CVSS: 5.5EPSS: 0%CPEs: 114EXPL: 5CVE-2009-1237 – Apple Mac OSX xnu 1228.3.13 - 'macfsstat' Local Kernel Memory Leak/Denial of Service
https://notcve.org/view.php?id=CVE-2009-1237
02 Apr 2009 — Multiple memory leaks in XNU 1228.3.13 and earlier on Apple Mac OS X 10.5.6 and earlier allow local users to cause a denial of service (kernel memory consumption) via a crafted (1) SYS_add_profil or (2) SYS___mac_getfsstat system call. Múltiples fugas de memoria en XNU v1228.3.13 y anteriores en Apple Mac OS X v10.5.6 y anteriores permite a usuarios locales producir una denegación de servicio (consumo de memoria del kernel) a traves de llamadas de sistema (1) SYS_add_profil o (2) SYS___mac_getfsstat manipul... • https://www.exploit-db.com/exploits/8263 • CWE-399: Resource Management Errors •
CVSS: 7.2EPSS: 0%CPEs: 114EXPL: 3CVE-2009-1238 – Apple Mac OSX xnu 1228.x - 'vfssysctl' Local Kernel Denial of Service (PoC)
https://notcve.org/view.php?id=CVE-2009-1238
02 Apr 2009 — Race condition in the HFS vfs sysctl interface in XNU 1228.8.20 and earlier on Apple Mac OS X 10.5.6 and earlier allows local users to cause a denial of service (kernel memory corruption) by simultaneously executing the same HFS_SET_PKG_EXTENSIONS code path in multiple threads, which is problematic because of lack of mutex locking for an unspecified global variable. Condición de carrera en el interfaz HFS vfs sysctl en XNU v1228.8.20 y anteriores en Apple Mac OS X v10.5.6 y anteriores permite a usuarios loc... • https://www.exploit-db.com/exploits/8265 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.1EPSS: 9%CPEs: 15EXPL: 0CVE-2009-0040 – libpng arbitrary free() flaw
https://notcve.org/view.php?id=CVE-2009-0040
22 Feb 2009 — The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables. La libreria de referencia PNG (tambien conocida como libpng) anterior a v1.0.43, y v1.2.x anteriores a... • ftp://ftp.simplesystems.org/pub/png/src/libpng-1.2.34-ADVISORY.txt • CWE-824: Access of Uninitialized Pointer •
CVSS: 8.8EPSS: 3%CPEs: 4EXPL: 0CVE-2009-0020
https://notcve.org/view.php?id=CVE-2009-0020
13 Feb 2009 — Unspecified vulnerability in CarbonCore in Apple Mac OS X 10.4.11 and 10.5.6 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted resource fork that triggers memory corruption. Vulnerabilidad no especificada en CarbonCore en Apple Mac OS X v10.4.11 y v10.5.6 que permite a los atacantes remotos causar una denegación de servicios (terminación de la aplicación) y ejecuta arbitrariamente código a través de bifurcación de recurso manipulada que l... • http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2009-0013
https://notcve.org/view.php?id=CVE-2009-0013
13 Feb 2009 — dscl in DS Tools in Apple Mac OS X 10.4.11 and 10.5.6 requires that passwords must be provided as command line arguments, which allows local users to gain privileges by listing process information. dscl en DS Tools den Apple Mac OS X v10.4.11 y v10.5.6, requiere que la contraseña sea proporcionada como argumentos de la línea de comandos, esto permite a usuarios locales ganar privilegios al listar información de los procesos. • http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html • CWE-255: Credentials Management Errors •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2009-0017
https://notcve.org/view.php?id=CVE-2009-0017
13 Feb 2009 — csregprinter in the Printing component in Apple Mac OS X 10.4.11 and 10.5.6 does not properly handle error conditions, which allows local users to execute arbitrary code via unknown vectors that trigger a heap-based buffer overflow. csregprinter en el componente Printing de Apple Mac OS X v10.4.11 y v10.5.6, no maneja adecuadamente las condiciones de error, esto permite a usuarios locales ejecutar código de su elección a través de vectores desconocidos que provocan un desbordamiento del búfer basado en mont... • http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 1%CPEs: 4EXPL: 0CVE-2009-0009
https://notcve.org/view.php?id=CVE-2009-0009
13 Feb 2009 — Unspecified vulnerability in the Pixlet codec in Apple Mac OS X 10.4.11 and 10.5.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted movie file that triggers memory corruption. Vulnerabilidad no especificada en Pixlet codec en Apple Mac OS X v10.4.11 y v10.5.6 que permite a los atacantes remotos causar una denegación de servicios (terminación de la aplicación) y posiblemente una ejecución arbitraria de código a través de archivos... • http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0CVE-2009-0019
https://notcve.org/view.php?id=CVE-2009-0019
13 Feb 2009 — Remote Apple Events in Apple Mac OS X 10.4.11 and 10.5.6 allows remote attackers to cause a denial of service (application termination) or obtain sensitive information via unspecified vectors that trigger an out-of-bounds memory access. Remote Apple Events en Apple Mac OS X v10.4.11 y v10.5.6 que permite a los atacantes remotos causar una denegación de servicios (terminación de la aplicación) u obtener información sensible a través de vectores no especificados que lanzan un acceso a memoria fuera de rango. • http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2009-0141
https://notcve.org/view.php?id=CVE-2009-0141
13 Feb 2009 — XTerm in Apple Mac OS X 10.4.11 and 10.5.6, when used with luit, creates tty devices with insecure world-writable permissions, which allows local users to write to the Xterm of another user. XTerm en Apple Mac OS X v10.4.11 y v10.5.6, cuando usado con luit, crea dispositivos tty con permisos inseguros de escritura, el cual permite a los usuarios locales escribir a el Xterm de otro usuario. • http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 10.0EPSS: 0%CPEs: 7EXPL: 0CVE-2009-0137
https://notcve.org/view.php?id=CVE-2009-0137
13 Feb 2009 — Multiple unspecified vulnerabilities in Safari RSS in Apple Mac OS X 10.4.11 and 10.5.6, and Windows XP and Vista, allow remote attackers to execute arbitrary JavaScript in the local security zone via a crafted feed: URL, related to "input validation issues." Vulnerabilidades múltiples no especificadas en Safari RSS en Apple Mac OS X v10.4.11 y v10.5.6, y Windows XP y Vista, que permite a los atacantes remotos ejecutar arbitrariamente JavaScript en la zona de seguridad local a través de una suscripción mani... • http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html • CWE-20: Improper Input Validation •