
CVE-2008-4224
https://notcve.org/view.php?id=CVE-2008-4224
17 Dec 2008 — UDF in Apple Mac OS X before 10.5.6 allows user-assisted attackers to cause a denial of service (system crash) via a malformed UDF volume in a crafted ISO file. UDF en Apple Mac OS X anterior a v10.5.6, permite a atacantes asistidos por el usuario local provocar una denegación del servicio (caída del sistema) a través de un volumen UDF mal formado en un fichero ISO manipulado. • http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html • CWE-20: Improper Input Validation •

CVE-2008-4217
https://notcve.org/view.php?id=CVE-2008-4217
17 Dec 2008 — Integer signedness error in BOM in Apple Mac OS X before 10.5.6 allows remote attackers to execute arbitrary code via the headers in a crafted CPIO archive, leading to a stack-based buffer overflow. Error de presencia de signo en entero en BOM en Apple Mac OS X versiones anteriores a 10.5.6 que permite a los atacantes remotos ejecutar arbitrariamente código a través de las cabeceras de un fichero CPIO manipulado, permitiendo un desbordamiento de búfer basado en pila. • http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html • CWE-189: Numeric Errors •

CVE-2008-4220
https://notcve.org/view.php?id=CVE-2008-4220
17 Dec 2008 — Integer overflow in the inet_net_pton API in Libsystem in Apple Mac OS X before 10.5.6 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. NOTE: this may be related to the WLB-2008080064 advisory published by SecurityReason on 20080822; however, as of 20081216, there are insufficient details to be sure. Desbordamiento de entero en el API inet_net_pton de Libsystem de Apple Mac OS X anterior a v10.5.6, permite a atacantes depe... • http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html • CWE-189: Numeric Errors •

CVE-2008-4223
https://notcve.org/view.php?id=CVE-2008-4223
17 Dec 2008 — Podcast Producer in Apple Mac OS X 10.5 before 10.5.6 allows remote attackers to bypass authentication and gain administrative access via unspecified vectors. Podcast Producer en Apple Mac OS X v10.5 anterior a v10.5.6 permite a atacantes remotos evitar la autenticación y conseguir acceso de administrador a través de vectores no especificados. • http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html • CWE-287: Improper Authentication •

CVE-2008-4237
https://notcve.org/view.php?id=CVE-2008-4237
17 Dec 2008 — Managed Client in Apple Mac OS X before 10.5.6 sometimes misidentifies a system when installing per-host configuration settings, which allows context-dependent attackers to have an unspecified impact by leveraging unintended settings, as demonstrated by the screen saver lock setting. Managed Client en Apple Mac OS X anterior a v10.5.6 a veces no identifica los parámetros de configuración de un sistema cuando instala a través de un cliente, lo que permite a atacantes dependientes del contexto producir un imp... • http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html •

CVE-2008-4222
https://notcve.org/view.php?id=CVE-2008-4222
17 Dec 2008 — natd in network_cmds in Apple Mac OS X before 10.5.6, when Internet Sharing is enabled, allows remote attackers to cause a denial of service (infinite loop) via a crafted TCP packet. natd en network_cmds de Apple Mac OS X anterior a v10.5.6, cuando Internet Sharing está habilitado, permite a atacantes remotos provocar una denegación de servicio (bucle infinito) a través de un paquete TCP manipulado. • http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html • CWE-399: Resource Management Errors •

CVE-2008-4234
https://notcve.org/view.php?id=CVE-2008-4234
17 Dec 2008 — Incomplete blacklist vulnerability in the Quarantine feature in CoreTypes in Apple Mac OS X 10.5 before 10.5.6 allows user-assisted remote attackers to execute arbitrary code via an executable file with the content type indicating no application association for the file, which does not trigger a "potentially unsafe" warning message. Vulnerabilidad de lista negra incompleta en la característica Quarantine en CoreTypes en Apple Mac OS X 10.5 y versiones anteriores a 10.5.6, permite a los atacantes remotos usu... • http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html • CWE-264: Permissions, Privileges, and Access Controls •

CVE-2008-4236
https://notcve.org/view.php?id=CVE-2008-4236
17 Dec 2008 — Apple Type Services (ATS) in Apple Mac OS X 10.5 before 10.5.6 allows remote attackers to cause a denial of service (infinite loop) via a crafted embedded font in a PDF file. Apple Type Services (ATS) de Apple Mac OS X v10.5 anterior a 10.5.6, permite a atacantes remotos provocar una denegación de servicio (bucle infinito) a través de una fuente manipulada insertada en un documento PDF. • http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html • CWE-399: Resource Management Errors •

CVE-2008-4221
https://notcve.org/view.php?id=CVE-2008-4221
17 Dec 2008 — The strptime API in Libsystem in Apple Mac OS X before 10.5.6 allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a crafted date string, related to improper memory allocation. La API strptime en Libsystem en Apple Mac OS X anteriores a v10.5.6, permite a atacantes dependientes de contexto producir una denegación de servicio (caída de aplicación o agotamiento de memoria) o ejecutar código a su elección a través de una cadena ... • http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html • CWE-399: Resource Management Errors •

CVE-2008-5183 – CUPS 1.3.7 - Cross-Site Request Forgery (Add RSS Subscription) Remote Crash
https://notcve.org/view.php?id=CVE-2008-5183
21 Nov 2008 — cupsd in CUPS 1.3.9 and earlier allows local users, and possibly remote attackers, to cause a denial of service (daemon crash) by adding a large number of RSS Subscriptions, which triggers a NULL pointer dereference. NOTE: this issue can be triggered remotely by leveraging CVE-2008-5184. cupsd en CUPS versión 1.3.9 y anteriores, permite a los usuarios locales, y posiblemente atacantes remotos, causar una denegación de servicio (bloqueo del demonio) mediante la adición de un gran número de Suscripciones RSS,... • https://www.exploit-db.com/exploits/7150 • CWE-476: NULL Pointer Dereference •