CVSS: 2.6EPSS: 0%CPEs: 47EXPL: 0CVE-2008-3634
https://notcve.org/view.php?id=CVE-2008-3634
Apple iTunes before 8.0 on Mac OS X 10.4.11, when iTunes Music Sharing is enabled but blocked by the host-based firewall, presents misleading information about firewall security, which might allow remote attackers to leverage an exposure that would be absent if the administrator were given better information. Aplicación Itunes anterior a la v8 sobre Mac OS X 10.4.11, cuando iTunes Sharing se encuentra habilitado pero bloqueado por el cortafuegos del sistema, muestra información falsa (engañosa) sobre la seguridad del cortafuegos. Esto podría ser aprovechado por atacantes remotos. El administrador no obviaría esta cuestión si se le diera mejor información al respecto. • http://lists.apple.com/archives/security-announce//2008/Sep/msg00001.html http://securitytracker.com/id?1020840 http://www.securityfocus.com/bid/31090 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 0%CPEs: 5EXPL: 0CVE-2008-2320
https://notcve.org/view.php?id=CVE-2008-2320
Stack-based buffer overflow in CarbonCore in Apple Mac OS X 10.4.11 and 10.5.4, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long filename to the file management API. Un desbordamiento de búfer en la región stack de la memoria en CarbonCore en Mac OS X versiones 10.4.11 y 10.5.4, iPhone OS versiones 1.0 hasta 2.2.1, y iPhone OS para iPod touch versiones 1.1 hasta 2.2.1, de Apple, permite a los atacantes dependiendo del contexto ejecutar código arbitrario o causar una denegación de servicio (bloqueo de aplicación) por medio de un nombre de archivo largo en la API de administración de archivos. • http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html http://secunia.com/advisories/31326 http://secunia.com/advisories/35379 http://support.apple.com/kb/HT3613 http://support.apple.com/kb/HT3639 http://www.securityfocus.com/archive/1/495040/100/0/threaded http://www.securityfocus.com/bid/30483 http://www. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.6EPSS: 0%CPEs: 2EXPL: 0CVE-2008-2324
https://notcve.org/view.php?id=CVE-2008-2324
The Repair Permissions tool in Disk Utility in Apple Mac OS X 10.4.11 adds the setuid bit to the emacs executable file, which allows local users to gain privileges by executing commands within emacs. La herramienta Repair Permissions de Disk Utility en Apple Mac OS X 10.4.11, añade el bit setuid al archivo ejecutable emacs, lo cual permite a los usuarios locales obtener privilegios ejecutando comandos sin emacs. • http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html http://secunia.com/advisories/31326 http://www.securityfocus.com/bid/30483 http://www.securityfocus.com/bid/30492 http://www.securitytracker.com/id?1020605 http://www.vupen.com/english/advisories/2008/2268 https://exchange.xforce.ibmcloud.com/vulnerabilities/44132 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 14%CPEs: 5EXPL: 1CVE-2008-2321 – Apple Mac OSX 10.x - CoreGraphics Multiple Memory Corruption Vulnerabilities
https://notcve.org/view.php?id=CVE-2008-2321
Unspecified vulnerability in CoreGraphics in Apple Mac OS X 10.4.11 and 10.5.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unknown vectors involving "processing of arguments." Vulnerabilidad no especificada en CoreGraphics de Apple Mac OS X 10.4.11 and 10.5.4, permite a atacantes ejecutar código arbitrariamente o provocar una denegación de servicio (corrupción de memoria y caída de aplicación) a través de vectores desconocidos que implican el "procesado de argumentos" • https://www.exploit-db.com/exploits/32136 http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html http://secunia.com/advisories/31326 http://secunia.com/advisories/32756 http://secunia.com/advisories/35379 http://support.apple.com/kb/HT3318 http://support.apple.com/kb/HT3613 http://www.securityfocus.com/bid/30483 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 1%CPEs: 5EXPL: 0CVE-2008-2325
https://notcve.org/view.php?id=CVE-2008-2325
QuickLook in Apple Mac OS X 10.4.11 and 10.5.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Microsoft Office file, related to insufficient "bounds checking." QuickLook en Apple Mac OS X 10.4.11 y 10.5.4, permite a atacantes remotos ejecutar código arbitrariamente o provocar una denegación de servicio (corrupción de memoria y caída de aplicación) a través de un archivo de Microsoft Office, relacionado con la "comprobación de límite" insuficiente. • http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html http://secunia.com/advisories/31326 http://www.securityfocus.com/bid/30483 http://www.securityfocus.com/bid/30493 http://www.securitytracker.com/id?1020607 http://www.vupen.com/english/advisories/2008/2268 https://exchange.xforce.ibmcloud.com/vulnerabilities/44135 • CWE-399: Resource Management Errors •