3 results (0.006 seconds)

CVSS: 4.3EPSS: 20%CPEs: 1EXPL: 2

CVE-2008-1035 – Apple iCal 3.0.1 - 'ATTACH' Denial of Service

https://notcve.org/view.php?id=CVE-2008-1035

Use-after-free vulnerability in Apple iCal 3.0.1 on Mac OS X allows remote CalDAV servers, and user-assisted remote attackers, to trigger memory corruption or possibly execute arbitrary code via an "ATTACH;VALUE=URI:S=osumi" line in a .ics file, which triggers a "resource liberation" bug. NOTE: CVE-2008-2007 was originally used for this issue, but this is the appropriate identifier. Una vulnerabilidad de uso de la memoria previamente liberada en Apple iCal versión 3.0.1 en Mac OS X, permite a los servidores CalDAV remotos y atacantes remotos asistidos por el usuario activar una corrupción de memoria o posiblemente ejecutar un código arbitrario mediante una línea "ATTACH;VALUE=URI:S=osumi" en un archivo .ics, que desencadena un bug de "resource liberation". NOTA: CVE-2008-2007 fue usado originalmente para este problema, pero este es el identificador apropiado. • https://www.exploit-db.com/exploits/31620 http://lists.apple.com/archives/security-announce/2008//May/msg00001.html http://secunia.com/advisories/30430 http://www.coresecurity.com/?action=item&id=2219 http://www.securityfocus.com/archive/1/492414/100/0/threaded http://www.securityfocus.com/archive/1/492638/100/100/threaded http://www.securityfocus.com/archive/1/492682/100/0/threaded http://www.securityfocus.com/bid/28633 http://www.securityfocus.com/bid/29412 http: • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 4.3EPSS: 8%CPEs: 2EXPL: 4

CVE-2008-2006 – Apple iCal 3.0.1 - 'TRIGGER' Denial of Service

https://notcve.org/view.php?id=CVE-2008-2006

Apple iCal 3.0.1 on Mac OS X allows remote CalDAV servers, and user-assisted remote attackers, to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via a .ics file containing (1) a large 16-bit integer on a TRIGGER line, or (2) a large integer in a COUNT field on an RRULE line. Apple iCal versión 3.0.1 en Mac OS X, permite a los servidores remotos CalDAV y los atacantes remotos asistidos por el usuario causar una denegación de servicio (desreferencia del puntero NULL y bloqueo de aplicación) o posiblemente ejecutar código arbitrario por medio de un archivo .ics que contiene (1) un entero grande de 16 bits en una línea TRIGGER, o (2) un entero grande en un campo COUNT en una línea RRULE. • https://www.exploit-db.com/exploits/31619 https://www.exploit-db.com/exploits/31613 http://securityreason.com/securityalert/3901 http://www.coresecurity.com/?action=item&id=2219 http://www.securityfocus.com/archive/1/492414/100/0/threaded http://www.securityfocus.com/archive/1/492638/100/100/threaded http://www.securityfocus.com/archive/1/492682/100/0/threaded http://www.securityfocus.com/bid/28629 http://www.securityfocus.com/bid/28632 http://www.securitytracker.com/id • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2004-1021

https://notcve.org/view.php?id=CVE-2004-1021

iCal before 1.5.4 on Mac OS X 10.2.3, and other later versions, does not alert the user when handling calendars that use alarms, which allows attackers to execute programs and send e-mail via alarms. • http://lists.apple.com/archives/security-announce//2004/Nov/msg00000.html https://exchange.xforce.ibmcloud.com/vulnerabilities/18209 •