CVSS: 10.0EPSS: 0%CPEs: 14EXPL: 0CVE-2008-4220
https://notcve.org/view.php?id=CVE-2008-4220
Integer overflow in the inet_net_pton API in Libsystem in Apple Mac OS X before 10.5.6 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. NOTE: this may be related to the WLB-2008080064 advisory published by SecurityReason on 20080822; however, as of 20081216, there are insufficient details to be sure. Desbordamiento de entero en el API inet_net_pton de Libsystem de Apple Mac OS X anterior a v10.5.6, permite a atacantes dependientes del contexto ejecutar código de su elección o provocar una denegación de servicio (caída de la aplicación) a través de vectores no especificados. NOTA: Puede que esté relacionado con el aviso WLB-2008080064 publicado por SecurityReason el 22-08-2008; sin embargo a 16-12-2008 no hay suficientes detalles para confirmarlo. • http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html http://secunia.com/advisories/33179 http://support.apple.com/kb/HT3338 http://www.securityfocus.com/bid/32839 http://www.securityfocus.com/bid/32877 http://www.securitytracker.com/id?1021406 http://www.us-cert.gov/cas/techalerts/TA08-350A.html http://www.vupen.com/english/advisories/2008/3444 • CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 0%CPEs: 14EXPL: 0CVE-2008-4221
https://notcve.org/view.php?id=CVE-2008-4221
The strptime API in Libsystem in Apple Mac OS X before 10.5.6 allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a crafted date string, related to improper memory allocation. La API strptime en Libsystem en Apple Mac OS X anteriores a v10.5.6, permite a atacantes dependientes de contexto producir una denegación de servicio (caída de aplicación o agotamiento de memoria) o ejecutar código a su elección a través de una cadena de código de fecha manipulada, relacionada con la localización errónea de memoria • http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html http://secunia.com/advisories/33179 http://support.apple.com/kb/HT3338 http://www.securityfocus.com/bid/32839 http://www.securityfocus.com/bid/32881 http://www.securitytracker.com/id?1021406 http://www.us-cert.gov/cas/techalerts/TA08-350A.html http://www.vupen.com/english/advisories/2008/3444 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 12%CPEs: 14EXPL: 0CVE-2008-4217
https://notcve.org/view.php?id=CVE-2008-4217
Integer signedness error in BOM in Apple Mac OS X before 10.5.6 allows remote attackers to execute arbitrary code via the headers in a crafted CPIO archive, leading to a stack-based buffer overflow. Error de presencia de signo en entero en BOM en Apple Mac OS X versiones anteriores a 10.5.6 que permite a los atacantes remotos ejecutar arbitrariamente código a través de las cabeceras de un fichero CPIO manipulado, permitiendo un desbordamiento de búfer basado en pila. • http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html http://secunia.com/advisories/33179 http://support.apple.com/kb/HT3338 http://www.securityfocus.com/bid/32839 http://www.securityfocus.com/bid/32876 http://www.securitytracker.com/id?1021399 http://www.us-cert.gov/cas/techalerts/TA08-350A.html http://www.vupen.com/english/advisories/2008/3444 • CWE-189: Numeric Errors •
CVSS: 4.9EPSS: 0%CPEs: 12EXPL: 0CVE-2008-4219
https://notcve.org/view.php?id=CVE-2008-4219
The kernel in Apple Mac OS X before 10.5.6 allows local users to cause a denial of service (infinite loop and system halt) by running an application that is dynamically linked to libraries on an NFS server, related to occurrence of an exception in this application. El núcleo en Apple Mac OS X versiones anteriores a 10.5.6 permite a usuarios locales provocar una denegación de servicio (bucle infinito y parada del sistema) mediante la ejecución de una aplicación que está dinámicamente enlazada a librebrías en un servidor NFS, relacionado con la aparición de una excepción es esta aplicación. • http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html http://secunia.com/advisories/33179 http://support.apple.com/kb/HT3338 http://www.securityfocus.com/bid/32839 http://www.securityfocus.com/bid/32873 http://www.securitytracker.com/id?1021404 http://www.us-cert.gov/cas/techalerts/TA08-350A.html http://www.vupen.com/english/advisories/2008/3444 • CWE-399: Resource Management Errors •
CVSS: 7.1EPSS: 1%CPEs: 12EXPL: 0CVE-2008-4236
https://notcve.org/view.php?id=CVE-2008-4236
Apple Type Services (ATS) in Apple Mac OS X 10.5 before 10.5.6 allows remote attackers to cause a denial of service (infinite loop) via a crafted embedded font in a PDF file. Apple Type Services (ATS) de Apple Mac OS X v10.5 anterior a 10.5.6, permite a atacantes remotos provocar una denegación de servicio (bucle infinito) a través de una fuente manipulada insertada en un documento PDF. • http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html http://secunia.com/advisories/33179 http://securitytracker.com/id?1021398 http://support.apple.com/kb/HT3338 http://www.securityfocus.com/bid/32839 http://www.securityfocus.com/bid/32875 http://www.us-cert.gov/cas/techalerts/TA08-350A.html http://www.vupen.com/english/advisories/2008/3444 • CWE-399: Resource Management Errors •