CVE-2008-2308
https://notcve.org/view.php?id=CVE-2008-2308
Unspecified vulnerability in Alias Manager in Apple Mac OS X 10.5.1 and earlier on Intel platforms allows local users to gain privileges or cause a denial of service (memory corruption and application crash) by resolving an alias that contains crafted AFP volume mount information. Vulnerabilidad sin especificar en Alias Manager en Apple Mac OS X 10.5.1 y versiones anteriores sobre plataformas Intel, permite a usuarios locales obtener provilegios o provocar una denegación de servicio (caída de aplicación o corrupción de memoria) resolviendo un alias que contiene una información AFP manipulada del volumen montado. • http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html http://secunia.com/advisories/30802 http://securitytracker.com/id?1020390 http://support.apple.com/kb/HT2163 http://www.securityfocus.com/bid/30018 http://www.vupen.com/english/advisories/2008/1981/references https://exchange.xforce.ibmcloud.com/vulnerabilities/43474 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2008-1578
https://notcve.org/view.php?id=CVE-2008-1578
The sso_util program in Single Sign-On in Apple Mac OS X before 10.5.3 places passwords on the command line, which allows local users to obtain sensitive information by listing the process. El programa sso_util en Single Sign-On en Apple Mac OS X versiones anteriores a 10.5.3, coloca las contraseñas en la línea de comando, lo que permite a los usuarios locales obtener información confidencial mediante la enumeración de los procesos. • http://lists.apple.com/archives/security-announce/2008//May/msg00001.html http://secunia.com/advisories/30430 http://securitytracker.com/id?1020142 http://www.securityfocus.com/bid/29412 http://www.securityfocus.com/bid/29520 http://www.us-cert.gov/cas/techalerts/TA08-150A.html http://www.vupen.com/english/advisories/2008/1697 https://exchange.xforce.ibmcloud.com/vulnerabilities/42725 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2008-1027
https://notcve.org/view.php?id=CVE-2008-1027
Apple Filing Protocol (AFP) Server in Apple Mac OS X before 10.5.3 does not verify that requested files and directories are inside shared folders, which allows remote attackers to read arbitrary files via unspecified AFP traffic. Apple Filing Protocol (AFP) Server en Apple Mac OS X versiones anteriores a 10.5.3, no comprueba que los archivos y directorios solicitados estén dentro de carpetas compartidas, lo que permite a los atacantes remotos leer archivos arbitrarios por medio de tráfico AFP no especificado. • http://lists.apple.com/archives/security-announce/2008//May/msg00001.html http://secunia.com/advisories/30430 http://securitytracker.com/id?1020130 http://www.securityfocus.com/bid/29412 http://www.securityfocus.com/bid/29490 http://www.us-cert.gov/cas/techalerts/TA08-150A.html http://www.vupen.com/english/advisories/2008/1697 https://exchange.xforce.ibmcloud.com/vulnerabilities/42703 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2008-1028
https://notcve.org/view.php?id=CVE-2008-1028
Unspecified vulnerability in AppKit in Apple Mac OS X before 10.5 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document file, as demonstrated by opening the document with TextEdit. Una vulnerabilidad no especificada en AppKit en Apple Mac OS X versiones anteriores a 10.5, permite a los atacantes remotos asistidos por el usuario ejecutar código arbitrario o causar una denegación de servicio (bloqueo de aplicación) por medio de un archivo de documento especialmente diseñado, como es demostrado al abrir el documento con TextEdit. • http://lists.apple.com/archives/security-announce/2008//May/msg00001.html http://secunia.com/advisories/30430 http://securitytracker.com/id?1020131 http://www.securityfocus.com/bid/29412 http://www.securityfocus.com/bid/29487 http://www.us-cert.gov/cas/techalerts/TA08-150A.html http://www.vupen.com/english/advisories/2008/1697 https://exchange.xforce.ibmcloud.com/vulnerabilities/42705 • CWE-20: Improper Input Validation •
CVE-2008-1030
https://notcve.org/view.php?id=CVE-2008-1030
Integer overflow in the CFDataReplaceBytes function in the CFData API in CoreFoundation in Apple Mac OS X before 10.5.3 allows context-dependent attackers to execute arbitrary code or cause a denial of service (crash) via an invalid length argument, which triggers a heap-based buffer overflow. Un desbordamiento de enteros en la función CFDataReplaceBytes en la API CFData en CoreFoundation en Apple Mac OS X versiones anteriores a 10.5.3, permite a los atacantes dependiendo del contexto ejecutar código arbitrario o causar una denegación de servicio (bloqueo) por medio de un argumento de longitud no válida, lo que desencadena un desbordamiento de búfer en la región heap de la memoria. • http://lists.apple.com/archives/security-announce/2008//May/msg00001.html http://secunia.com/advisories/30430 http://securitytracker.com/id?1020135 http://www.securityfocus.com/bid/29412 http://www.securityfocus.com/bid/29491 http://www.us-cert.gov/cas/techalerts/TA08-150A.html http://www.vupen.com/english/advisories/2008/1697 https://exchange.xforce.ibmcloud.com/vulnerabilities/42709 • CWE-20: Improper Input Validation •