CVSS: 9.3EPSS: 14%CPEs: 8EXPL: 0CVE-2008-1574
https://notcve.org/view.php?id=CVE-2008-1574
02 Jun 2008 — Integer overflow in ImageIO in Apple Mac OS X before 10.5.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG2000 image that triggers a heap-based buffer overflow. Un desbordamiento de enteros en ImageIO en Apple Mac OS X versiones anteriores a 10.5.3, permite a los atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (bloqueo de aplicación) por medio de una imagen JPEG2000 diseñada que desencadena un desbordamie... • http://lists.apple.com/archives/security-announce/2008//May/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 5%CPEs: 9EXPL: 0CVE-2008-1036 – ICU: Invalid character sequences omission during conversion of some character encodings (XSS attack possible)
https://notcve.org/view.php?id=CVE-2008-1036
02 Jun 2008 — The International Components for Unicode (ICU) library in Apple Mac OS X before 10.5.3, Red Hat Enterprise Linux 5, and other operating systems omits some invalid character sequences during conversion of some character encodings, which might allow remote attackers to conduct cross-site scripting (XSS) attacks. La biblioteca International Components for Unicode (ICU) en Apple Mac OS X versiones anteriores a 10.5.3, Red Hat Enterprise Linux versión 5 y otros sistemas operativos, omite algunas secuencias de ca... • http://lists.apple.com/archives/security-announce/2008//May/msg00001.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 8%CPEs: 2EXPL: 0CVE-2008-1028
https://notcve.org/view.php?id=CVE-2008-1028
02 Jun 2008 — Unspecified vulnerability in AppKit in Apple Mac OS X before 10.5 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document file, as demonstrated by opening the document with TextEdit. Una vulnerabilidad no especificada en AppKit en Apple Mac OS X versiones anteriores a 10.5, permite a los atacantes remotos asistidos por el usuario ejecutar código arbitrario o causar una denegación de servicio (bloqueo de aplicación) por medio de ... • http://lists.apple.com/archives/security-announce/2008//May/msg00001.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2008-1571
https://notcve.org/view.php?id=CVE-2008-1571
02 Jun 2008 — Directory traversal vulnerability in the embedded web server in Image Capture in Apple Mac OS X before 10.5 allows remote attackers to read arbitrary files via directory traversal sequences in the URI. Una vulnerabilidad de salto de directorio en el servidor web incorporado en Image Capture en Apple Mac OS X versiones anteriores a 10.5, permite a los atacantes remotos leer archivos arbitrarios por medio de secuencias de salto de directorio en el URI. • http://lists.apple.com/archives/security-announce/2008//May/msg00001.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.3EPSS: 1%CPEs: 8EXPL: 0CVE-2008-1579
https://notcve.org/view.php?id=CVE-2008-1579
02 Jun 2008 — Wiki Server in Apple Mac OS X 10.5 before 10.5.3 allows remote attackers to obtain sensitive information (user names) by reading the error message produced upon access to a nonexistent blog. Wiki Server en Apple Mac OS X versiones 10.5 anteriores a 10.5.3, permite a los atacantes remotos obtener información confidencial (nombres de usuario) mediante la lectura del mensaje de error producido al acceder a un blog inexistente. • http://lists.apple.com/archives/security-announce/2008//May/msg00001.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 3%CPEs: 6EXPL: 0CVE-2008-1575
https://notcve.org/view.php?id=CVE-2008-1575
02 Jun 2008 — Unspecified vulnerability in the Apple Type Services (ATS) server in Apple Mac OS X 10.5 before 10.5.3 allows user-assisted remote attackers to execute arbitrary code via a crafted embedded font in a PDF document, related to memory corruption that occurs during printing. Una vulnerabilidad no especificada en el servidor Apple Type Services (ATS) en Apple Mac OS X versiones 10.5 anteriores a 10.5.3, permite a los atacantes remotos asistidos por el usuario ejecutar código arbitrario por medio de una fuente di... • http://lists.apple.com/archives/security-announce/2008//May/msg00001.html • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 1%CPEs: 5EXPL: 0CVE-2008-1033
https://notcve.org/view.php?id=CVE-2008-1033
02 Jun 2008 — The scheduler in CUPS in Apple Mac OS X 10.5 before 10.5.3, when debug logging is enabled and a printer requires a password, allows attackers to obtain sensitive information (credentials) by reading the log data, related to "authentication environment variables." El planificador en CUPS en Apple Mac OS X versiones 10.5 anteriores a 10.5.3, cuando el registro de depuración está habilitado y una impresora requiere una contraseña, permite a los atacantes obtener información confidencial (credenciales) mediante... • http://lists.apple.com/archives/security-announce/2008//May/msg00001.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 3%CPEs: 8EXPL: 0CVE-2008-1032
https://notcve.org/view.php?id=CVE-2008-1032
02 Jun 2008 — Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.5.3 allows user-assisted remote attackers to execute arbitrary code via an (1) Automator, (2) Help, (3) Safari, or (4) Terminal content type for a downloadable object, which does not trigger a "potentially unsafe" warning message in (a) the Download Validation feature in Mac OS X 10.4 or (b) the Quarantine feature in Mac OS X 10.5. Una vulnerabilidad de lista negra incompleta en CoreTypes en Apple Mac OS X versiones anteriores a 10.... • http://lists.apple.com/archives/security-announce/2008//May/msg00001.html •
CVSS: 10.0EPSS: 70%CPEs: 9EXPL: 1CVE-2008-0599 – php: buffer overflow in a CGI path translation
https://notcve.org/view.php?id=CVE-2008-0599
05 May 2008 — The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI. La función init_request_info en sapi/cgi/cgi_main.c en PHP en versiones anteriores a 5.2.6 no considera correctamente la precedencia del operador cuando calcula la longitud de PATH_TRANSLATED, lo que podrían permitir a atacantes remotos ejecutar código arbitrario... • http://cvs.php.net/viewvc.cgi/php-src/sapi/cgi/cgi_main.c?r1=1.267.2.15.2.50.2.12&r2=1.267.2.15.2.50.2.13&diff_format=u • CWE-131: Incorrect Calculation of Buffer Size •
CVSS: 9.8EPSS: 12%CPEs: 8EXPL: 0CVE-2008-1026 – Apple Safari WebKit PCRE Handling Integer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2008-1026
16 Apr 2008 — Integer overflow in the PCRE regular expression compiler (JavaScriptCore/pcre/pcre_compile.cpp) in Apple WebKit, as used in Safari before 3.1.1, allows remote attackers to execute arbitrary code via a regular expression with large, nested repetition counts, which triggers a heap-based buffer overflow. Desbordamiento de entero en el compilador de expresiones regulares PCRE (JavaScriptCore/pcre/pcre_compile.cpp) en Apple WebKit, como se utiliza en Safari en versiones anteriores a 3.1.1, permite a atacantes re... • http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •