CVSS: 10.0EPSS: 0%CPEs: 14EXPL: 0CVE-2008-4220
https://notcve.org/view.php?id=CVE-2008-4220
Integer overflow in the inet_net_pton API in Libsystem in Apple Mac OS X before 10.5.6 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. NOTE: this may be related to the WLB-2008080064 advisory published by SecurityReason on 20080822; however, as of 20081216, there are insufficient details to be sure. Desbordamiento de entero en el API inet_net_pton de Libsystem de Apple Mac OS X anterior a v10.5.6, permite a atacantes dependientes del contexto ejecutar código de su elección o provocar una denegación de servicio (caída de la aplicación) a través de vectores no especificados. NOTA: Puede que esté relacionado con el aviso WLB-2008080064 publicado por SecurityReason el 22-08-2008; sin embargo a 16-12-2008 no hay suficientes detalles para confirmarlo. • http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html http://secunia.com/advisories/33179 http://support.apple.com/kb/HT3338 http://www.securityfocus.com/bid/32839 http://www.securityfocus.com/bid/32877 http://www.securitytracker.com/id?1021406 http://www.us-cert.gov/cas/techalerts/TA08-350A.html http://www.vupen.com/english/advisories/2008/3444 • CWE-189: Numeric Errors •
CVSS: 7.1EPSS: 0%CPEs: 14EXPL: 0CVE-2008-4224
https://notcve.org/view.php?id=CVE-2008-4224
UDF in Apple Mac OS X before 10.5.6 allows user-assisted attackers to cause a denial of service (system crash) via a malformed UDF volume in a crafted ISO file. UDF en Apple Mac OS X anterior a v10.5.6, permite a atacantes asistidos por el usuario local provocar una denegación del servicio (caída del sistema) a través de un volumen UDF mal formado en un fichero ISO manipulado. • http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html http://secunia.com/advisories/33179 http://support.apple.com/kb/HT3338 http://www.securityfocus.com/bid/32839 http://www.securityfocus.com/bid/32872 http://www.securitytracker.com/id?1021410 http://www.us-cert.gov/cas/techalerts/TA08-350A.html http://www.vupen.com/english/advisories/2008/3444 • CWE-20: Improper Input Validation •
CVSS: 7.1EPSS: 1%CPEs: 12EXPL: 0CVE-2008-4236
https://notcve.org/view.php?id=CVE-2008-4236
Apple Type Services (ATS) in Apple Mac OS X 10.5 before 10.5.6 allows remote attackers to cause a denial of service (infinite loop) via a crafted embedded font in a PDF file. Apple Type Services (ATS) de Apple Mac OS X v10.5 anterior a 10.5.6, permite a atacantes remotos provocar una denegación de servicio (bucle infinito) a través de una fuente manipulada insertada en un documento PDF. • http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html http://secunia.com/advisories/33179 http://securitytracker.com/id?1021398 http://support.apple.com/kb/HT3338 http://www.securityfocus.com/bid/32839 http://www.securityfocus.com/bid/32875 http://www.us-cert.gov/cas/techalerts/TA08-350A.html http://www.vupen.com/english/advisories/2008/3444 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 3%CPEs: 6EXPL: 1CVE-2008-5183 – CUPS 1.3.7 - Cross-Site Request Forgery (Add RSS Subscription) Remote Crash
https://notcve.org/view.php?id=CVE-2008-5183
cupsd in CUPS 1.3.9 and earlier allows local users, and possibly remote attackers, to cause a denial of service (daemon crash) by adding a large number of RSS Subscriptions, which triggers a NULL pointer dereference. NOTE: this issue can be triggered remotely by leveraging CVE-2008-5184. cupsd en CUPS versión 1.3.9 y anteriores, permite a los usuarios locales, y posiblemente atacantes remotos, causar una denegación de servicio (bloqueo del demonio) mediante la adición de un gran número de Suscripciones RSS, que desencadena una desreferencia de puntero NULL. NOTA: este problema puede ser desencadenado remotamente mediante el aprovechamiento de CVE-2008-5184. • https://www.exploit-db.com/exploits/7150 http://lab.gnucitizen.org/projects/cups-0day http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html http://secunia.com/advisories/33937 http://secunia.com/advisories/43521 http://support.apple.com/kb/HT3438 http://www.debian.org/security/2011/dsa-2176 http://www.gnucitizen.org/blog/pwning-ubuntu-via-cups http://www.mandriva.com/security/adviso • CWE-476: NULL Pointer Dereference •
CVSS: 6.8EPSS: 0%CPEs: 30EXPL: 0CVE-2008-2310
https://notcve.org/view.php?id=CVE-2008-2310
Format string vulnerability in c++filt in Apple Mac OS X 10.5 before 10.5.4 allows user-assisted attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string in (1) C++ or (2) Java source code. Vulnerabilidad de formato de cadena en c++filt en Apple Mac OS X 10.5 anterior a la v10.5.4, permite a atacantes asistidos por el usuario ejecutar código de su elección o provocar una denegación de servicio (caída de aplicación) a través de una cadena manipulada en código (1) C++ o (2) Java. • http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html http://secunia.com/advisories/30802 http://securitytracker.com/id?1020392 http://support.apple.com/kb/HT2163 http://www.securityfocus.com/bid/30018 http://www.vupen.com/english/advisories/2008/1981/references https://exchange.xforce.ibmcloud.com/vulnerabilities/43494 • CWE-134: Use of Externally-Controlled Format String •