X versiones anteriores a 10.5, permite a los atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (bloqueo de aplicación) por medio de una URL help:topic que desencadena un desbordamiento de búfer. • http://lists.apple.com/archives/security-announce/2008//May/msg00001.html http://secunia.com/advisories/30430 http://securitytracker.com/id?1020138 http://www.kb.cert.org/vuls/id/566875 http://www.securityfocus.com/bid/29412 http://www.securityfocus.com/bid/29483 http://www.us-cert.gov/cas/techalerts/TA08-150A.html http://www.vupen.com/english/advisories/2008/1697 https://exchange.xforce.ibmcloud.com/vulnerabilities/42716 • CWE-189: Numeric Errors •