CVE-2008-1573
- EPSS 2.14%
- Veröffentlicht 02.06.2008 21:30:00
- Zuletzt bearbeitet 16.06.2026 22:52:00
The BMP and GIF image decoding engine in ImageIO in Apple Mac OS X before 10.5.3 allows remote attackers to obtain sensitive information (memory contents) via a crafted (1) BMP or (2) GIF image, which causes an out-of-bounds read.
CVE-2008-1574
- EPSS 6.72%
- Veröffentlicht 02.06.2008 21:30:00
- Zuletzt bearbeitet 16.06.2026 22:52:00
Integer overflow in ImageIO in Apple Mac OS X before 10.5.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG2000 image that triggers a heap-based buffer overflow.
CVE-2008-1575
- EPSS 5.8%
- Veröffentlicht 02.06.2008 21:30:00
- Zuletzt bearbeitet 16.06.2026 22:52:00
Unspecified vulnerability in the Apple Type Services (ATS) server in Apple Mac OS X 10.5 before 10.5.3 allows user-assisted remote attackers to execute arbitrary code via a crafted embedded font in a PDF document, related to memory corruption that oc...
CVE-2008-1577
- EPSS 5.8%
- Veröffentlicht 02.06.2008 21:30:00
- Zuletzt bearbeitet 16.06.2026 22:52:00
Unspecified vulnerability in the Pixlet codec in Apple Pixlet Video in Apple Mac OS X before 10.5.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file, related to "multiple memo...
CVE-2008-1578
- EPSS 0.37%
- Veröffentlicht 02.06.2008 21:30:00
- Zuletzt bearbeitet 16.06.2026 22:52:00
The sso_util program in Single Sign-On in Apple Mac OS X before 10.5.3 places passwords on the command line, which allows local users to obtain sensitive information by listing the process.
- EPSS 2.83%
- Veröffentlicht 02.06.2008 21:30:00
- Zuletzt bearbeitet 16.06.2026 22:52:01
Wiki Server in Apple Mac OS X 10.5 before 10.5.3 allows remote attackers to obtain sensitive information (user names) by reading the error message produced upon access to a nonexistent blog.
- EPSS 10.92%
- Veröffentlicht 05.05.2008 17:20:00
- Zuletzt bearbeitet 16.06.2026 22:49:57
The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI.
CVE-2008-0063
- EPSS 3.48%
- Veröffentlicht 19.03.2008 10:44:00
- Zuletzt bearbeitet 16.06.2026 22:48:51
The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values."
CVE-2008-0052
- EPSS 2.07%
- Veröffentlicht 18.03.2008 23:44:00
- Zuletzt bearbeitet 16.06.2026 22:48:49
CoreServices in Apple Mac OS X 10.4.11 treats .ief as a safe file type, which allows remote attackers to force Safari users into opening an .ief file in AppleWorks, even when the "Open 'Safe' files" preference is set.
CVE-2008-0054
- EPSS 4.56%
- Veröffentlicht 18.03.2008 23:44:00
- Zuletzt bearbeitet 16.06.2026 22:48:50
Foundation in Apple Mac OS X 10.4.11 might allow context-dependent attackers to execute arbitrary code via a malformed selector name to the NSSelectorFromString API, which causes an "unexpected selector" to be used.