CVE-2008-3608
https://notcve.org/view.php?id=CVE-2008-3608
ImageIO in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a crafted JPEG image with an embedded ICC profile. ImageIO en Apple Mac OS X 10.4.11 y 10.5 a la v10.5.4, permite a atacantes dependientes de contexto provocar una denegación de servicio (corrupción de memoria y caída de aplicación) o ejecutar código de su elección a través de una imagen JPG manipulada con un perfill ICC embebido (incrustado). • http://lists.apple.com/archives/security-announce//2008/Nov/msg00001.html http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html http://secunia.com/advisories/31882 http://secunia.com/advisories/32706 http://support.apple.com/kb/HT3276 http://support.apple.com/kb/HT3298 http://www.securityfocus.com/bid/31189 http://www.securitytracker.com/id?1020876 http://www.us-cert.gov/cas/techalerts/TA08-260A.html http://www.vupen.com/english/advisories/2008/2 • CWE-399: Resource Management Errors •
CVE-2008-3617
https://notcve.org/view.php?id=CVE-2008-3617
Remote Management and Screen Sharing in Apple Mac OS X 10.5 through 10.5.4, when used to set a password for a VNC viewer, displays additional input characters beyond the maximum password length, which might make it easier for attackers to guess passwords that the user believed were longer. Remote Management y Screen Sharing en Apple Mac OS X 10.5 a la v10.5.4, cuando se usa para establecer una contraseña para el visor VNC, muestra los caracteres adicionales más allá del máximo tamaño de contraseña, lo que puede facilitar a los atacantes obtener contraseñas cuyos usuarios pensaban que eran mayores. • http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html http://securitytracker.com/id?1020882 http://www.securityfocus.com/bid/31189 http://www.us-cert.gov/cas/techalerts/TA08-260A.html http://www.vupen.com/english/advisories/2008/2584 https://exchange.xforce.ibmcloud.com/vulnerabilities/45174 • CWE-255: Credentials Management Errors •
CVE-2008-3609
https://notcve.org/view.php?id=CVE-2008-3609
The kernel in Apple Mac OS X 10.5 through 10.5.4 does not properly flush cached credentials during recycling (aka purging) of a vnode, which might allow local users to bypass the intended read or write permissions of a file. kernel en Apple Mac OS X 10.5 a la 10.5.4 no limpia adecuadamente las credenciales cacheadas durante el reciclaje (también conocido como purgado) de un "vnode", lo que permite a usuarios locales evitar los permisos de lectura y escritura establecidos de manera previa. • http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html http://secunia.com/advisories/31882 http://www.securityfocus.com/bid/31189 http://www.securitytracker.com/id?1020877 http://www.us-cert.gov/cas/techalerts/TA08-260A.html http://www.vupen.com/english/advisories/2008/2584 https://exchange.xforce.ibmcloud.com/vulnerabilities/45169 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2008-2332
https://notcve.org/view.php?id=CVE-2008-2332
ImageIO in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a crafted TIFF image. ImageIO en Apple Mac OS X y 10.5 a la v10.5.4, permite a atacantes dependientes de contexto provocar una denegación de servicio (corrupción de memoria y caída de aplicación) o ejecución de ficheros de su elección a través de una imagen TIFF manipulada. • http://lists.apple.com/archives/security-announce//2008/Nov/msg00001.html http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html http://secunia.com/advisories/31882 http://secunia.com/advisories/32706 http://support.apple.com/kb/HT3276 http://support.apple.com/kb/HT3298 http://www.securityfocus.com/bid/31189 http://www.securitytracker.com/id?1020876 http://www.us-cert.gov/cas/techalerts/TA08-260A.html http://www.vupen.com/english/advisories/2008/2 • CWE-399: Resource Management Errors •
CVE-2008-3619
https://notcve.org/view.php?id=CVE-2008-3619
Time Machine in Apple Mac OS X 10.5 through 10.5.4 uses weak permissions for Time Machine Backup log files, which allows local users to obtain sensitive information by reading these files. Time Machine en Apple Mac OS X 10.5 a la v10.5.4 usa permisos débiles para el acceso a los logs de la Time Machine, lo que permite a usuarios locales obtener información sensible leyendolos. • http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html http://secunia.com/advisories/31882 http://securitytracker.com/id?1020884 http://www.securityfocus.com/bid/31189 http://www.us-cert.gov/cas/techalerts/TA08-260A.html http://www.vupen.com/english/advisories/2008/2584 https://exchange.xforce.ibmcloud.com/vulnerabilities/45176 • CWE-264: Permissions, Privileges, and Access Controls •