CVSS: 7.2EPSS: 0%CPEs: 10EXPL: 0CVE-2008-3609
https://notcve.org/view.php?id=CVE-2008-3609
The kernel in Apple Mac OS X 10.5 through 10.5.4 does not properly flush cached credentials during recycling (aka purging) of a vnode, which might allow local users to bypass the intended read or write permissions of a file. kernel en Apple Mac OS X 10.5 a la 10.5.4 no limpia adecuadamente las credenciales cacheadas durante el reciclaje (también conocido como purgado) de un "vnode", lo que permite a usuarios locales evitar los permisos de lectura y escritura establecidos de manera previa. • http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html http://secunia.com/advisories/31882 http://www.securityfocus.com/bid/31189 http://www.securitytracker.com/id?1020877 http://www.us-cert.gov/cas/techalerts/TA08-260A.html http://www.vupen.com/english/advisories/2008/2584 https://exchange.xforce.ibmcloud.com/vulnerabilities/45169 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 3%CPEs: 12EXPL: 0CVE-2008-2305
https://notcve.org/view.php?id=CVE-2008-2305
Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows remote attackers to execute arbitrary code via a document containing a crafted font, related to "PostScript font names." Desbordamiento de búfer basado en montículo en Apple Type Services (ATS) en Apple Mac OS X 10.4.11 y 10.5 a la v10.5.4, permite a atacantes remotos ejecutar código de su elección a través de un documento que contiene un tipo de fuente manipulado, relacionado con "PostScript font names." (Nombres de fuentes postscript) • http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html http://secunia.com/advisories/31882 http://securitytracker.com/id?1020873 http://www.securityfocus.com/bid/31189 http://www.us-cert.gov/cas/techalerts/TA08-260A.html http://www.vupen.com/english/advisories/2008/2584 https://exchange.xforce.ibmcloud.com/vulnerabilities/45162 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 3%CPEs: 12EXPL: 0CVE-2008-3621
https://notcve.org/view.php?id=CVE-2008-3621
VideoConference in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via vectors involving H.264 encoded media. VideoConference en Apple Mac OS X 10.4.11 y 10.5 a la v 10.5.4, permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de aplicación) o ejecutar código de su elección a través de vectores involucrados con el codec/encoder H.264. • http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html http://secunia.com/advisories/31882 http://securitytracker.com/id?1020885 http://www.securityfocus.com/bid/31189 http://www.us-cert.gov/cas/techalerts/TA08-260A.html http://www.vupen.com/english/advisories/2008/2584 https://exchange.xforce.ibmcloud.com/vulnerabilities/45177 • CWE-399: Resource Management Errors •
CVSS: 4.9EPSS: 0%CPEs: 6EXPL: 0CVE-2008-2330
https://notcve.org/view.php?id=CVE-2008-2330
slapconfig in Directory Services in Apple Mac OS X 10.5 through 10.5.4 allows local users to select a readable output file into which the server password will be written by an OpenLDAP system administrator, related to the mkfifo function, aka an "insecure file operation issue." slapconfig en Directory Services en Apple Mac OS X 10.5 a la v10.5.4, permite a usuarios locales seleccionar un fichero con permisos de lectura de salida en el que ha sido escrito la contraseña del servidor mediante el administrador de sistema OpenLDAP, relacionado con la función "mkfifo", también conocido como "cuestión insegura de operación con fichero"(insecure file operation issue). • http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html http://secunia.com/advisories/31882 http://securitytracker.com/id?1020874 http://www.securityfocus.com/bid/31189 http://www.us-cert.gov/cas/techalerts/TA08-260A.html http://www.vupen.com/english/advisories/2008/2584 https://exchange.xforce.ibmcloud.com/vulnerabilities/45164 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 0%CPEs: 10EXPL: 0CVE-2008-2331
https://notcve.org/view.php?id=CVE-2008-2331
Finder in Apple Mac OS X 10.5 through 10.5.4 does not properly update permission data in the Get Info window after a lock operation that modifies Sharing & Permissions in a filesystem, which might allow local users to leverage weak permissions that were not intended by an administrator. Finder en Apple Mac OS X 10.5 a la 10.5.4 no actualiza adecuadamente los permisos en la ventana "Get Info" después de una operación "Lock" (bloqueada) que modifica los permisos de Sharing & Permissions en el sistema de ficheros, lo que permite a usuarios locales aprovechar permisos débiles que no han sido previstos por el administrador. • http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html http://secunia.com/advisories/31882 http://securitytracker.com/id?1020875 http://www.securityfocus.com/bid/31189 http://www.us-cert.gov/cas/techalerts/TA08-260A.html http://www.vupen.com/english/advisories/2008/2584 https://exchange.xforce.ibmcloud.com/vulnerabilities/45165 • CWE-264: Permissions, Privileges, and Access Controls •