CVSS: 10.0EPSS: 0%CPEs: 14EXPL: 0CVE-2008-4220
https://notcve.org/view.php?id=CVE-2008-4220
17 Dec 2008 — Integer overflow in the inet_net_pton API in Libsystem in Apple Mac OS X before 10.5.6 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. NOTE: this may be related to the WLB-2008080064 advisory published by SecurityReason on 20080822; however, as of 20081216, there are insufficient details to be sure. Desbordamiento de entero en el API inet_net_pton de Libsystem de Apple Mac OS X anterior a v10.5.6, permite a atacantes depe... • http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 6%CPEs: 14EXPL: 0CVE-2008-4217
https://notcve.org/view.php?id=CVE-2008-4217
17 Dec 2008 — Integer signedness error in BOM in Apple Mac OS X before 10.5.6 allows remote attackers to execute arbitrary code via the headers in a crafted CPIO archive, leading to a stack-based buffer overflow. Error de presencia de signo en entero en BOM en Apple Mac OS X versiones anteriores a 10.5.6 que permite a los atacantes remotos ejecutar arbitrariamente código a través de las cabeceras de un fichero CPIO manipulado, permitiendo un desbordamiento de búfer basado en pila. • http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 2%CPEs: 12EXPL: 0CVE-2008-4234
https://notcve.org/view.php?id=CVE-2008-4234
17 Dec 2008 — Incomplete blacklist vulnerability in the Quarantine feature in CoreTypes in Apple Mac OS X 10.5 before 10.5.6 allows user-assisted remote attackers to execute arbitrary code via an executable file with the content type indicating no application association for the file, which does not trigger a "potentially unsafe" warning message. Vulnerabilidad de lista negra incompleta en la característica Quarantine en CoreTypes en Apple Mac OS X 10.5 y versiones anteriores a 10.5.6, permite a los atacantes remotos usu... • http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 12EXPL: 0CVE-2008-4219
https://notcve.org/view.php?id=CVE-2008-4219
17 Dec 2008 — The kernel in Apple Mac OS X before 10.5.6 allows local users to cause a denial of service (infinite loop and system halt) by running an application that is dynamically linked to libraries on an NFS server, related to occurrence of an exception in this application. El núcleo en Apple Mac OS X versiones anteriores a 10.5.6 permite a usuarios locales provocar una denegación de servicio (bucle infinito y parada del sistema) mediante la ejecución de una aplicación que está dinámicamente enlazada a librebrías en... • http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 0%CPEs: 12EXPL: 0CVE-2008-4237
https://notcve.org/view.php?id=CVE-2008-4237
17 Dec 2008 — Managed Client in Apple Mac OS X before 10.5.6 sometimes misidentifies a system when installing per-host configuration settings, which allows context-dependent attackers to have an unspecified impact by leveraging unintended settings, as demonstrated by the screen saver lock setting. Managed Client en Apple Mac OS X anterior a v10.5.6 a veces no identifica los parámetros de configuración de un sistema cuando instala a través de un cliente, lo que permite a atacantes dependientes del contexto producir un imp... • http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html •
CVSS: 7.5EPSS: 2%CPEs: 6EXPL: 1CVE-2008-5183 – CUPS 1.3.7 - Cross-Site Request Forgery (Add RSS Subscription) Remote Crash
https://notcve.org/view.php?id=CVE-2008-5183
21 Nov 2008 — cupsd in CUPS 1.3.9 and earlier allows local users, and possibly remote attackers, to cause a denial of service (daemon crash) by adding a large number of RSS Subscriptions, which triggers a NULL pointer dereference. NOTE: this issue can be triggered remotely by leveraging CVE-2008-5184. cupsd en CUPS versión 1.3.9 y anteriores, permite a los usuarios locales, y posiblemente atacantes remotos, causar una denegación de servicio (bloqueo del demonio) mediante la adición de un gran número de Suscripciones RSS,... • https://www.exploit-db.com/exploits/7150 • CWE-476: NULL Pointer Dereference •
CVSS: 10.0EPSS: 83%CPEs: 15EXPL: 1CVE-2008-3529 – Apple Safari - RSS 'feed://' Buffer Overflow via libxml2 (PoC)
https://notcve.org/view.php?id=CVE-2008-3529
12 Sep 2008 — Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name. Desbordamiento de búfer basado en pila en la función xmlParseAttValueComplex en el módulo parser.c de libxml2 versiones anteriores a 2.7.0 permite a atacantes dependientes del contexto provocar una denegación de servicio (parada inesperada) o la posibilidad de ejecutar código de su ... • https://www.exploit-db.com/exploits/8798 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 5.5EPSS: 2%CPEs: 37EXPL: 0CVE-2008-3629
https://notcve.org/view.php?id=CVE-2008-3629
10 Sep 2008 — Apple QuickTime before 7.5.5 allows remote attackers to cause a denial of service (application crash) via a crafted PICT image that triggers an out-of-bounds read. Apple QuickTime anterior a 7.5.5 , permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación), a través de una imagen PICT manipulada que induce una lectura fuera de rango. • http://lists.apple.com/archives/security-announce//2008/Sep/msg00000.html • CWE-399: Resource Management Errors •
CVSS: 6.1EPSS: 9%CPEs: 9EXPL: 0CVE-2008-2939 – httpd: mod_proxy_ftp globbing XSS
https://notcve.org/view.php?id=CVE-2008-2939
06 Aug 2008 — Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI. Vulnerabilidad de XSS en proxy_ftp.c en el módulo mod_proxy_ftp en Apache 2.0.63 y en versiones anteriores y mod_proxy_ftp.c en el módulo mod_proxy_ftp en Apache 2.2.9... • http://lists.apple.com/archives/security-announce/2009/May/msg00002.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2008-3438
https://notcve.org/view.php?id=CVE-2008-3438
01 Aug 2008 — Apple Mac OS X does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning. Apple Mac OS X no verifica adecuadamente la autenticidad de las actualizaciones, lo cual permite a atacantes de tipo 'hombre en el medio' (man-in-the-middle) ejecutar código de su elección a través de la actualización de un Caballo de Troya, como se demuestra por el grado de daño y el envenenam... • http://archives.neohapsis.com/archives/bugtraq/2008-07/0250.html • CWE-494: Download of Code Without Integrity Check •