CVE-2008-3622
- EPSS 2.3%
- Veröffentlicht 16.09.2008 23:00:01
- Zuletzt bearbeitet 16.06.2026 22:56:10
Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac OS X 10.5 through 10.5.4 allows remote attackers to inject arbitrary web script or HTML via an e-mail message that reaches a mailing-list archive, aka "persistent JavaScript injecti...
CVE-2008-2305
- EPSS 5.36%
- Veröffentlicht 16.09.2008 23:00:00
- Zuletzt bearbeitet 16.06.2026 22:53:30
Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows remote attackers to execute arbitrary code via a document containing a crafted font, related to "PostScript font names."
CVE-2008-2312
- EPSS 0.34%
- Veröffentlicht 16.09.2008 23:00:00
- Zuletzt bearbeitet 16.06.2026 22:53:31
Network Preferences in Apple Mac OS X 10.4.11 stores PPP passwords in cleartext in a world-readable file, which allows local users to obtain sensitive information by reading this file.
CVE-2008-2329
- EPSS 0.33%
- Veröffentlicht 16.09.2008 23:00:00
- Zuletzt bearbeitet 16.06.2026 22:53:33
Directory Services in Apple Mac OS X 10.5 through 10.5.4, when Active Directory is used, allows attackers to enumerate user names via wildcard characters in the Login Window.
CVE-2008-2330
- EPSS 0.34%
- Veröffentlicht 16.09.2008 23:00:00
- Zuletzt bearbeitet 16.06.2026 22:53:33
slapconfig in Directory Services in Apple Mac OS X 10.5 through 10.5.4 allows local users to select a readable output file into which the server password will be written by an OpenLDAP system administrator, related to the mkfifo function, aka an "ins...
CVE-2008-2324
- EPSS 0.34%
- Veröffentlicht 04.08.2008 01:41:00
- Zuletzt bearbeitet 16.06.2026 22:53:33
The Repair Permissions tool in Disk Utility in Apple Mac OS X 10.4.11 adds the setuid bit to the emacs executable file, which allows local users to gain privileges by executing commands within emacs.
CVE-2008-2309
- EPSS 2.55%
- Veröffentlicht 01.07.2008 18:41:00
- Zuletzt bearbeitet 16.06.2026 22:53:31
Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.5.4 allows user-assisted remote attackers to execute arbitrary code via a (1) .xht or (2) .xhtm file, which does not trigger a "potentially unsafe" warning message in (a) the...
CVE-2008-2310
- EPSS 2.51%
- Veröffentlicht 01.07.2008 18:41:00
- Zuletzt bearbeitet 16.06.2026 22:53:31
Format string vulnerability in c++filt in Apple Mac OS X 10.5 before 10.5.4 allows user-assisted attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string in (1) C++ or (2) Java source code.
CVE-2008-2311
- EPSS 2.97%
- Veröffentlicht 01.07.2008 18:41:00
- Zuletzt bearbeitet 16.06.2026 22:53:31
Launch Services in Apple Mac OS X before 10.5, when Open Safe Files is enabled, allows remote attackers to execute arbitrary code via a symlink attack, probably related to a race condition and automatic execution of a downloaded file.
CVE-2008-2313
- EPSS 0.32%
- Veröffentlicht 01.07.2008 18:41:00
- Zuletzt bearbeitet 16.06.2026 22:53:31
Apple Mac OS X before 10.5 uses weak permissions for the User Template directory, which allows local users to gain privileges by inserting a Trojan horse file into this directory.