CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2008-0056
https://notcve.org/view.php?id=CVE-2008-0056
Stack-based buffer overflow in Foundation in Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via a "long pathname with an unexpected structure" that triggers the overflow in NSFileManager. Desbordamiento de búfer basado en pila en Foundation de Apple Mac OS X 10.4.11 permite a atacantes dependientes del contexto ejecutar código de su elección a través de "un nombre de ruta largo con una estructura inesperada" que dispara el desbordamiento en NSFileManager. • http://docs.info.apple.com/article.html?artnum=307562 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://secunia.com/advisories/29420 http://www.securityfocus.com/bid/28304 http://www.securityfocus.com/bid/28357 http://www.securitytracker.com/id?1019649 http://www.us-cert.gov/cas/techalerts/TA08-079A.html http://www.vupen.com/english/advisories/2008/0924/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41309 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.8EPSS: 11%CPEs: 2EXPL: 0CVE-2008-0058
https://notcve.org/view.php?id=CVE-2008-0058
Race condition in the NSURLConnection cache management functionality in Foundation for Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via unspecified manipulations that cause messages to be sent to a deallocated object. Condición de carrera en la funcionalidad de gestión de cache NSURLConnection en Foundation de Apple Mac OS X 10.4.11, permite a atacantes remotos ejecutar código de su elección a través de manipulaciones no especificadas que provocan que los mensajes sean enviados a un objeto no asignado. • http://docs.info.apple.com/article.html?artnum=307562 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://secunia.com/advisories/29420 http://www.securityfocus.com/bid/28304 http://www.securityfocus.com/bid/28359 http://www.securitytracker.com/id?1019650 http://www.us-cert.gov/cas/techalerts/TA08-079A.html http://www.vupen.com/english/advisories/2008/0924/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41297 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.8EPSS: 2%CPEs: 2EXPL: 0CVE-2008-0052
https://notcve.org/view.php?id=CVE-2008-0052
CoreServices in Apple Mac OS X 10.4.11 treats .ief as a safe file type, which allows remote attackers to force Safari users into opening an .ief file in AppleWorks, even when the "Open 'Safe' files" preference is set. CoreServices en Apple Mac OS X 10.4.11 trata los ficheros con extensión .ief como de tipo seguro, lo cual permite a atacantes remotos forzar a usuarios de Safari abrir un fichero .ief en AppleWorks, aun cuando la preferencia "Apertura Segura" de ficheros este seleccionada. • http://docs.info.apple.com/article.html?artnum=307562 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://secunia.com/advisories/29420 http://www.securityfocus.com/bid/28304 http://www.securityfocus.com/bid/28384 http://www.securitytracker.com/id?1019671 http://www.us-cert.gov/cas/techalerts/TA08-079A.html http://www.vupen.com/english/advisories/2008/0924/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41312 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.4EPSS: 2%CPEs: 2EXPL: 0CVE-2008-0054
https://notcve.org/view.php?id=CVE-2008-0054
Foundation in Apple Mac OS X 10.4.11 might allow context-dependent attackers to execute arbitrary code via a malformed selector name to the NSSelectorFromString API, which causes an "unexpected selector" to be used. Foundation en Apple Mac OS X 10.4.11 podría permitir a atacantes dependientes del contexto ejecutar código de su elección a través de un nombre de selector mal formado a la API NSSelectorFromString, lo que provoca que se utilice "unexpected selector". • http://docs.info.apple.com/article.html?artnum=307562 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://secunia.com/advisories/29420 http://www.securityfocus.com/bid/28304 http://www.securityfocus.com/bid/28341 http://www.securitytracker.com/id?1019649 http://www.us-cert.gov/cas/techalerts/TA08-079A.html http://www.vupen.com/english/advisories/2008/0924/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41355 • CWE-20: Improper Input Validation •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2008-0999
https://notcve.org/view.php?id=CVE-2008-0999
Apple Mac OS X 10.5.2 allows user-assisted attackers to cause a denial of service (crash) via a crafted Universal Disc Format (UDF) disk image, which triggers a NULL pointer dereference. Apple Mac OS X 10.5.2 permite a atacantes con la ayuda del usuario provocar una denegación de servicio (caída) a través de una imagen de disco manipulada de un Formato de Disco Universal (Universal Disc Format - UDF) que induce una referencia a un puntero nulo. • http://docs.info.apple.com/article.html?artnum=307562 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://secunia.com/advisories/29420 http://www.securityfocus.com/bid/28304 http://www.securityfocus.com/bid/28389 http://www.securitytracker.com/id?1019669 http://www.us-cert.gov/cas/techalerts/TA08-079A.html http://www.vupen.com/english/advisories/2008/0924/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41280 • CWE-20: Improper Input Validation •