| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-0948 | 0.01 | — | 0.07 | Mar 19, 2008 | Buffer overflow in the RPC library (lib/rpc/rpc_dtablesize.c) used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.2.2, and probably other versions before 1.3, when running on systems whose unistd.h does not define the FD_SETSIZE macro, allows remote attackers to cause a… | |||
| CVE-2008-1001 | 0.00 | — | 0.01 | Mar 19, 2008 | Cross-site scripting (XSS) vulnerability in Apple Safari before 3.1, when running on Windows XP or Vista, allows remote attackers to inject arbitrary web script or HTML via a crafted URL that is not properly handled in the error page. | |||
| CVE-2008-1002 | 0.00 | — | 0.03 | Mar 19, 2008 | Cross-site scripting (XSS) vulnerability in Apple Safari before 3.1 allows remote attackers to inject arbitrary web script or HTML via a crafted javascript: URL. | |||
| CVE-2008-1003 | 0.00 | — | 0.02 | Mar 19, 2008 | Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to sites that set the document.domain property or have the same document.domain. | |||
| CVE-2008-1004 | 0.00 | — | 0.02 | Mar 19, 2008 | Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to the Web Inspector. | |||
| CVE-2008-1005 | 0.00 | — | 0.00 | Mar 19, 2008 | WebCore, as used in Apple Safari before 3.1, does not properly mask the password field when reverse conversion is used with the Kotoeri input method, which allows physically proximate attackers to read the password. | |||
| CVE-2008-1006 | 0.00 | — | 0.02 | Mar 19, 2008 | Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML by using the window.open function to change the security context of a web page. | |||
| CVE-2008-1007 | 0.00 | — | 0.03 | Mar 19, 2008 | WebCore, as used in Apple Safari before 3.1, does not enforce the frame navigation policy for Java applets, which allows remote attackers to conduct cross-site scripting (XSS) attacks. | |||
| CVE-2008-1008 | 0.00 | — | 0.02 | Mar 19, 2008 | Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via the document.domain property. | |||
| CVE-2008-1009 | 0.00 | — | 0.02 | Mar 19, 2008 | Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary JavaScript by modifying the history object. | |||
| CVE-2008-1010 | 0.00 | — | 0.05 | Mar 19, 2008 | Buffer overflow in WebKit, as used in Apple Safari before 3.1, allows remote attackers to execute arbitrary code via crafted regular expressions in JavaScript. | |||
| CVE-2008-1011 | 0.00 | — | 0.02 | Mar 19, 2008 | Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via a frame that calls a method instance in another frame. | |||
| CVE-2008-0047 | 0.01 | — | 0.07 | Mar 18, 2008 | Heap-based buffer overflow in the cgiCompileSearch function in CUPS 1.3.5, and other versions including the version bundled with Apple Mac OS X 10.5.2, when printer sharing is enabled, allows remote attackers to execute arbitrary code via crafted search expressions. | |||
| CVE-2008-0052 | 0.00 | — | 0.02 | Mar 18, 2008 | CoreServices in Apple Mac OS X 10.4.11 treats .ief as a safe file type, which allows remote attackers to force Safari users into opening an .ief file in AppleWorks, even when the "Open 'Safe' files" preference is set. | |||
| CVE-2008-0053 | 0.01 | — | 0.08 | Mar 18, 2008 | Multiple buffer overflows in the HP-GL/2-to-PostScript filter in CUPS before 1.3.6 might allow remote attackers to execute arbitrary code via a crafted HP-GL/2 file. | |||
| CVE-2008-0054 | 0.00 | — | 0.05 | Mar 18, 2008 | Foundation in Apple Mac OS X 10.4.11 might allow context-dependent attackers to execute arbitrary code via a malformed selector name to the NSSelectorFromString API, which causes an "unexpected selector" to be used. | |||
| CVE-2008-0055 | 0.00 | — | 0.00 | Mar 18, 2008 | Foundation in Apple Mac OS X 10.4.11 creates world-writable directories while NSFileManager copies files recursively and only modifies the permissions afterward, which allows local users to modify copied files to cause a denial of service and possibly gain privileges. | |||
| CVE-2008-0056 | 0.00 | — | 0.04 | Mar 18, 2008 | Stack-based buffer overflow in Foundation in Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via a "long pathname with an unexpected structure" that triggers the overflow in NSFileManager. | |||
| CVE-2008-0058 | 0.00 | — | 0.03 | Mar 18, 2008 | Race condition in the NSURLConnection cache management functionality in Foundation for Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via unspecified manipulations that cause messages to be sent to a deallocated object. | |||
| CVE-2008-0059 | 0.00 | — | 0.02 | Mar 18, 2008 | Race condition in NSXML in Foundation for Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via a crafted XML file, related to "error handling logic." | |||
| CVE-2008-0060 | 0.00 | — | 0.02 | Mar 18, 2008 | Help Viewer in Apple Mac OS X 10.4.11 and 10.5.2 allows remote attackers to execute arbitrary Applescript via a help:topic_list URL that injects HTML or JavaScript into a topic list page, as demonstrated using a help:runscript link. | |||
| CVE-2008-0987 | 0.00 | — | 0.05 | Mar 18, 2008 | Stack-based buffer overflow in Image Raw in Apple Mac OS X 10.5.2, and Digital Camera RAW Compatibility before Update 2.0 for Aperture 2 and iPhoto 7.1.2, allows remote attackers to execute arbitrary code via a crafted Adobe Digital Negative (DNG) image. | |||
| CVE-2008-0988 | 0.00 | — | 0.02 | Mar 18, 2008 | Off-by-one error in the Libsystem strnstr API in libc on Apple Mac OS X 10.4.11 allows context-dependent attackers to cause a denial of service (crash) via crafted arguments that trigger a buffer over-read. | |||
| CVE-2008-0989 | 0.00 | — | 0.00 | Mar 18, 2008 | Format string vulnerability in mDNSResponderHelper in Apple Mac OS X 10.5.2 allows local users to execute arbitrary code via format string specifiers in the local hostname. | |||
| CVE-2008-0990 | 0.00 | — | 0.00 | Mar 18, 2008 | notifyd in Apple Mac OS X 10.4.11 does not verify that Mach port death notifications have originated from the kernel, which allows local users to cause a denial of service via spoofed death notifications that prevent other applications from receiving notifications. | |||
| CVE-2008-0992 | 0.00 | — | 0.03 | Mar 18, 2008 | Array index error in pax in Apple Mac OS X 10.5.2 allows context-dependent attackers to execute arbitrary code via an archive with a crafted length value. | |||
| CVE-2008-0993 | 0.00 | — | 0.00 | Mar 18, 2008 | Podcast Capture in Podcast Producer for Apple Mac OS X 10.5.2 invokes a subtask with passwords in command line arguments, which allows local users to read the passwords via process listings. | |||
| CVE-2008-0994 | 0.00 | — | 0.01 | Mar 18, 2008 | Preview in Apple Mac OS X 10.5.2 uses 40-bit RC4 when saving a PDF file with encryption, which makes it easier for attackers to decrypt the file via brute force methods. | |||
| CVE-2008-0995 | 0.00 | — | 0.02 | Mar 18, 2008 | The Printing component in Apple Mac OS X 10.5.2 uses 40-bit RC4 when printing to an encrypted PDF file, which makes it easier for attackers to decrypt the file via brute force methods. | |||
| CVE-2008-0996 | 0.00 | — | 0.00 | Mar 18, 2008 | The Printing component in Apple Mac OS X 10.5.2 might save authentication credentials to disk when starting a job on an authenticated print queue, which might allow local users to obtain the credentials. | |||
| CVE-2008-0998 | 0.00 | — | 0.00 | Mar 18, 2008 | Unspecified vulnerability in NetCfgTool in the System Configuration component in Apple Mac OS X 10.4.11 and 10.5.2 allows local users to bypass authorization and execute arbitrary code via crafted distributed objects. | |||
| CVE-2008-0999 | 0.00 | — | 0.03 | Mar 18, 2008 | Apple Mac OS X 10.5.2 allows user-assisted attackers to cause a denial of service (crash) via a crafted Universal Disc Format (UDF) disk image, which triggers a NULL pointer dereference. | |||
| CVE-2008-1000 | 0.03 | — | 0.03 | Mar 18, 2008 | Directory traversal vulnerability in ContentServer.py in the Wiki Server in Apple Mac OS X 10.5.2 (aka Leopard) allows remote authenticated users to write arbitrary files via ".." sequences in file attachments. | |||
| CVE-2008-0044 | 0.00 | — | 0.04 | Mar 18, 2008 | Multiple buffer overflows in AFP Client in Apple Mac OS X 10.4.11 and 10.5.2 allow remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted afp:// URL. | |||
| CVE-2008-0045 | 0.00 | — | 0.02 | Mar 18, 2008 | Unspecified vulnerability in AFP Server in Apple Mac OS X 10.4.11 allows remote attackers to bypass cross-realm authentication via unknown manipulations of Kerberos principal realm names. | |||
| CVE-2008-0046 | 0.00 | — | 0.02 | Mar 18, 2008 | The Application Firewall in Apple Mac OS X 10.5.2 has an incorrect German translation for the "Set access for specific services and applications" radio button that might cause the user to believe that the button is used to restrict access only to specific services and… | |||
| CVE-2008-0048 | 0.00 | — | 0.04 | Mar 18, 2008 | Stack-based buffer overflow in AppKit in Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via the a long file name to the NSDocument API. | |||
| CVE-2008-0049 | 0.00 | — | 0.00 | Mar 18, 2008 | AppKit in Apple Mac OS X 10.4.11 inadvertently makes an NSApplication mach port available for inter-process communication instead of inter-thread communication, which allows local users to execute arbitrary code via crafted messages to privileged applications. | |||
| CVE-2008-0050 | 0.00 | — | 0.02 | Mar 18, 2008 | CFNetwork in Apple Mac OS X 10.4.11 allows remote HTTPS proxy servers to spoof secure websites via data in a 502 Bad Gateway error. | |||
| CVE-2008-0051 | 0.00 | — | 0.00 | Mar 18, 2008 | Integer overflow in CoreFoundation in Apple Mac OS X 10.4.11 might allow local users to execute arbitrary code via crafted time zone data. | |||
| CVE-2008-0057 | 0.00 | — | 0.03 | Mar 18, 2008 | Multiple integer overflows in a "legacy serialization format" parser in AppKit in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via a crafted serialized property list. | |||
| CVE-2008-0997 | 0.00 | — | 0.04 | Mar 18, 2008 | Stack-based buffer overflow in AppKit in Apple Mac OS X 10.4.11 allows user-assisted remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted PostScript Printer Description (PPD) file that is not properly handled when… | |||
| CVE-2008-1383 | 0.00 | — | 0.00 | Mar 18, 2008 | The docert function in ssl-cert.eclass, when used by src_compile or src_install on Gentoo Linux, stores the SSL key in a binpkg, which allows local users to extract the key from the binpkg, and causes multiple systems that use this binpkg to have the same SSL key and certificate. | |||
| CVE-2008-1372 | 0.00 | — | 0.05 | Mar 18, 2008 | bzlib.c in bzip2 before 1.0.5 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted file that triggers a buffer over-read, as demonstrated by the PROTOS GENOME test suite for Archive Formats. | |||
| CVE-2008-1330 | 0.00 | — | 0.01 | Mar 18, 2008 | Unspecified vulnerability in the Windows client API in Novell GroupWise 7 before SP3 and 6.5 before SP6 Update 3 allows remote authenticated users to access the non-shared stored e-mail messages of another user who has shared at least one folder with the attacker. | |||
| CVE-2008-1369 | 0.00 | — | 0.03 | Mar 18, 2008 | A certain incorrect Sun Solaris 10 image on SPARC Enterprise T5120 and T5220 servers has /etc/default/login and /etc/ssh/sshd_config files that configure root logins in a manner unintended by the vendor, which allows remote attackers to gain privileges via unspecified vectors. | |||
| CVE-2008-1370 | 0.03 | — | 0.02 | Mar 18, 2008 | PHP remote file inclusion vulnerability in index.php in wildmary Yap Blog 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||
| CVE-2008-1371 | 0.03 | — | 0.02 | Mar 18, 2008 | Absolute path traversal vulnerability in install/index.php in Drake CMS 0.4.11 RC8 allows remote attackers to read and execute arbitrary files via a full pathname in the d_root parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from… | |||
| CVE-2008-0727 | 0.00 | — | 0.05 | Mar 18, 2008 | Multiple buffer overflows in oninit.exe in IBM Informix Dynamic Server (IDS) 7.x through 11.x allow (1) remote attackers to execute arbitrary code via a long password and (2) remote authenticated users to execute arbitrary code via a long DBPATH value. | |||
| CVE-2008-0949 | 0.00 | — | 0.03 | Mar 18, 2008 | Unspecified vulnerability in IBM Informix Dynamic Server (IDS) 7.x through 11.x allows remote attackers to gain privileges via a malformed connection request packet. |
- CVE-2008-0948Mar 19, 2008risk 0.01cvss —epss 0.07
Buffer overflow in the RPC library (lib/rpc/rpc_dtablesize.c) used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.2.2, and probably other versions before 1.3, when running on systems whose unistd.h does not define the FD_SETSIZE macro, allows remote attackers to cause a…
- CVE-2008-1001Mar 19, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Apple Safari before 3.1, when running on Windows XP or Vista, allows remote attackers to inject arbitrary web script or HTML via a crafted URL that is not properly handled in the error page.
- CVE-2008-1002Mar 19, 2008risk 0.00cvss —epss 0.03
Cross-site scripting (XSS) vulnerability in Apple Safari before 3.1 allows remote attackers to inject arbitrary web script or HTML via a crafted javascript: URL.
- CVE-2008-1003Mar 19, 2008risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to sites that set the document.domain property or have the same document.domain.
- CVE-2008-1004Mar 19, 2008risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to the Web Inspector.
- CVE-2008-1005Mar 19, 2008risk 0.00cvss —epss 0.00
WebCore, as used in Apple Safari before 3.1, does not properly mask the password field when reverse conversion is used with the Kotoeri input method, which allows physically proximate attackers to read the password.
- CVE-2008-1006Mar 19, 2008risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML by using the window.open function to change the security context of a web page.
- CVE-2008-1007Mar 19, 2008risk 0.00cvss —epss 0.03
WebCore, as used in Apple Safari before 3.1, does not enforce the frame navigation policy for Java applets, which allows remote attackers to conduct cross-site scripting (XSS) attacks.
- CVE-2008-1008Mar 19, 2008risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via the document.domain property.
- CVE-2008-1009Mar 19, 2008risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary JavaScript by modifying the history object.
- CVE-2008-1010Mar 19, 2008risk 0.00cvss —epss 0.05
Buffer overflow in WebKit, as used in Apple Safari before 3.1, allows remote attackers to execute arbitrary code via crafted regular expressions in JavaScript.
- CVE-2008-1011Mar 19, 2008risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via a frame that calls a method instance in another frame.
- CVE-2008-0047Mar 18, 2008risk 0.01cvss —epss 0.07
Heap-based buffer overflow in the cgiCompileSearch function in CUPS 1.3.5, and other versions including the version bundled with Apple Mac OS X 10.5.2, when printer sharing is enabled, allows remote attackers to execute arbitrary code via crafted search expressions.
- CVE-2008-0052Mar 18, 2008risk 0.00cvss —epss 0.02
CoreServices in Apple Mac OS X 10.4.11 treats .ief as a safe file type, which allows remote attackers to force Safari users into opening an .ief file in AppleWorks, even when the "Open 'Safe' files" preference is set.
- CVE-2008-0053Mar 18, 2008risk 0.01cvss —epss 0.08
Multiple buffer overflows in the HP-GL/2-to-PostScript filter in CUPS before 1.3.6 might allow remote attackers to execute arbitrary code via a crafted HP-GL/2 file.
- CVE-2008-0054Mar 18, 2008risk 0.00cvss —epss 0.05
Foundation in Apple Mac OS X 10.4.11 might allow context-dependent attackers to execute arbitrary code via a malformed selector name to the NSSelectorFromString API, which causes an "unexpected selector" to be used.
- CVE-2008-0055Mar 18, 2008risk 0.00cvss —epss 0.00
Foundation in Apple Mac OS X 10.4.11 creates world-writable directories while NSFileManager copies files recursively and only modifies the permissions afterward, which allows local users to modify copied files to cause a denial of service and possibly gain privileges.
- CVE-2008-0056Mar 18, 2008risk 0.00cvss —epss 0.04
Stack-based buffer overflow in Foundation in Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via a "long pathname with an unexpected structure" that triggers the overflow in NSFileManager.
- CVE-2008-0058Mar 18, 2008risk 0.00cvss —epss 0.03
Race condition in the NSURLConnection cache management functionality in Foundation for Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via unspecified manipulations that cause messages to be sent to a deallocated object.
- CVE-2008-0059Mar 18, 2008risk 0.00cvss —epss 0.02
Race condition in NSXML in Foundation for Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via a crafted XML file, related to "error handling logic."
- CVE-2008-0060Mar 18, 2008risk 0.00cvss —epss 0.02
Help Viewer in Apple Mac OS X 10.4.11 and 10.5.2 allows remote attackers to execute arbitrary Applescript via a help:topic_list URL that injects HTML or JavaScript into a topic list page, as demonstrated using a help:runscript link.
- CVE-2008-0987Mar 18, 2008risk 0.00cvss —epss 0.05
Stack-based buffer overflow in Image Raw in Apple Mac OS X 10.5.2, and Digital Camera RAW Compatibility before Update 2.0 for Aperture 2 and iPhoto 7.1.2, allows remote attackers to execute arbitrary code via a crafted Adobe Digital Negative (DNG) image.
- CVE-2008-0988Mar 18, 2008risk 0.00cvss —epss 0.02
Off-by-one error in the Libsystem strnstr API in libc on Apple Mac OS X 10.4.11 allows context-dependent attackers to cause a denial of service (crash) via crafted arguments that trigger a buffer over-read.
- CVE-2008-0989Mar 18, 2008risk 0.00cvss —epss 0.00
Format string vulnerability in mDNSResponderHelper in Apple Mac OS X 10.5.2 allows local users to execute arbitrary code via format string specifiers in the local hostname.
- CVE-2008-0990Mar 18, 2008risk 0.00cvss —epss 0.00
notifyd in Apple Mac OS X 10.4.11 does not verify that Mach port death notifications have originated from the kernel, which allows local users to cause a denial of service via spoofed death notifications that prevent other applications from receiving notifications.
- CVE-2008-0992Mar 18, 2008risk 0.00cvss —epss 0.03
Array index error in pax in Apple Mac OS X 10.5.2 allows context-dependent attackers to execute arbitrary code via an archive with a crafted length value.
- CVE-2008-0993Mar 18, 2008risk 0.00cvss —epss 0.00
Podcast Capture in Podcast Producer for Apple Mac OS X 10.5.2 invokes a subtask with passwords in command line arguments, which allows local users to read the passwords via process listings.
- CVE-2008-0994Mar 18, 2008risk 0.00cvss —epss 0.01
Preview in Apple Mac OS X 10.5.2 uses 40-bit RC4 when saving a PDF file with encryption, which makes it easier for attackers to decrypt the file via brute force methods.
- CVE-2008-0995Mar 18, 2008risk 0.00cvss —epss 0.02
The Printing component in Apple Mac OS X 10.5.2 uses 40-bit RC4 when printing to an encrypted PDF file, which makes it easier for attackers to decrypt the file via brute force methods.
- CVE-2008-0996Mar 18, 2008risk 0.00cvss —epss 0.00
The Printing component in Apple Mac OS X 10.5.2 might save authentication credentials to disk when starting a job on an authenticated print queue, which might allow local users to obtain the credentials.
- CVE-2008-0998Mar 18, 2008risk 0.00cvss —epss 0.00
Unspecified vulnerability in NetCfgTool in the System Configuration component in Apple Mac OS X 10.4.11 and 10.5.2 allows local users to bypass authorization and execute arbitrary code via crafted distributed objects.
- CVE-2008-0999Mar 18, 2008risk 0.00cvss —epss 0.03
Apple Mac OS X 10.5.2 allows user-assisted attackers to cause a denial of service (crash) via a crafted Universal Disc Format (UDF) disk image, which triggers a NULL pointer dereference.
- CVE-2008-1000Mar 18, 2008risk 0.03cvss —epss 0.03
Directory traversal vulnerability in ContentServer.py in the Wiki Server in Apple Mac OS X 10.5.2 (aka Leopard) allows remote authenticated users to write arbitrary files via ".." sequences in file attachments.
- CVE-2008-0044Mar 18, 2008risk 0.00cvss —epss 0.04
Multiple buffer overflows in AFP Client in Apple Mac OS X 10.4.11 and 10.5.2 allow remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted afp:// URL.
- CVE-2008-0045Mar 18, 2008risk 0.00cvss —epss 0.02
Unspecified vulnerability in AFP Server in Apple Mac OS X 10.4.11 allows remote attackers to bypass cross-realm authentication via unknown manipulations of Kerberos principal realm names.
- CVE-2008-0046Mar 18, 2008risk 0.00cvss —epss 0.02
The Application Firewall in Apple Mac OS X 10.5.2 has an incorrect German translation for the "Set access for specific services and applications" radio button that might cause the user to believe that the button is used to restrict access only to specific services and…
- CVE-2008-0048Mar 18, 2008risk 0.00cvss —epss 0.04
Stack-based buffer overflow in AppKit in Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via the a long file name to the NSDocument API.
- CVE-2008-0049Mar 18, 2008risk 0.00cvss —epss 0.00
AppKit in Apple Mac OS X 10.4.11 inadvertently makes an NSApplication mach port available for inter-process communication instead of inter-thread communication, which allows local users to execute arbitrary code via crafted messages to privileged applications.
- CVE-2008-0050Mar 18, 2008risk 0.00cvss —epss 0.02
CFNetwork in Apple Mac OS X 10.4.11 allows remote HTTPS proxy servers to spoof secure websites via data in a 502 Bad Gateway error.
- CVE-2008-0051Mar 18, 2008risk 0.00cvss —epss 0.00
Integer overflow in CoreFoundation in Apple Mac OS X 10.4.11 might allow local users to execute arbitrary code via crafted time zone data.
- CVE-2008-0057Mar 18, 2008risk 0.00cvss —epss 0.03
Multiple integer overflows in a "legacy serialization format" parser in AppKit in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via a crafted serialized property list.
- CVE-2008-0997Mar 18, 2008risk 0.00cvss —epss 0.04
Stack-based buffer overflow in AppKit in Apple Mac OS X 10.4.11 allows user-assisted remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted PostScript Printer Description (PPD) file that is not properly handled when…
- CVE-2008-1383Mar 18, 2008risk 0.00cvss —epss 0.00
The docert function in ssl-cert.eclass, when used by src_compile or src_install on Gentoo Linux, stores the SSL key in a binpkg, which allows local users to extract the key from the binpkg, and causes multiple systems that use this binpkg to have the same SSL key and certificate.
- CVE-2008-1372Mar 18, 2008risk 0.00cvss —epss 0.05
bzlib.c in bzip2 before 1.0.5 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted file that triggers a buffer over-read, as demonstrated by the PROTOS GENOME test suite for Archive Formats.
- CVE-2008-1330Mar 18, 2008risk 0.00cvss —epss 0.01
Unspecified vulnerability in the Windows client API in Novell GroupWise 7 before SP3 and 6.5 before SP6 Update 3 allows remote authenticated users to access the non-shared stored e-mail messages of another user who has shared at least one folder with the attacker.
- CVE-2008-1369Mar 18, 2008risk 0.00cvss —epss 0.03
A certain incorrect Sun Solaris 10 image on SPARC Enterprise T5120 and T5220 servers has /etc/default/login and /etc/ssh/sshd_config files that configure root logins in a manner unintended by the vendor, which allows remote attackers to gain privileges via unspecified vectors.
- CVE-2008-1370Mar 18, 2008risk 0.03cvss —epss 0.02
PHP remote file inclusion vulnerability in index.php in wildmary Yap Blog 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
- CVE-2008-1371Mar 18, 2008risk 0.03cvss —epss 0.02
Absolute path traversal vulnerability in install/index.php in Drake CMS 0.4.11 RC8 allows remote attackers to read and execute arbitrary files via a full pathname in the d_root parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from…
- CVE-2008-0727Mar 18, 2008risk 0.00cvss —epss 0.05
Multiple buffer overflows in oninit.exe in IBM Informix Dynamic Server (IDS) 7.x through 11.x allow (1) remote attackers to execute arbitrary code via a long password and (2) remote authenticated users to execute arbitrary code via a long DBPATH value.
- CVE-2008-0949Mar 18, 2008risk 0.00cvss —epss 0.03
Unspecified vulnerability in IBM Informix Dynamic Server (IDS) 7.x through 11.x allows remote attackers to gain privileges via a malformed connection request packet.