CVSS: 7.8EPSS: 3%CPEs: 20EXPL: 0CVE-2009-2190
https://notcve.org/view.php?id=CVE-2009-2190
launchd in Apple Mac OS X 10.5 before 10.5.8 allows remote attackers to cause a denial of service (individual service outage) by making many connections to an inetd-based launchd service. launchd en Apple Mac OS X v10.5 anterior a v10.5.8 permite a atacantes remotos provocar una denegación de servicio (corte de servicio individual) haciendo muchas conexiones a un servicio lanzado basado en inetd-based. • http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html http://osvdb.org/56841 http://secunia.com/advisories/36096 http://support.apple.com/kb/HT3757 http://www.securityfocus.com/bid/35954 http://www.securitytracker.com/id?1022672 http://www.us-cert.gov/cas/techalerts/TA09-218A.html http://www.vupen.com/english/advisories/2009/2172 https://exchange.xforce.ibmcloud.com/vulnerabilities/52425 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 1%CPEs: 8EXPL: 0CVE-2009-2191
https://notcve.org/view.php?id=CVE-2009-2191
Format string vulnerability in Login Window in Apple Mac OS X 10.4.11 and 10.5 before 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in an application name. Vulnerabilidad de formato de cadena en la ventana de inicio de sesión (Login Window) en Apple Mac OS X v10.4.11 y v10.5 anterior a v10.5.8 permite a atacantes ejecutar código arbitrario o causar una denegación de servicio (cuelgue de aplicación) a través de especificadores de formato de cadena en un nombre de aplicación. • http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html http://osvdb.org/56840 http://secunia.com/advisories/36096 http://support.apple.com/kb/HT3757 http://www.securityfocus.com/bid/35954 http://www.us-cert.gov/cas/techalerts/TA09-218A.html http://www.vupen.com/english/advisories/2009/2172 https://exchange.xforce.ibmcloud.com/vulnerabilities/52428 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 4.9EPSS: 0%CPEs: 20EXPL: 0CVE-2009-2194
https://notcve.org/view.php?id=CVE-2009-2194
Apple Mac OS X 10.5 before 10.5.8 does not properly share file descriptors over local sockets, which allows local users to cause a denial of service (system crash) by placing file descriptors in messages sent to a socket that has no receiver, related to a "synchronization issue." Apple Mac OS X v10.5 anterior a v10.5.8 no comparte correctamente los descriptores de archivos sobre sockets locales, lo cual permite a usuarios locales provocar una denegación de servicio (caida del sistema) mediante la colocación de descriptores de archivo en los mensajes enviados a un socket que no tiene el receptor, relaccionado con una "incidencia de sincronización". • http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html http://osvdb.org/56836 http://secunia.com/advisories/36096 http://support.apple.com/kb/HT3757 http://www.securityfocus.com/bid/35954 http://www.securitytracker.com/id?1022672 http://www.us-cert.gov/cas/techalerts/TA09-218A.html http://www.vupen.com/english/advisories/2009/2172 https://exchange.xforce.ibmcloud.com/vulnerabilities/52439 •
CVSS: 6.8EPSS: 2%CPEs: 19EXPL: 0CVE-2009-1727
https://notcve.org/view.php?id=CVE-2009-1727
Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X 10.5 before 10.5.8 makes it easier for user-assisted remote attackers to execute arbitrary JavaScript via a web page that offers a download with a Content-Type value that is not on the list of possibly unsafe content types for Safari. Vulnerabilidad de lista negra incompleta en CoreTypes en Apple Mac OS X v10.5 anterior a v10.5.8 hace mas fácil a atacantes remotos asistidos por usuarios ejecutar código JavaScript arbitrario a través de una pagina web que ofrece una descarga con un valor Content-Type que no esta en la lista de posibles tipos de contenido inseguros para Safari. • http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html http://osvdb.org/56844 http://secunia.com/advisories/36096 http://support.apple.com/kb/HT3757 http://www.securityfocus.com/bid/35954 http://www.us-cert.gov/cas/techalerts/TA09-218A.html http://www.vupen.com/english/advisories/2009/2172 https://exchange.xforce.ibmcloud.com/vulnerabilities/52420 •
CVSS: 7.2EPSS: 0%CPEs: 20EXPL: 0CVE-2009-0151
https://notcve.org/view.php?id=CVE-2009-0151
The screen saver in Dock in Apple Mac OS X 10.5 before 10.5.8 does not prevent four-finger Multi-Touch gestures, which allows physically proximate attackers to bypass locking and "manage applications or use Expose" via unspecified vectors. El protector de pantalla en el Dock en Apple Mac OS X v10.5 anterior a v10.5.8 no previene gestos multi-tactiles cuatro-dedos (four-finger Multi-Touch), lo cual permite a atacantes próximos físicamente eludir el bloqueo y "gestionar aplicaciones o exposición al uso" a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html http://osvdb.org/56847 http://secunia.com/advisories/36096 http://support.apple.com/kb/HT3757 http://www.securityfocus.com/bid/35954 http://www.us-cert.gov/cas/techalerts/TA09-218A.html http://www.vupen.com/english/advisories/2009/2172 https://exchange.xforce.ibmcloud.com/vulnerabilities/52421 •