CVSS: 6.5EPSS: 0%CPEs: 38EXPL: 0CVE-2009-2416 – mingw32-libxml2: Pointer use-after-free flaws by parsing Notation and Enumeration attribute types
https://notcve.org/view.php?id=CVE-2009-2416
11 Aug 2009 — Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework. Múltiples vulnerabilidades de uso anterior a la liberación en libxml2 v2.5.10, v2.6.16, v2.6.26, v2.6.27, y v2.6.32, y libxml v1.8.17, permite a atacantes dependientes de contexto p... • http://googlechromereleases.blogspot.com/2009/08/stable-update-security-fixes.html • CWE-416: Use After Free •
CVSS: 9.3EPSS: 54%CPEs: 22EXPL: 0CVE-2009-1726
https://notcve.org/view.php?id=CVE-2009-1726
06 Aug 2009 — Heap-based buffer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5 before 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image containing an embedded ColorSync profile. Desbordamiento de búfer basado en memoria dinámica en ColorSync en Apple Mac OS X v10.4.11 y v10.5 anterior a v10.5.8 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (cuelgue de aplicación) a través de una imagen manipu... • http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 15%CPEs: 44EXPL: 0CVE-2009-1728
https://notcve.org/view.php?id=CVE-2009-1728
06 Aug 2009 — Stack-based buffer overflow in Image RAW in Apple Mac OS X 10.5 before 10.5.8, and 10.4 before Digital Camera RAW Compatibility Update 2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Canon RAW image. Desbordamiento de Pila basado en búfer en Image RAW en Apple Mac OS X v10.5 anterior a v10.5.8, y v10.4 anterior a Digital Camera RAW Compatibility Update v2.6(actualización de compatibilidad con cámara digital RAW v2.6), permite a atacantes ... • http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 6%CPEs: 8EXPL: 0CVE-2009-2191
https://notcve.org/view.php?id=CVE-2009-2191
06 Aug 2009 — Format string vulnerability in Login Window in Apple Mac OS X 10.4.11 and 10.5 before 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in an application name. Vulnerabilidad de formato de cadena en la ventana de inicio de sesión (Login Window) en Apple Mac OS X v10.4.11 y v10.5 anterior a v10.5.8 permite a atacantes ejecutar código arbitrario o causar una denegación de servicio (cuelgue de aplicación) a través de especificadores ... • http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html • CWE-134: Use of Externally-Controlled Format String •
CVSS: 7.5EPSS: 31%CPEs: 15EXPL: 3CVE-2009-0949 – CUPS 1.3.9 - 'cups/ipp.c' Null Pointer Dereference Denial of Service
https://notcve.org/view.php?id=CVE-2009-0949
09 Jun 2009 — The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10 does not properly initialize memory for IPP request packets, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a scheduler request with two consecutive IPP_TAG_UNSUPPORTED tags. La función ippReadIO en cups/ipp.c en cupsd en CUPS antes de la versión 1.3.10 no inicia de manera apropiada la memoria para paquetes de solicitud IPP, lo que permite a atacantes remotos provocar una denegació... • https://www.exploit-db.com/exploits/33020 • CWE-476: NULL Pointer Dereference CWE-908: Use of Uninitialized Resource •
CVSS: 8.8EPSS: 7%CPEs: 16EXPL: 0CVE-2009-0944
https://notcve.org/view.php?id=CVE-2009-0944
13 May 2009 — The Microsoft Office Spotlight Importer in Spotlight in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not properly validate Microsoft Office files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a file that triggers memory corruption. Microsoft Office Spotlight Importer en Apple Mac OS X v10.4.11 y v10.5 anterior a v10.5.7 no valida adecuadamente los archivos de Microsoft Office, lo cual permite a atacantes remotos ejecutar código arbitrario... • http://lists.apple.com/archives/security-announce/2009/May/msg00002.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.5EPSS: 2%CPEs: 16EXPL: 0CVE-2009-0156
https://notcve.org/view.php?id=CVE-2009-0156
13 May 2009 — Launch Services in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to cause a denial of service (persistent Finder crash) via a crafted Mach-O executable that triggers an out-of-bounds memory read. Launch Services en Apple Mac OS X v10.4.11 y v10.5 antes de v10.5.7 permite a atacantes remotos provocar una denegación de servicio (cuelgue persistente de Finder) a través de un ejecutable elaborado "Mach-O" que desencadena una lectura fuera de los límites de memoria. • http://lists.apple.com/archives/security-announce/2009/May/msg00002.html • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 3%CPEs: 16EXPL: 0CVE-2009-0943
https://notcve.org/view.php?id=CVE-2009-0943
13 May 2009 — Help Viewer in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not verify that HTML pathnames are located in a registered help book, which allows remote attackers to execute arbitrary code via a help: URL that triggers invocation of AppleScript files. Help Viewer de Apple Mac OS X v10.4.11 y v10.5 anteriores a v10.5.7 no verifica que las rutas HTML esten localizadas en un libro de ayuda registrado, lo cual permite a atacantes remotos ejecutar código arbitrario a través de una URL help: la que desencadena... • http://lists.apple.com/archives/security-announce/2009/May/msg00002.html • CWE-20: Improper Input Validation •
CVSS: 7.3EPSS: 0%CPEs: 16EXPL: 0CVE-2009-0149
https://notcve.org/view.php?id=CVE-2009-0149
13 May 2009 — Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows local users to gain privileges or cause a denial of service (application crash) by attempting to mount a crafted sparse disk image that triggers memory corruption. Apple Mac OS X v10.4.11 y v10.5 antes de v10.5.7 permite a usuarios locales obtener privilegios o provocar una denegación de servicio (cuelgue de aplicación) por tratar de montar una imagen de disco (disperso) elaborado lo cual provoca la corrupción de memoria. • http://lists.apple.com/archives/security-announce/2009/May/msg00002.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 9%CPEs: 16EXPL: 0CVE-2009-0158
https://notcve.org/view.php?id=CVE-2009-0158
13 May 2009 — Stack-based buffer overflow in telnet in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long hostname for a telnet server. Desbordamiento de búfer basado en pila en telnet en Apple Mac OS X v10.4.11 y v10.5 antes de v10.5.7 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (cuelgue de aplicación) a través de un nombre de host largo para un servidor telnet. • http://lists.apple.com/archives/security-announce/2009/May/msg00002.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •