CVSS: 10.0EPSS: 22%CPEs: 19EXPL: 0CVE-2009-2193
https://notcve.org/view.php?id=CVE-2009-2193
06 Aug 2009 — Buffer overflow in the kernel in Apple Mac OS X 10.5 before 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a crafted AppleTalk response packet. Desbordamiento de búfer en el núcleo de Apple Mac OS X v10.5 anteriores a v10.5.8 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída del sistema) a través de un paquete de respuesta AppleTalk manipulado. • http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 20EXPL: 0CVE-2009-2194
https://notcve.org/view.php?id=CVE-2009-2194
06 Aug 2009 — Apple Mac OS X 10.5 before 10.5.8 does not properly share file descriptors over local sockets, which allows local users to cause a denial of service (system crash) by placing file descriptors in messages sent to a socket that has no receiver, related to a "synchronization issue." Apple Mac OS X v10.5 anterior a v10.5.8 no comparte correctamente los descriptores de archivos sobre sockets locales, lo cual permite a usuarios locales provocar una denegación de servicio (caida del sistema) mediante la colocación... • http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html •
CVSS: 6.1EPSS: 0%CPEs: 20EXPL: 0CVE-2009-1723
https://notcve.org/view.php?id=CVE-2009-1723
06 Aug 2009 — CFNetwork in Apple Mac OS X 10.5 before 10.5.8 places an incorrect URL in a certificate warning in certain 302 redirection scenarios, which makes it easier for remote attackers to trick a user into visiting an arbitrary https web site by leveraging an open redirect vulnerability, a different issue than CVE-2009-2062. CFNetwork en Apple Mac OS X v10.5 anterior a v10.5.8 coloca una URL incorrecta en una advertencia de certificado en algunos escenarios de redirección 302, lo cual hace más fácil para los atacan... • http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html •
CVSS: 7.2EPSS: 0%CPEs: 20EXPL: 0CVE-2009-0151
https://notcve.org/view.php?id=CVE-2009-0151
06 Aug 2009 — The screen saver in Dock in Apple Mac OS X 10.5 before 10.5.8 does not prevent four-finger Multi-Touch gestures, which allows physically proximate attackers to bypass locking and "manage applications or use Expose" via unspecified vectors. El protector de pantalla en el Dock en Apple Mac OS X v10.5 anterior a v10.5.8 no previene gestos multi-tactiles cuatro-dedos (four-finger Multi-Touch), lo cual permite a atacantes próximos físicamente eludir el bloqueo y "gestionar aplicaciones o exposición al uso" a tra... • http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html •
CVSS: 9.8EPSS: 3%CPEs: 39EXPL: 0CVE-2009-1719 – Apple Java CColourUIResource Pointer Dereference Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2009-1719
16 Jun 2009 — The Aqua Look and Feel for Java implementation in Java 1.5 on Mac OS X 10.5 allows remote attackers to execute arbitrary code via a call to the undocumented apple.laf.CColourUIResource constructor with a crafted value in the first argument, which is dereferenced as a pointer. Aqua Look and Feel para la implementación de Java en Java v1.5 en Mac OS X 10.5 permite a atacantes remotos ejecutar código arbitrario a través de una llamada a los indocumentados. El constructor apple.laf.CColourUIResource con un valo... • http://lists.apple.com/archives/security-announce/2009/Jun/msg00003.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 15%CPEs: 15EXPL: 3CVE-2009-0949 – CUPS 1.3.9 - 'cups/ipp.c' Null Pointer Dereference Denial of Service
https://notcve.org/view.php?id=CVE-2009-0949
09 Jun 2009 — The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10 does not properly initialize memory for IPP request packets, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a scheduler request with two consecutive IPP_TAG_UNSUPPORTED tags. La función ippReadIO en cups/ipp.c en cupsd en CUPS antes de la versión 1.3.10 no inicia de manera apropiada la memoria para paquetes de solicitud IPP, lo que permite a atacantes remotos provocar una denegació... • https://www.exploit-db.com/exploits/33020 • CWE-476: NULL Pointer Dereference CWE-908: Use of Uninitialized Resource •
CVSS: 7.8EPSS: 2%CPEs: 16EXPL: 0CVE-2009-1717
https://notcve.org/view.php?id=CVE-2009-1717
05 Jun 2009 — Integer overflow in Terminal in Apple Mac OS X 10.5 before 10.5.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted size value in a CSI[4 xterm resize escape sequence that triggers a heap-based buffer overflow. Vulnerabilidad de desbordamiento de entero en Terminal de Apple Mac OS X en sus versiones v10.5 anteriores a v10.5.7. Permite a atacantes remotos ejecutar código de su elección o ejecutar una denegación de servicio (... • http://dvlabs.tippingpoint.com/advisory/TPTI-09-04 • CWE-189: Numeric Errors •
CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 0CVE-2008-1517
https://notcve.org/view.php?id=CVE-2008-1517
13 May 2009 — Array index error in the xnu (Mach) kernel in Apple Mac OS X 10.5 before 10.5.7 allows local users to gain privileges or cause a denial of service (system shutdown) via unspecified vectors related to workqueues. El núcleo en Apple Mac OS X v10.5 antes de v10.5.7 no verifica los índices correctamente durante la tramitación de colas de trabajo (workqueues), lo cual permite a usuarios locales obtener privilegios o provocar una denegación de servicio (apagado del sistema) a través de vectores no especificados. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=797 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 45%CPEs: 17EXPL: 0CVE-2009-0010 – Apple Quicktime PICT Opcode 0x71 Heap Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2009-0010
13 May 2009 — Integer underflow in QuickDraw Manager in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7, and Apple QuickTime before 7.6.2, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PICT image with a crafted 0x77 Poly tag and a crafted length field, which triggers a heap-based buffer overflow. Desbordamiento inferior de entero en QuickDraw Manager en Apple Mac OS X v10.4.11 y v10.5 antes de v10.5.7 permite a atacantes remotos ejecutar código arbitrario o causar ... • http://lists.apple.com/archives/security-announce/2009/Jun/msg00000.html • CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 0CVE-2009-0144
https://notcve.org/view.php?id=CVE-2009-0144
13 May 2009 — CFNetwork in Apple Mac OS X 10.5 before 10.5.7 does not properly parse noncompliant Set-Cookie headers, which allows remote attackers to obtain sensitive information by sniffing the network for "secure cookies" that are sent over unencrypted HTTP connections. CFNetwork en Apple Mac OS X v10.5 antes de v10.5.7 no analiza adecuadamente las cabeceras Set-Cookie no válidas, lo cual permite a atacantes remotos obtener información sensible mediante la captura de trafico de la red de "cookies seguras" que son envi... • http://lists.apple.com/archives/security-announce/2009/May/msg00002.html • CWE-16: Configuration •