CVSS: 6.5EPSS: 1%CPEs: 21EXPL: 0CVE-2010-0205 – libpng: excessive memory consumption due to highly compressed huge ancillary chunk
https://notcve.org/view.php?id=CVE-2010-0205
03 Mar 2010 — The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application hang) via a crafted PNG file, as demonstrated by use of the deflate compression method on data composed of many occurrences of the same character, related to a "de... • http://libpng.sourceforge.net/ADVISORY-1.4.1.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.3EPSS: 1%CPEs: 4EXPL: 0CVE-2010-0037
https://notcve.org/view.php?id=CVE-2010-0037
20 Jan 2010 — Buffer overflow in Image RAW in Apple Mac OS X 10.5.8 and 10.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted DNG image. Desbordamiento de búfer en Image RAW en Apple Mac OS X v10.5.8 y v10.6.2 permite a atacantes remotos ejecutar código arbitrario o producir una denegación de servicio (caída de aplicación) a través de una imagen DNG manipulada. • http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 4%CPEs: 4EXPL: 0CVE-2010-0036
https://notcve.org/view.php?id=CVE-2010-0036
20 Jan 2010 — Buffer overflow in CoreAudio in Apple Mac OS X 10.5.8 and 10.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MP4 audio file. Desbordamiento de búfer en CoreAudio in Apple Mac OS X v10.5.8 y v10.6.2 permite a atacantes remotos ejecutar código arbitrario o producir una denegación de servicio (caída de aplicación) a través de un fichero de audio MP4 manipulado. • http://lists.apple.com/archives/security-announce/2010/Feb/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 0CVE-2009-2843
https://notcve.org/view.php?id=CVE-2009-2843
08 Dec 2009 — Java for Mac OS X 10.5 before Update 6 and 10.6 before Update 1 accepts expired certificates for applets, which makes it easier for remote attackers to execute arbitrary code via an applet. Java para Mac OS X 1v0.5 anterior Update v6 y v10.6 anterior Update v1 acepta certificados expirados para applets, lo que hace que sea facil para atacantes remotos ejecutar código de su elección a través de un applet. • http://lists.apple.com/archives/security-announce/2009/Dec/msg00000.html • CWE-310: Cryptographic Issues •
CVSS: 7.5EPSS: 7%CPEs: 14EXPL: 1CVE-2009-4017 – PHP < 5.3.1 - 'MultiPart/form-data' Denial of Service
https://notcve.org/view.php?id=CVE-2009-4017
24 Nov 2009 — PHP before 5.2.12 and 5.3.x before 5.3.1 does not restrict the number of temporary files created when handling a multipart/form-data POST request, which allows remote attackers to cause a denial of service (resource exhaustion), and makes it easier for remote attackers to exploit local file inclusion vulnerabilities, via multiple requests, related to lack of support for the max_file_uploads directive. PHP v5.2.11, y v5.3.x antes de v5.3.1, no restringen el número de archivos temporales creados al manipular ... • https://www.exploit-db.com/exploits/10242 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 6%CPEs: 14EXPL: 0CVE-2009-3553 – cups: Use-after-free (crash) due improper reference counting in abstract file descriptors handling interface
https://notcve.org/view.php?id=CVE-2009-3553
20 Nov 2009 — Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information. Vulnerabilidad de uso anterior a la liberación en el d... • http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2009-2826
https://notcve.org/view.php?id=CVE-2009-2826
10 Nov 2009 — Multiple integer overflows in CoreGraphics in Apple Mac OS X 10.5.8 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document that triggers a heap-based buffer overflow. Múltiples desbordamiento de búfer en CoreGraphics en Apple Mac OS X v10.5.8 permite a atacantes remotos ejecutar código a su elección o causar una denegación de servicio (caída de programa) a través de documentos PDF manipulados que provoca desbordamiento de búfer basado en ... • http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html • CWE-189: Numeric Errors •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2009-2838
https://notcve.org/view.php?id=CVE-2009-2838
10 Nov 2009 — Integer overflow in QuickLook in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Office document that triggers a buffer overflow. Desbordamiento de entero en QuickLook en Apple Mac OS X v10.5.8 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (cuelgue de aplicación) a través de un documento de Microsoft Office manipulado que provoca un desbordamiento de búfer. • http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html • CWE-189: Numeric Errors •
CVSS: 8.8EPSS: 2%CPEs: 2EXPL: 0CVE-2009-2824
https://notcve.org/view.php?id=CVE-2009-2824
10 Nov 2009 — Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 allow remote attackers to execute arbitrary code via a crafted embedded font in a document. Múltiples desbordamiento de búfer en Apple Type Services (ATS) en Apple Mac OS X v10.5.8 permite a atacantes remotos ejecutar código de su elección a través de fuentes manipuladas embebidas en un documento. • http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2009-2840
https://notcve.org/view.php?id=CVE-2009-2840
10 Nov 2009 — Spotlight in Apple Mac OS X 10.5.8 does not properly handle temporary files, which allows local users to overwrite arbitrary files in the context of a different user's privileges via unspecified vectors. Spotlight en Apple Mac OS X v10.5.8 no maneja adecuadamente los archivos temporales, lo que permite a usuarios locales sobrescribir archivos de su elección en el contexto de los privilegios de usuario diferentes a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html •