CVSS: 6.1EPSS: 2%CPEs: 14EXPL: 0CVE-2009-0153 – icu: XSS vulnerability due to improper invalid byte sequence handling
https://notcve.org/view.php?id=CVE-2009-0153
13 May 2009 — International Components for Unicode (ICU) 4.0, 3.6, and other 3.x versions, as used in Apple Mac OS X 10.5 before 10.5.7, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Fedora 9 and 10, and possibly other operating systems, does not properly handle invalid byte sequences during Unicode conversion, which might allow remote attackers to conduct cross-site scripting (XSS) attacks. International Components para Unicode (ICU) en Apple Mac OS X v10.5 antes de v10.5.7 no maneja correctam... • http://bugs.icu-project.org/trac/ticket/5691 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 3%CPEs: 16EXPL: 0CVE-2009-0942
https://notcve.org/view.php?id=CVE-2009-0942
13 May 2009 — Help Viewer in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not verify that certain Cascading Style Sheets (CSS) are located in a registered help book, which allows remote attackers to execute arbitrary code via a help: URL that triggers invocation of AppleScript files. Help Viewer de Apple Mac OS X v10.4.11 y v10.5 anterior a v10.5.7 no comprueba que ciertas Hojas de Estilo en Cascada (CSS) se encuentran en un libro de ayuda registrado, lo cual permite a atacantes remotos ejecutar código arbitrario a... • http://lists.apple.com/archives/security-announce/2009/May/msg00002.html • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 35%CPEs: 14EXPL: 0CVE-2009-0155
https://notcve.org/view.php?id=CVE-2009-0155
13 May 2009 — Integer underflow in CoreGraphics in Apple Mac OS X 10.5 before 10.5.7, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF file that triggers a heap-based buffer overflow. Desbordamiento inferior de enteros en CoreGraphics en Apple Mac OS X v10.5 antes de v10.5.7 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (cuelgue de apl... • http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 0%CPEs: 14EXPL: 0CVE-2009-0157
https://notcve.org/view.php?id=CVE-2009-0157
13 May 2009 — Heap-based buffer overflow in CFNetwork in Apple Mac OS X 10.5 before 10.5.7 allows remote web servers to execute arbitrary code or cause a denial of service (application crash) via long HTTP headers. Desbordamiento de búfer basado pila en CFNetwork en Apple Mac OS X v10.5 antes de v10.5.7 permite a servidores web remotos ejecutar código arbitrario o causar una denegación de servicio (cuelgue de aplicación) a través de cabeceras HTTP largas. • http://lists.apple.com/archives/security-announce/2009/May/msg00002.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 1%CPEs: 13EXPL: 0CVE-2009-0144
https://notcve.org/view.php?id=CVE-2009-0144
13 May 2009 — CFNetwork in Apple Mac OS X 10.5 before 10.5.7 does not properly parse noncompliant Set-Cookie headers, which allows remote attackers to obtain sensitive information by sniffing the network for "secure cookies" that are sent over unencrypted HTTP connections. CFNetwork en Apple Mac OS X v10.5 antes de v10.5.7 no analiza adecuadamente las cabeceras Set-Cookie no válidas, lo cual permite a atacantes remotos obtener información sensible mediante la captura de trafico de la red de "cookies seguras" que son envi... • http://lists.apple.com/archives/security-announce/2009/May/msg00002.html • CWE-16: Configuration •
CVSS: 8.8EPSS: 7%CPEs: 16EXPL: 0CVE-2009-0160
https://notcve.org/view.php?id=CVE-2009-0160
13 May 2009 — QuickDraw Manager in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image that triggers memory corruption. QuickDraw Manager en Apple Mac OS X v10.4.11 y v10.5 antes de v10.5.7 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (cuelgue de aplicación) a través de una imagen PICT elaborado lo que provoca la corrupción de memoria. • http://lists.apple.com/archives/security-announce/2009/May/msg00002.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 2%CPEs: 2EXPL: 0CVE-2009-0152
https://notcve.org/view.php?id=CVE-2009-0152
13 May 2009 — iChat in Apple Mac OS X 10.5 before 10.5.7 disables SSL for AOL Instant Messenger (AIM) communication in certain circumstances that are inconsistent with the Require SSL setting, which allows remote attackers to obtain sensitive information by sniffing the network. iChat en Apple Mac OS X v10.5 antes de v10.5.7 desactiva SSL para la comunicación de AOL Instant Messenger (AIM) en determinadas circunstancias que sean incompatibles con la configuración "Require SSL", lo cual permite a atacantes remotos obtener... • http://lists.apple.com/archives/security-announce/2009/May/msg00002.html • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0CVE-2009-0150
https://notcve.org/view.php?id=CVE-2009-0150
13 May 2009 — Stack-based buffer overflow in Apple Mac OS X 10.5 before 10.5.7 allows local users to gain privileges or cause a denial of service (application crash) by attempting to mount a crafted sparse disk image. Desbordamiento de búfer basado en pila en Apple Mac OS X v10.5 antes de v10.5.7 permite a usuarios locales obtener privilegios o provocar una denegación de servicio (cuelgue de aplicación) por tratar de montar una imagen de disco dispersa elaborada. • http://lists.apple.com/archives/security-announce/2009/May/msg00002.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 7%CPEs: 16EXPL: 0CVE-2009-0944
https://notcve.org/view.php?id=CVE-2009-0944
13 May 2009 — The Microsoft Office Spotlight Importer in Spotlight in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not properly validate Microsoft Office files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a file that triggers memory corruption. Microsoft Office Spotlight Importer en Apple Mac OS X v10.4.11 y v10.5 anterior a v10.5.7 no valida adecuadamente los archivos de Microsoft Office, lo cual permite a atacantes remotos ejecutar código arbitrario... • http://lists.apple.com/archives/security-announce/2009/May/msg00002.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.3EPSS: 0%CPEs: 16EXPL: 0CVE-2009-0149
https://notcve.org/view.php?id=CVE-2009-0149
13 May 2009 — Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows local users to gain privileges or cause a denial of service (application crash) by attempting to mount a crafted sparse disk image that triggers memory corruption. Apple Mac OS X v10.4.11 y v10.5 antes de v10.5.7 permite a usuarios locales obtener privilegios o provocar una denegación de servicio (cuelgue de aplicación) por tratar de montar una imagen de disco (disperso) elaborado lo cual provoca la corrupción de memoria. • http://lists.apple.com/archives/security-announce/2009/May/msg00002.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •