CVSS: 4.3EPSS: 0%CPEs: 118EXPL: 1CVE-2009-2820 – CUPS - 'kerberos' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2009-2820
The web interface in CUPS before 1.4.2, as used on Apple Mac OS X before 10.6.2 and other platforms, does not properly handle (1) HTTP headers and (2) HTML templates, which allows remote attackers to conduct cross-site scripting (XSS) attacks and HTTP response splitting attacks via vectors related to (a) the product's web interface, (b) the configuration of the print system, and (c) the titles of printed jobs, as demonstrated by an XSS attack that uses the kerberos parameter to the admin program, and leverages attribute injection and HTTP Parameter Pollution (HPP) issues. CUPS en Apple Mac OS X anterior a v10.6.2no maneja adecuadamente (1) las cabeceras HTTP y (2) las plantillas HTML, lo que permite a atacantes remotos dirigir ataques de petición de sitios cruzados (XSS) y ataques de separación de respuesta HTTP a través de vectores relacionados con (a) la interfaz web del producto, (b) la configuración del sistema de impresión, y (c) los títulos de los trabajos impresos. • https://www.exploit-db.com/exploits/10001 http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html http://secunia.com/advisories/37308 http://secunia.com/advisories/37360 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021115.1-1 http://support.apple.com/kb/HT3937 http://www.cups.org/articles.php?L590 http://www.cups.org/documentation.php/relnotes.html http://www.cups.org/str.php?L3367 http://www.mandriva.com/security/advisories?name=MDVSA-2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 38EXPL: 0CVE-2009-2416 – mingw32-libxml2: Pointer use-after-free flaws by parsing Notation and Enumeration attribute types
https://notcve.org/view.php?id=CVE-2009-2416
Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework. Múltiples vulnerabilidades de uso anterior a la liberación en libxml2 v2.5.10, v2.6.16, v2.6.26, v2.6.27, y v2.6.32, y libxml v1.8.17, permite a atacantes dependientes de contexto producir una denegación de servicio (caída de aplicación) a través de una ,manipulación de (1) una notación o (2) tipos de atributo de enumeración en un fichero XML como se demostró en Codenomicon XML fuzzing framework. • http://googlechromereleases.blogspot.com/2009/08/stable-update-security-fixes.html http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html http://lists.apple.com/archives/security-announce/2009/Nov/msg00001.html http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html http://secunia.com/advisories/35036 http://secunia.com/advisories/36207 http://secunia.com/advisories/36338 http://secunia • CWE-416: Use After Free •
CVSS: 7.5EPSS: 6%CPEs: 15EXPL: 3CVE-2009-0949 – CUPS 1.3.9 - 'cups/ipp.c' Null Pointer Dereference Denial of Service
https://notcve.org/view.php?id=CVE-2009-0949
The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10 does not properly initialize memory for IPP request packets, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a scheduler request with two consecutive IPP_TAG_UNSUPPORTED tags. La función ippReadIO en cups/ipp.c en cupsd en CUPS antes de la versión 1.3.10 no inicia de manera apropiada la memoria para paquetes de solicitud IPP, lo que permite a atacantes remotos provocar una denegación de servicio (referencia a puntero nulo y caída del demonio) mediante una solicitud de programación (scheduler) con dos etiquetas IPP_TAG_UNSUPPORTED consecutivas. • https://www.exploit-db.com/exploits/33020 http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html http://secunia.com/advisories/35322 http://secunia.com/advisories/35328 http://secunia.com/advisories/35340 http://secunia.com/advisories/35342 http://secunia.com/advisories/35685 http://secunia.com/advisories/36701 http://securitytracker.com/id?1022321 http://support.apple.com/kb/HT3865 http&# • CWE-476: NULL Pointer Dereference CWE-908: Use of Uninitialized Resource •
CVSS: 7.2EPSS: 0%CPEs: 114EXPL: 4CVE-2009-1235 – Apple Mac OSX xnu 1228.x - 'hfs-fcntl' Kernel Privilege Escalation
https://notcve.org/view.php?id=CVE-2009-1235
XNU 1228.9.59 and earlier on Apple Mac OS X 10.5.6 and earlier does not properly restrict interaction between user space and the HFS IOCTL handler, which allows local users to overwrite kernel memory and gain privileges by attaching an HFS+ disk image and performing certain steps involving HFS_GET_BOOT_INFO fcntl calls. XNU v1228.9.59 y anteriores en Apple Mac OS X v10.5.6 no aplica las restricciones adecuadas entre el espacio del usuario y el manejador HFS IOCTL, lo que permite a usuarios locales sobrescribir la memoria del kernel y conseguir ganar privilegios adjuntando una imagen de un disco HFS+ y realizando ciertos pasos incluyendo llamadas HFS_GET_BOOT_INFO fcntl. • https://www.exploit-db.com/exploits/8266 http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html http://secunia.com/advisories/34424 http://secunia.com/advisories/36096 http://support.apple.com/kb/HT3757 http://www.digit-labs.org/files/exploits/xnu-hfs-fcntl-v2.c http://www.digit-labs.org/files/exploits/xnu-hfs-fcntl-v2.sh http://www.informationweek.com/news/hardware/mac/showArticle.jhtml?articleID=216401181 http://www.securityfocus.com/bid/34203 http:/&# • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.9EPSS: 0%CPEs: 114EXPL: 5CVE-2009-1237 – Apple Mac OSX xnu 1228.3.13 - 'macfsstat' Local Kernel Memory Leak/Denial of Service
https://notcve.org/view.php?id=CVE-2009-1237
Multiple memory leaks in XNU 1228.3.13 and earlier on Apple Mac OS X 10.5.6 and earlier allow local users to cause a denial of service (kernel memory consumption) via a crafted (1) SYS_add_profil or (2) SYS___mac_getfsstat system call. Múltiples fugas de memoria en XNU v1228.3.13 y anteriores en Apple Mac OS X v10.5.6 y anteriores permite a usuarios locales producir una denegación de servicio (consumo de memoria del kernel) a traves de llamadas de sistema (1) SYS_add_profil o (2) SYS___mac_getfsstat manipuladas. • https://www.exploit-db.com/exploits/8263 https://www.exploit-db.com/exploits/8264 http://secunia.com/advisories/34424 http://www.digit-labs.org/files/exploits/xnu-macfsstat-leak.c http://www.digit-labs.org/files/exploits/xnu-profil-leak.c http://www.informationweek.com/news/hardware/mac/showArticle.jhtml?articleID=216401181 http://www.securityfocus.com/bid/34202 • CWE-399: Resource Management Errors •