CVSS: 7.1EPSS: 0%CPEs: 14EXPL: 0CVE-2008-4224
https://notcve.org/view.php?id=CVE-2008-4224
17 Dec 2008 — UDF in Apple Mac OS X before 10.5.6 allows user-assisted attackers to cause a denial of service (system crash) via a malformed UDF volume in a crafted ISO file. UDF en Apple Mac OS X anterior a v10.5.6, permite a atacantes asistidos por el usuario local provocar una denegación del servicio (caída del sistema) a través de un volumen UDF mal formado en un fichero ISO manipulado. • http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 2%CPEs: 14EXPL: 0CVE-2008-4217
https://notcve.org/view.php?id=CVE-2008-4217
17 Dec 2008 — Integer signedness error in BOM in Apple Mac OS X before 10.5.6 allows remote attackers to execute arbitrary code via the headers in a crafted CPIO archive, leading to a stack-based buffer overflow. Error de presencia de signo en entero en BOM en Apple Mac OS X versiones anteriores a 10.5.6 que permite a los atacantes remotos ejecutar arbitrariamente código a través de las cabeceras de un fichero CPIO manipulado, permitiendo un desbordamiento de búfer basado en pila. • http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html • CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 0%CPEs: 14EXPL: 0CVE-2008-4220
https://notcve.org/view.php?id=CVE-2008-4220
17 Dec 2008 — Integer overflow in the inet_net_pton API in Libsystem in Apple Mac OS X before 10.5.6 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. NOTE: this may be related to the WLB-2008080064 advisory published by SecurityReason on 20080822; however, as of 20081216, there are insufficient details to be sure. Desbordamiento de entero en el API inet_net_pton de Libsystem de Apple Mac OS X anterior a v10.5.6, permite a atacantes depe... • http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html • CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 1%CPEs: 6EXPL: 0CVE-2008-4223
https://notcve.org/view.php?id=CVE-2008-4223
17 Dec 2008 — Podcast Producer in Apple Mac OS X 10.5 before 10.5.6 allows remote attackers to bypass authentication and gain administrative access via unspecified vectors. Podcast Producer en Apple Mac OS X v10.5 anterior a v10.5.6 permite a atacantes remotos evitar la autenticación y conseguir acceso de administrador a través de vectores no especificados. • http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html • CWE-287: Improper Authentication •
CVSS: 10.0EPSS: 0%CPEs: 12EXPL: 0CVE-2008-4237
https://notcve.org/view.php?id=CVE-2008-4237
17 Dec 2008 — Managed Client in Apple Mac OS X before 10.5.6 sometimes misidentifies a system when installing per-host configuration settings, which allows context-dependent attackers to have an unspecified impact by leveraging unintended settings, as demonstrated by the screen saver lock setting. Managed Client en Apple Mac OS X anterior a v10.5.6 a veces no identifica los parámetros de configuración de un sistema cuando instala a través de un cliente, lo que permite a atacantes dependientes del contexto producir un imp... • http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html •
CVSS: 7.5EPSS: 0%CPEs: 14EXPL: 0CVE-2008-4222
https://notcve.org/view.php?id=CVE-2008-4222
17 Dec 2008 — natd in network_cmds in Apple Mac OS X before 10.5.6, when Internet Sharing is enabled, allows remote attackers to cause a denial of service (infinite loop) via a crafted TCP packet. natd en network_cmds de Apple Mac OS X anterior a v10.5.6, cuando Internet Sharing está habilitado, permite a atacantes remotos provocar una denegación de servicio (bucle infinito) a través de un paquete TCP manipulado. • http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 2%CPEs: 6EXPL: 1CVE-2008-5183 – CUPS 1.3.7 - Cross-Site Request Forgery (Add RSS Subscription) Remote Crash
https://notcve.org/view.php?id=CVE-2008-5183
21 Nov 2008 — cupsd in CUPS 1.3.9 and earlier allows local users, and possibly remote attackers, to cause a denial of service (daemon crash) by adding a large number of RSS Subscriptions, which triggers a NULL pointer dereference. NOTE: this issue can be triggered remotely by leveraging CVE-2008-5184. cupsd en CUPS versión 1.3.9 y anteriores, permite a los usuarios locales, y posiblemente atacantes remotos, causar una denegación de servicio (bloqueo del demonio) mediante la adición de un gran número de Suscripciones RSS,... • https://www.exploit-db.com/exploits/7150 • CWE-476: NULL Pointer Dereference •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2008-4212
https://notcve.org/view.php?id=CVE-2008-4212
10 Oct 2008 — Unspecified vulnerability in rlogind in the rlogin component in Mac OS X 10.4.11 and 10.5.5 applies hosts.equiv entries to root despite what is stated in documentation, which might allow remote attackers to bypass intended access restrictions. Vulnerabilidad sin especificar en rlogind en el componente rlogin en Mac OS X v10.4.11 v10.5.5 aplica entradas hosts.equiv a root a pesar de que en la documentación se indica que podría permitir a atacantes remotos evitar las restricciones de acceso establecidas. • http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html • CWE-16: Configuration •
CVSS: 9.8EPSS: 25%CPEs: 4EXPL: 0CVE-2008-3642
https://notcve.org/view.php?id=CVE-2008-3642
10 Oct 2008 — Buffer overflow in ColorSync in Mac OS X 10.4.11 and 10.5.5 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via an image with a crafted ICC profile. Desbordamiento de búfer en ColorSync en Mac OS X 10.4.11 y 10.5.5 que permite a los atacantes remotos causar una denegación de servicios (terminación de la aplicación) y posiblemente ejecutar arbitrariamente código a través de una imagen o un perfil ICC manipulado. • http://lists.apple.com/archives/security-announce//2008/Nov/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 5%CPEs: 4EXPL: 0CVE-2008-3647
https://notcve.org/view.php?id=CVE-2008-3647
10 Oct 2008 — Buffer overflow in PSNormalizer in Mac OS X 10.4.11 and 10.5.5 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a PostScript file with a crafted bounding box comment. Desbordamiento de búfer en PSNormalizer en Mac OS X v10.4.11 y v10.5.5 permite a atacantes remotos provocar una denegación de servicio (finalización de la aplicación) y ejecutar código de su elección mediante un fichero PostScript con un comentario manipulado en un elemento "bounding... • http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •