CVSS: 2.1EPSS: 0%CPEs: 5EXPL: 0CVE-2008-1033
https://notcve.org/view.php?id=CVE-2008-1033
The scheduler in CUPS in Apple Mac OS X 10.5 before 10.5.3, when debug logging is enabled and a printer requires a password, allows attackers to obtain sensitive information (credentials) by reading the log data, related to "authentication environment variables." El planificador en CUPS en Apple Mac OS X versiones 10.5 anteriores a 10.5.3, cuando el registro de depuración está habilitado y una impresora requiere una contraseña, permite a los atacantes obtener información confidencial (credenciales) mediante la lectura los datos de registro, relacionados con "authentication environment variables." • http://lists.apple.com/archives/security-announce/2008//May/msg00001.html http://secunia.com/advisories/30430 http://securitytracker.com/id?1020145 http://www.securityfocus.com/bid/29412 http://www.securityfocus.com/bid/29484 http://www.us-cert.gov/cas/techalerts/TA08-150A.html http://www.vupen.com/english/advisories/2008/1697 https://exchange.xforce.ibmcloud.com/vulnerabilities/42713 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 24%CPEs: 9EXPL: 1CVE-2008-0599 – php: buffer overflow in a CGI path translation
https://notcve.org/view.php?id=CVE-2008-0599
The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI. La función init_request_info en sapi/cgi/cgi_main.c en PHP en versiones anteriores a 5.2.6 no considera correctamente la precedencia del operador cuando calcula la longitud de PATH_TRANSLATED, lo que podrían permitir a atacantes remotos ejecutar código arbitrario a través de una URI manipulada. • http://cvs.php.net/viewvc.cgi/php-src/sapi/cgi/cgi_main.c?r1=1.267.2.15.2.50.2.12&r2=1.267.2.15.2.50.2.13&diff_format=u http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01476437 http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html http://marc.info/?l=bugtraq&m=124654546101607&w=2 http://marc.info/?l=bugtraq&m=125631037611762&w=2 http://secunia.com/advisories/30048 http://secunia.com/advisories/30083 http:/ • CWE-131: Incorrect Calculation of Buffer Size •
CVSS: 6.8EPSS: 8%CPEs: 8EXPL: 0CVE-2008-1026 – Apple Safari WebKit PCRE Handling Integer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2008-1026
Integer overflow in the PCRE regular expression compiler (JavaScriptCore/pcre/pcre_compile.cpp) in Apple WebKit, as used in Safari before 3.1.1, allows remote attackers to execute arbitrary code via a regular expression with large, nested repetition counts, which triggers a heap-based buffer overflow. Desbordamiento de entero en el compilador de expresiones regulares PCRE (JavaScriptCore/pcre/pcre_compile.cpp) en Apple WebKit, como se utiliza en Safari en versiones anteriores a 3.1.1, permite a atacantes remotos ejecutar código arbitrario a través de expresiones regulares con grandes conteos de repetición anidados, lo que desencadena un desbordamiento de búfer basado en memoria dinámica. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the regular expression compiler (JavaScriptCore/pcre/pcre_compile.cpp) in WebKit. When nesting regular expressions with large repetitions, a heap overflow occurs resulting in a condition allowing the execution of arbitrary code. • http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html http://lists.apple.com/archives/security-announce/2008/Apr/msg00001.html http://secunia.com/advisories/29846 http://secunia.com/advisories/31074 http://securityreason.com/securityalert/3815 http://support.apple.com/kb/HT1467 http://www.securityfocus.com/archive/1/490990/100/0/threaded http://www.securityfocus.com/bid/28815 http://www.securitytracker.com/id?1019870 http://www.vupen.com/english/advisories/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 4%CPEs: 19EXPL: 0CVE-2008-0063 – krb5: possible leak of sensitive data from krb5kdc using krb4 request
https://notcve.org/view.php?id=CVE-2008-0063
The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values." El soporte Kerberos 4 en KDC en MIT Kerberos 5 (krb5kdc) no borra apropiadamente la parte no utilizada de un búfer cuando se genera un mensaje de error, lo que podría permitir a los atacantes remotos obtener información confidencial, también se conoce como "Uninitialized stack values." • http://docs.info.apple.com/article.html?artnum=307562 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00006.html http://secunia.com/advisories/29420 http://secunia.com/advisories/29423 http://secunia.com/advisories/29424 http://secunia.com/advisories/29428 http://secunia.com/advisories/29435 http://secunia.com/advisories/29438 http://secunia.com/advisories/29450 http://secunia.com/advisories/2 • CWE-908: Use of Uninitialized Resource •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2008-0055
https://notcve.org/view.php?id=CVE-2008-0055
Foundation in Apple Mac OS X 10.4.11 creates world-writable directories while NSFileManager copies files recursively and only modifies the permissions afterward, which allows local users to modify copied files to cause a denial of service and possibly gain privileges. Foundation en Apple Mac OS X 10.4.11 crea directorios "world-writable" mientras NSFileManager copia archivos progresivamente y modifica los permisos después, esto permite a usuarios locales modificar los archivos copiados lo que provoca una denegación de servicio y posiblemente, una elevación de privilegios. • http://docs.info.apple.com/article.html?artnum=307562 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://secunia.com/advisories/29420 http://www.securityfocus.com/bid/28304 http://www.securityfocus.com/bid/28343 http://www.securitytracker.com/id?1019649 http://www.us-cert.gov/cas/techalerts/TA08-079A.html http://www.vupen.com/english/advisories/2008/0924/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41299 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •