CVSS: 7.8EPSS: 2%CPEs: 16EXPL: 0CVE-2009-1717
https://notcve.org/view.php?id=CVE-2009-1717
05 Jun 2009 — Integer overflow in Terminal in Apple Mac OS X 10.5 before 10.5.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted size value in a CSI[4 xterm resize escape sequence that triggers a heap-based buffer overflow. Vulnerabilidad de desbordamiento de entero en Terminal de Apple Mac OS X en sus versiones v10.5 anteriores a v10.5.7. Permite a atacantes remotos ejecutar código de su elección o ejecutar una denegación de servicio (... • http://dvlabs.tippingpoint.com/advisory/TPTI-09-04 • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 45%CPEs: 17EXPL: 0CVE-2009-0010 – Apple Quicktime PICT Opcode 0x71 Heap Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2009-0010
13 May 2009 — Integer underflow in QuickDraw Manager in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7, and Apple QuickTime before 7.6.2, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PICT image with a crafted 0x77 Poly tag and a crafted length field, which triggers a heap-based buffer overflow. Desbordamiento inferior de entero en QuickDraw Manager en Apple Mac OS X v10.4.11 y v10.5 antes de v10.5.7 permite a atacantes remotos ejecutar código arbitrario o causar ... • http://lists.apple.com/archives/security-announce/2009/Jun/msg00000.html • CWE-189: Numeric Errors •
CVSS: 5.5EPSS: 1%CPEs: 16EXPL: 0CVE-2009-0156
https://notcve.org/view.php?id=CVE-2009-0156
13 May 2009 — Launch Services in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to cause a denial of service (persistent Finder crash) via a crafted Mach-O executable that triggers an out-of-bounds memory read. Launch Services en Apple Mac OS X v10.4.11 y v10.5 antes de v10.5.7 permite a atacantes remotos provocar una denegación de servicio (cuelgue persistente de Finder) a través de un ejecutable elaborado "Mach-O" que desencadena una lectura fuera de los límites de memoria. • http://lists.apple.com/archives/security-announce/2009/May/msg00002.html • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 4%CPEs: 14EXPL: 0CVE-2009-0155
https://notcve.org/view.php?id=CVE-2009-0155
13 May 2009 — Integer underflow in CoreGraphics in Apple Mac OS X 10.5 before 10.5.7, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF file that triggers a heap-based buffer overflow. Desbordamiento inferior de enteros en CoreGraphics en Apple Mac OS X v10.5 antes de v10.5.7 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (cuelgue de apl... • http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 1%CPEs: 14EXPL: 0CVE-2009-0157
https://notcve.org/view.php?id=CVE-2009-0157
13 May 2009 — Heap-based buffer overflow in CFNetwork in Apple Mac OS X 10.5 before 10.5.7 allows remote web servers to execute arbitrary code or cause a denial of service (application crash) via long HTTP headers. Desbordamiento de búfer basado pila en CFNetwork en Apple Mac OS X v10.5 antes de v10.5.7 permite a servidores web remotos ejecutar código arbitrario o causar una denegación de servicio (cuelgue de aplicación) a través de cabeceras HTTP largas. • http://lists.apple.com/archives/security-announce/2009/May/msg00002.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 0CVE-2008-1517
https://notcve.org/view.php?id=CVE-2008-1517
13 May 2009 — Array index error in the xnu (Mach) kernel in Apple Mac OS X 10.5 before 10.5.7 allows local users to gain privileges or cause a denial of service (system shutdown) via unspecified vectors related to workqueues. El núcleo en Apple Mac OS X v10.5 antes de v10.5.7 no verifica los índices correctamente durante la tramitación de colas de trabajo (workqueues), lo cual permite a usuarios locales obtener privilegios o provocar una denegación de servicio (apagado del sistema) a través de vectores no especificados. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=797 • CWE-20: Improper Input Validation •
CVSS: 7.3EPSS: 0%CPEs: 16EXPL: 0CVE-2009-0149
https://notcve.org/view.php?id=CVE-2009-0149
13 May 2009 — Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows local users to gain privileges or cause a denial of service (application crash) by attempting to mount a crafted sparse disk image that triggers memory corruption. Apple Mac OS X v10.4.11 y v10.5 antes de v10.5.7 permite a usuarios locales obtener privilegios o provocar una denegación de servicio (cuelgue de aplicación) por tratar de montar una imagen de disco (disperso) elaborado lo cual provoca la corrupción de memoria. • http://lists.apple.com/archives/security-announce/2009/May/msg00002.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 2%CPEs: 16EXPL: 0CVE-2009-0942
https://notcve.org/view.php?id=CVE-2009-0942
13 May 2009 — Help Viewer in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not verify that certain Cascading Style Sheets (CSS) are located in a registered help book, which allows remote attackers to execute arbitrary code via a help: URL that triggers invocation of AppleScript files. Help Viewer de Apple Mac OS X v10.4.11 y v10.5 anterior a v10.5.7 no comprueba que ciertas Hojas de Estilo en Cascada (CSS) se encuentran en un libro de ayuda registrado, lo cual permite a atacantes remotos ejecutar código arbitrario a... • http://lists.apple.com/archives/security-announce/2009/May/msg00002.html • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 5%CPEs: 15EXPL: 0CVE-2009-0145
https://notcve.org/view.php?id=CVE-2009-0145
13 May 2009 — CoreGraphics in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF file that triggers memory corruption. CoreGraphics en Apple Mac OS X v10.4.11 y v10.5 antes de v10.5.7 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (cuelgue de aplicación) a través de un archivo PDF manipulado ... • http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 1%CPEs: 16EXPL: 0CVE-2009-0160
https://notcve.org/view.php?id=CVE-2009-0160
13 May 2009 — QuickDraw Manager in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image that triggers memory corruption. QuickDraw Manager en Apple Mac OS X v10.4.11 y v10.5 antes de v10.5.7 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (cuelgue de aplicación) a través de una imagen PICT elaborado lo que provoca la corrupción de memoria. • http://lists.apple.com/archives/security-announce/2009/May/msg00002.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •