CVSS: 7.8EPSS: 1%CPEs: 4EXPL: 0CVE-2009-2805
https://notcve.org/view.php?id=CVE-2009-2805
14 Sep 2009 — Integer overflow in CoreGraphics in Apple Mac OS X 10.4.11 and 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JBIG2 stream in a PDF file, leading to a heap-based buffer overflow. Desbordamiento de entero en CoreGraphics de Apple Mac OS X v10.4.11 y v10.5.8, permite a atacantes remotos ejecutar código de su elección o probocar una denegación de servicio (caída de la aplicación) a través de un flujo JBIG2 en un fichero PDF, conduciendo a... • http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html • CWE-189: Numeric Errors •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2009-2812
https://notcve.org/view.php?id=CVE-2009-2812
14 Sep 2009 — Launch Services in Apple Mac OS X 10.5.8 does not properly recognize an unsafe Uniform Type Identifier (UTI) in an exported document type in a downloaded application, which allows remote attackers to trigger the automatic opening of a file, and execute arbitrary code, via a crafted web site. Launch Services en Apple Mac OS X 10.5.8 no reconoce adecuadamente un Identificador de Tipo Uniform (uniforme/único) no seguro en un documento de tipo exportado en un aplicación descargado, lo que permite a atacantes re... • http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html •
CVSS: 6.5EPSS: 1%CPEs: 78EXPL: 0CVE-2009-2813 – Samba: Share restriction bypass via home-less directory user account(s)
https://notcve.org/view.php?id=CVE-2009-2813
14 Sep 2009 — Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and 3.0.12 through 3.0.36, as used in the SMB subsystem in Apple Mac OS X 10.5.8 when Windows File Sharing is enabled, Fedora 11, and other operating systems, does not properly handle errors in resolving pathnames, which allows remote authenticated users to bypass intended sharing restrictions, and read, create, or modify files, in certain circumstances involving user accounts that lack home directories. Samba 3.4 en versiones anteriores a 3.4.2, ... • http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2009-2803
https://notcve.org/view.php?id=CVE-2009-2803
14 Sep 2009 — CarbonCore in Apple Mac OS X 10.4.11 and 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a file with a crafted resource fork. CarbonCore en Apple Mac OS X 10.4.11 y 10.5.8 permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (corrupción de memoria y caída de aplicación) a través de un fichero con una bifurcación de recurso manipulada. • http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2009-2800
https://notcve.org/view.php?id=CVE-2009-2800
11 Sep 2009 — Buffer overflow in Alias Manager in Apple Mac OS X 10.4.11 and 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted alias file. Desbordamiento de búfer en Alias Manager en Apple Mac OS X v10.4.11 y v10.5.8, permite a atacantes ejecutar código de su elección o provocar una denegación de servicio (caída de aplicación) a través de un fichero alias manipulado. • http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 28EXPL: 0CVE-2009-2205
https://notcve.org/view.php?id=CVE-2009-2205
09 Sep 2009 — Stack-based buffer overflow in the Java Web Start command launcher in Java for Mac OS X 10.5 before Update 5 allows attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. Desbordamiento de búfer basado en pila en el Java Web Start Command Launcher en Java para Mac OS X v10.5 anterior a la actualización 5, permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (caída de aplicación) a través de vectores no especif... • http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 3%CPEs: 15EXPL: 0CVE-2009-3095 – httpd: mod_proxy_ftp FTP command injection via Authorization HTTP header
https://notcve.org/view.php?id=CVE-2009-3095
08 Sep 2009 — The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. El módulo mod_proxy_ftp en el sevidor HTTP Apache, permite a atacantes remotos evitar las restricciones de acceso establecidas y enviar comandos de su elección a un servidor FTP mediante vect... • http://intevydis.com/vd-list.shtml •
CVSS: 5.9EPSS: 0%CPEs: 8EXPL: 0CVE-2009-2474 – neon: Improper verification of x509v3 certificate with NULL (zero) byte in certain fields
https://notcve.org/view.php?id=CVE-2009-2474
21 Aug 2009 — neon before 0.28.6, when OpenSSL or GnuTLS is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. neon, en versiones anteriores a la 0.28.6, cuando OpenSSL está habilitado, no maneja adecuadamente un caracter '\0' en un nombre de dominio, en el campo Com... • http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html • CWE-326: Inadequate Encryption Strength •
CVSS: 7.1EPSS: 0%CPEs: 81EXPL: 0CVE-2009-2200
https://notcve.org/view.php?id=CVE-2009-2200
12 Aug 2009 — WebKit in Apple Safari before 4.0.3 does not properly restrict the URL scheme of the pluginspage attribute of an EMBED element, which allows user-assisted remote attackers to launch arbitrary file: URLs and obtain sensitive information via a crafted HTML document. WebKit en Apple Safari anteriores a v4.0.3 no restringe apropiadamente el esquema URL del atributo pluginspage de un elemento EMBED, lo que permite a los atacantes remotos asistidos por usuarios lanzar un archivo arbitrario: URLs y obtener informa... • http://lists.apple.com/archives/security-announce/2009/Aug/msg00002.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.1EPSS: 2%CPEs: 11EXPL: 0CVE-2009-2196
https://notcve.org/view.php?id=CVE-2009-2196
12 Aug 2009 — Unspecified vulnerability in Apple Safari 4 before 4.0.3 allows remote web servers to place an arbitrary web site in the Top Sites view, and possibly conduct phishing attacks, via unknown vectors. Vulnerabilidad no especificada en Apple Safari 4 anteriores a v4.0.3 que permite a los servidores web remotos colocar un sitio web arbitrario en la vista "Top Sites", y posiblemente conducir un ataque de phishing, a través de vectores desconocidos. • http://lists.apple.com/archives/security-announce/2009/Aug/msg00002.html •