CVSS: 7.5EPSS: 3%CPEs: 6EXPL: 1CVE-2008-5183 – CUPS 1.3.7 - Cross-Site Request Forgery (Add RSS Subscription) Remote Crash
https://notcve.org/view.php?id=CVE-2008-5183
cupsd in CUPS 1.3.9 and earlier allows local users, and possibly remote attackers, to cause a denial of service (daemon crash) by adding a large number of RSS Subscriptions, which triggers a NULL pointer dereference. NOTE: this issue can be triggered remotely by leveraging CVE-2008-5184. cupsd en CUPS versión 1.3.9 y anteriores, permite a los usuarios locales, y posiblemente atacantes remotos, causar una denegación de servicio (bloqueo del demonio) mediante la adición de un gran número de Suscripciones RSS, que desencadena una desreferencia de puntero NULL. NOTA: este problema puede ser desencadenado remotamente mediante el aprovechamiento de CVE-2008-5184. • https://www.exploit-db.com/exploits/7150 http://lab.gnucitizen.org/projects/cups-0day http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html http://secunia.com/advisories/33937 http://secunia.com/advisories/43521 http://support.apple.com/kb/HT3438 http://www.debian.org/security/2011/dsa-2176 http://www.gnucitizen.org/blog/pwning-ubuntu-via-cups http://www.mandriva.com/security/adviso • CWE-476: NULL Pointer Dereference •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2008-3645
https://notcve.org/view.php?id=CVE-2008-3645
Heap-based buffer overflow in the local IPC component in the EAPOLController plugin for configd (Networking component) in Mac OS X 10.4.11 and 10.5.5 allows local users to execute arbitrary code via unknown vectors. Desbordamiento de búfer basado en montículo en en el componente IPC local de el plugin de EAPOLController para configd (Componente de red) en Mac OS X 10.4.11 y 10.5.5 que permite a usuarios locales ejecutar código a su elección a través de vectores desconocidos. • http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html http://secunia.com/advisories/32222 http://support.apple.com/kb/HT3216 http://www.securityfocus.com/bid/31681 http://www.securityfocus.com/bid/31711 http://www.securitytracker.com/id?1021025 http://www.vupen.com/english/advisories/2008/2780 https://exchange.xforce.ibmcloud.com/vulnerabilities/45781 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 7%CPEs: 23EXPL: 0CVE-2008-4211
https://notcve.org/view.php?id=CVE-2008-4211
Integer signedness error in (1) QuickLook in Apple Mac OS X 10.5.5 and (2) Office Viewer in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted Microsoft Excel file that triggers an out-of-bounds memory access, related to "handling of columns." Un error en la propiedad signedness de enteros en (1) QuickLook en Mac OS X versión 10.5.5 de Apple y (2) Office Viewer en iPhone OS de Apple versiones 1.0 hasta 2.1 y iPhone OS para iPod touch versiones 1.1 hasta 2.1, permite a los atacantes remotos causar una denegación de servicio (terminación de aplicación) y ejecutar código arbitrario por medio de un archivo de Microsoft Excel diseñado que desencadena un acceso de memoria fuera de límites, relacionado con el "handling of columns”. • http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html http://secunia.com/advisories/32222 http://secunia.com/advisories/32756 http://support.apple.com/kb/HT3216 http://support.apple.com/kb/HT3318 http://www.securityfocus.com/bid/31681 http://www.securityfocus.com/bid/31707 http://www.securitytracker.com/id?1021027 http://www.vupen.com/english/advisories/2008/2780 http://www.vupen& • CWE-189: Numeric Errors •
CVSS: 6.8EPSS: 2%CPEs: 1EXPL: 0CVE-2008-3646
https://notcve.org/view.php?id=CVE-2008-3646
The Postfix configuration file in Mac OS X 10.5.5 causes Postfix to be network-accessible when mail is sent from a local command-line tool, which allows remote attackers to send mail to local Mac OS X users. El fichero de configuración de Postfix en Mac OS X 10.5.5 produce que Postfix sea accesible a traves de la red cuando se envia un correo electronico desde una linea de comandos local, lo que permite a atacantes remotos enviar un mail a usuarios locales de Mac OS X. • http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html http://secunia.com/advisories/32222 http://support.apple.com/kb/HT3216 http://www.securityfocus.com/bid/31681 http://www.securityfocus.com/bid/31721 http://www.vupen.com/english/advisories/2008/2780 https://exchange.xforce.ibmcloud.com/vulnerabilities/45876 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.3EPSS: 1%CPEs: 4EXPL: 0CVE-2008-3647
https://notcve.org/view.php?id=CVE-2008-3647
Buffer overflow in PSNormalizer in Mac OS X 10.4.11 and 10.5.5 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a PostScript file with a crafted bounding box comment. Desbordamiento de búfer en PSNormalizer en Mac OS X v10.4.11 y v10.5.5 permite a atacantes remotos provocar una denegación de servicio (finalización de la aplicación) y ejecutar código de su elección mediante un fichero PostScript con un comentario manipulado en un elemento "bounding box". • http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html http://secunia.com/advisories/32222 http://support.apple.com/kb/HT3216 http://www.securityfocus.com/bid/31681 http://www.securityfocus.com/bid/31719 http://www.securitytracker.com/id?1021026 http://www.vupen.com/english/advisories/2008/2780 https://exchange.xforce.ibmcloud.com/vulnerabilities/45783 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •