CVE-2008-0052
- EPSS 2.07%
- Veröffentlicht 18.03.2008 23:44:00
- Zuletzt bearbeitet 16.06.2026 22:48:49
CoreServices in Apple Mac OS X 10.4.11 treats .ief as a safe file type, which allows remote attackers to force Safari users into opening an .ief file in AppleWorks, even when the "Open 'Safe' files" preference is set.
CVE-2008-0054
- EPSS 4.56%
- Veröffentlicht 18.03.2008 23:44:00
- Zuletzt bearbeitet 16.06.2026 22:48:50
Foundation in Apple Mac OS X 10.4.11 might allow context-dependent attackers to execute arbitrary code via a malformed selector name to the NSSelectorFromString API, which causes an "unexpected selector" to be used.
CVE-2008-0055
- EPSS 0.27%
- Veröffentlicht 18.03.2008 23:44:00
- Zuletzt bearbeitet 16.06.2026 22:48:50
Foundation in Apple Mac OS X 10.4.11 creates world-writable directories while NSFileManager copies files recursively and only modifies the permissions afterward, which allows local users to modify copied files to cause a denial of service and possibl...
CVE-2008-0056
- EPSS 3.65%
- Veröffentlicht 18.03.2008 23:44:00
- Zuletzt bearbeitet 16.06.2026 22:48:50
Stack-based buffer overflow in Foundation in Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via a "long pathname with an unexpected structure" that triggers the overflow in NSFileManager.
CVE-2008-0058
- EPSS 2.9%
- Veröffentlicht 18.03.2008 23:44:00
- Zuletzt bearbeitet 16.06.2026 22:48:50
Race condition in the NSURLConnection cache management functionality in Foundation for Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via unspecified manipulations that cause messages to be sent to a deallocated object.
CVE-2008-0059
- EPSS 2.35%
- Veröffentlicht 18.03.2008 23:44:00
- Zuletzt bearbeitet 16.06.2026 22:48:50
Race condition in NSXML in Foundation for Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via a crafted XML file, related to "error handling logic."
CVE-2008-0060
- EPSS 2.07%
- Veröffentlicht 18.03.2008 23:44:00
- Zuletzt bearbeitet 16.06.2026 22:48:51
Help Viewer in Apple Mac OS X 10.4.11 and 10.5.2 allows remote attackers to execute arbitrary Applescript via a help:topic_list URL that injects HTML or JavaScript into a topic list page, as demonstrated using a help:runscript link.
CVE-2008-0988
- EPSS 1.65%
- Veröffentlicht 18.03.2008 23:44:00
- Zuletzt bearbeitet 16.06.2026 22:50:44
Off-by-one error in the Libsystem strnstr API in libc on Apple Mac OS X 10.4.11 allows context-dependent attackers to cause a denial of service (crash) via crafted arguments that trigger a buffer over-read.
CVE-2008-0989
- EPSS 0.44%
- Veröffentlicht 18.03.2008 23:44:00
- Zuletzt bearbeitet 16.06.2026 22:50:44
Format string vulnerability in mDNSResponderHelper in Apple Mac OS X 10.5.2 allows local users to execute arbitrary code via format string specifiers in the local hostname.
CVE-2008-0990
- EPSS 0.34%
- Veröffentlicht 18.03.2008 23:44:00
- Zuletzt bearbeitet 16.06.2026 22:50:44
notifyd in Apple Mac OS X 10.4.11 does not verify that Mach port death notifications have originated from the kernel, which allows local users to cause a denial of service via spoofed death notifications that prevent other applications from receiving...