CVSS: 4.4EPSS: 0%CPEs: 30EXPL: 0CVE-2008-2314
https://notcve.org/view.php?id=CVE-2008-2314
Dock in Apple Mac OS X 10.5 before 10.5.4, when Exposé hot corners is enabled, allows physically proximate attackers to gain access to a locked session in (1) sleep mode or (2) screen saver mode via unspecified vectors. Dock en Apple Mac OS X 10.5 anterior a la versión 10.5.4, cuando las zonas activas de Exposé están habilitadas, permite a los atacantes físicamente próximos obtener acceso a una sesión bloqueada en (1) modo de suspensión o (2) modo de protector de pantalla a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html http://secunia.com/advisories/30802 http://securitytracker.com/id?1020395 http://support.apple.com/kb/HT2163 http://www.securityfocus.com/bid/30018 http://www.vupen.com/english/advisories/2008/1981/references https://exchange.xforce.ibmcloud.com/vulnerabilities/43497 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.6EPSS: 0%CPEs: 24EXPL: 0CVE-2008-2308
https://notcve.org/view.php?id=CVE-2008-2308
Unspecified vulnerability in Alias Manager in Apple Mac OS X 10.5.1 and earlier on Intel platforms allows local users to gain privileges or cause a denial of service (memory corruption and application crash) by resolving an alias that contains crafted AFP volume mount information. Vulnerabilidad sin especificar en Alias Manager en Apple Mac OS X 10.5.1 y versiones anteriores sobre plataformas Intel, permite a usuarios locales obtener provilegios o provocar una denegación de servicio (caída de aplicación o corrupción de memoria) resolviendo un alias que contiene una información AFP manipulada del volumen montado. • http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html http://secunia.com/advisories/30802 http://securitytracker.com/id?1020390 http://support.apple.com/kb/HT2163 http://www.securityfocus.com/bid/30018 http://www.vupen.com/english/advisories/2008/1981/references https://exchange.xforce.ibmcloud.com/vulnerabilities/43474 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 2.1EPSS: 0%CPEs: 8EXPL: 0CVE-2008-1578
https://notcve.org/view.php?id=CVE-2008-1578
The sso_util program in Single Sign-On in Apple Mac OS X before 10.5.3 places passwords on the command line, which allows local users to obtain sensitive information by listing the process. El programa sso_util en Single Sign-On en Apple Mac OS X versiones anteriores a 10.5.3, coloca las contraseñas en la línea de comando, lo que permite a los usuarios locales obtener información confidencial mediante la enumeración de los procesos. • http://lists.apple.com/archives/security-announce/2008//May/msg00001.html http://secunia.com/advisories/30430 http://securitytracker.com/id?1020142 http://www.securityfocus.com/bid/29412 http://www.securityfocus.com/bid/29520 http://www.us-cert.gov/cas/techalerts/TA08-150A.html http://www.vupen.com/english/advisories/2008/1697 https://exchange.xforce.ibmcloud.com/vulnerabilities/42725 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0CVE-2008-1027
https://notcve.org/view.php?id=CVE-2008-1027
Apple Filing Protocol (AFP) Server in Apple Mac OS X before 10.5.3 does not verify that requested files and directories are inside shared folders, which allows remote attackers to read arbitrary files via unspecified AFP traffic. Apple Filing Protocol (AFP) Server en Apple Mac OS X versiones anteriores a 10.5.3, no comprueba que los archivos y directorios solicitados estén dentro de carpetas compartidas, lo que permite a los atacantes remotos leer archivos arbitrarios por medio de tráfico AFP no especificado. • http://lists.apple.com/archives/security-announce/2008//May/msg00001.html http://secunia.com/advisories/30430 http://securitytracker.com/id?1020130 http://www.securityfocus.com/bid/29412 http://www.securityfocus.com/bid/29490 http://www.us-cert.gov/cas/techalerts/TA08-150A.html http://www.vupen.com/english/advisories/2008/1697 https://exchange.xforce.ibmcloud.com/vulnerabilities/42703 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 3%CPEs: 2EXPL: 0CVE-2008-1028
https://notcve.org/view.php?id=CVE-2008-1028
Unspecified vulnerability in AppKit in Apple Mac OS X before 10.5 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document file, as demonstrated by opening the document with TextEdit. Una vulnerabilidad no especificada en AppKit en Apple Mac OS X versiones anteriores a 10.5, permite a los atacantes remotos asistidos por el usuario ejecutar código arbitrario o causar una denegación de servicio (bloqueo de aplicación) por medio de un archivo de documento especialmente diseñado, como es demostrado al abrir el documento con TextEdit. • http://lists.apple.com/archives/security-announce/2008//May/msg00001.html http://secunia.com/advisories/30430 http://securitytracker.com/id?1020131 http://www.securityfocus.com/bid/29412 http://www.securityfocus.com/bid/29487 http://www.us-cert.gov/cas/techalerts/TA08-150A.html http://www.vupen.com/english/advisories/2008/1697 https://exchange.xforce.ibmcloud.com/vulnerabilities/42705 • CWE-20: Improper Input Validation •