CVSS: 7.2EPSS: 0%CPEs: 114EXPL: 3CVE-2009-1238 – Apple Mac OSX xnu 1228.x - 'vfssysctl' Local Kernel Denial of Service (PoC)
https://notcve.org/view.php?id=CVE-2009-1238
02 Apr 2009 — Race condition in the HFS vfs sysctl interface in XNU 1228.8.20 and earlier on Apple Mac OS X 10.5.6 and earlier allows local users to cause a denial of service (kernel memory corruption) by simultaneously executing the same HFS_SET_PKG_EXTENSIONS code path in multiple threads, which is problematic because of lack of mutex locking for an unspecified global variable. Condición de carrera en el interfaz HFS vfs sysctl en XNU v1228.8.20 y anteriores en Apple Mac OS X v10.5.6 y anteriores permite a usuarios loc... • https://www.exploit-db.com/exploits/8265 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 10.0EPSS: 5%CPEs: 114EXPL: 3CVE-2009-1236 – Apple Mac OSX xnu 1228.3.13 - 'zip-notify' Remote Kernel Overflow (PoC)
https://notcve.org/view.php?id=CVE-2009-1236
02 Apr 2009 — Heap-based buffer overflow in the AppleTalk networking stack in XNU 1228.3.13 and earlier on Apple Mac OS X 10.5.6 and earlier allows remote attackers to cause a denial of service (system crash) via a ZIP NOTIFY (aka ZIPOP_NOTIFY) packet that overwrites a certain ifPort structure member. Desbordamiento de búfer basado en pila en AppleTalk networking stack en XNU v1228.3.13 y anteriores en Apple Mac OS X v10.5.6 permite a atacantes remotos producir una denegación de servicio (caída del sistema) a través de u... • https://www.exploit-db.com/exploits/8262 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.1EPSS: 1%CPEs: 12EXPL: 0CVE-2008-4236
https://notcve.org/view.php?id=CVE-2008-4236
17 Dec 2008 — Apple Type Services (ATS) in Apple Mac OS X 10.5 before 10.5.6 allows remote attackers to cause a denial of service (infinite loop) via a crafted embedded font in a PDF file. Apple Type Services (ATS) de Apple Mac OS X v10.5 anterior a 10.5.6, permite a atacantes remotos provocar una denegación de servicio (bucle infinito) a través de una fuente manipulada insertada en un documento PDF. • http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html • CWE-399: Resource Management Errors •
CVSS: 7.1EPSS: 0%CPEs: 14EXPL: 0CVE-2008-4224
https://notcve.org/view.php?id=CVE-2008-4224
17 Dec 2008 — UDF in Apple Mac OS X before 10.5.6 allows user-assisted attackers to cause a denial of service (system crash) via a malformed UDF volume in a crafted ISO file. UDF en Apple Mac OS X anterior a v10.5.6, permite a atacantes asistidos por el usuario local provocar una denegación del servicio (caída del sistema) a través de un volumen UDF mal formado en un fichero ISO manipulado. • http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 14EXPL: 0CVE-2008-4221
https://notcve.org/view.php?id=CVE-2008-4221
17 Dec 2008 — The strptime API in Libsystem in Apple Mac OS X before 10.5.6 allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a crafted date string, related to improper memory allocation. La API strptime en Libsystem en Apple Mac OS X anteriores a v10.5.6, permite a atacantes dependientes de contexto producir una denegación de servicio (caída de aplicación o agotamiento de memoria) o ejecutar código a su elección a través de una cadena ... • http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 2%CPEs: 6EXPL: 0CVE-2008-4223
https://notcve.org/view.php?id=CVE-2008-4223
17 Dec 2008 — Podcast Producer in Apple Mac OS X 10.5 before 10.5.6 allows remote attackers to bypass authentication and gain administrative access via unspecified vectors. Podcast Producer en Apple Mac OS X v10.5 anterior a v10.5.6 permite a atacantes remotos evitar la autenticación y conseguir acceso de administrador a través de vectores no especificados. • http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html • CWE-287: Improper Authentication •
CVSS: 9.3EPSS: 6%CPEs: 14EXPL: 0CVE-2008-4217
https://notcve.org/view.php?id=CVE-2008-4217
17 Dec 2008 — Integer signedness error in BOM in Apple Mac OS X before 10.5.6 allows remote attackers to execute arbitrary code via the headers in a crafted CPIO archive, leading to a stack-based buffer overflow. Error de presencia de signo en entero en BOM en Apple Mac OS X versiones anteriores a 10.5.6 que permite a los atacantes remotos ejecutar arbitrariamente código a través de las cabeceras de un fichero CPIO manipulado, permitiendo un desbordamiento de búfer basado en pila. • http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 2%CPEs: 12EXPL: 0CVE-2008-4234
https://notcve.org/view.php?id=CVE-2008-4234
17 Dec 2008 — Incomplete blacklist vulnerability in the Quarantine feature in CoreTypes in Apple Mac OS X 10.5 before 10.5.6 allows user-assisted remote attackers to execute arbitrary code via an executable file with the content type indicating no application association for the file, which does not trigger a "potentially unsafe" warning message. Vulnerabilidad de lista negra incompleta en la característica Quarantine en CoreTypes en Apple Mac OS X 10.5 y versiones anteriores a 10.5.6, permite a los atacantes remotos usu... • http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 0%CPEs: 12EXPL: 0CVE-2008-4237
https://notcve.org/view.php?id=CVE-2008-4237
17 Dec 2008 — Managed Client in Apple Mac OS X before 10.5.6 sometimes misidentifies a system when installing per-host configuration settings, which allows context-dependent attackers to have an unspecified impact by leveraging unintended settings, as demonstrated by the screen saver lock setting. Managed Client en Apple Mac OS X anterior a v10.5.6 a veces no identifica los parámetros de configuración de un sistema cuando instala a través de un cliente, lo que permite a atacantes dependientes del contexto producir un imp... • http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html •
CVSS: 5.5EPSS: 0%CPEs: 12EXPL: 0CVE-2008-4219
https://notcve.org/view.php?id=CVE-2008-4219
17 Dec 2008 — The kernel in Apple Mac OS X before 10.5.6 allows local users to cause a denial of service (infinite loop and system halt) by running an application that is dynamically linked to libraries on an NFS server, related to occurrence of an exception in this application. El núcleo en Apple Mac OS X versiones anteriores a 10.5.6 permite a usuarios locales provocar una denegación de servicio (bucle infinito y parada del sistema) mediante la ejecución de una aplicación que está dinámicamente enlazada a librebrías en... • http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html • CWE-399: Resource Management Errors •