CVSS: 8.1EPSS: 1%CPEs: 19EXPL: 0CVE-2009-1727
https://notcve.org/view.php?id=CVE-2009-1727
06 Aug 2009 — Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X 10.5 before 10.5.8 makes it easier for user-assisted remote attackers to execute arbitrary JavaScript via a web page that offers a download with a Content-Type value that is not on the list of possibly unsafe content types for Safari. Vulnerabilidad de lista negra incompleta en CoreTypes en Apple Mac OS X v10.5 anterior a v10.5.8 hace mas fácil a atacantes remotos asistidos por usuarios ejecutar código JavaScript arbitrario a través de una pa... • http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html •
CVSS: 6.1EPSS: 2%CPEs: 20EXPL: 0CVE-2009-1723
https://notcve.org/view.php?id=CVE-2009-1723
06 Aug 2009 — CFNetwork in Apple Mac OS X 10.5 before 10.5.8 places an incorrect URL in a certificate warning in certain 302 redirection scenarios, which makes it easier for remote attackers to trick a user into visiting an arbitrary https web site by leveraging an open redirect vulnerability, a different issue than CVE-2009-2062. CFNetwork en Apple Mac OS X v10.5 anterior a v10.5.8 coloca una URL incorrecta en una advertencia de certificado en algunos escenarios de redirección 302, lo cual hace más fácil para los atacan... • http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html •
CVSS: 7.2EPSS: 0%CPEs: 20EXPL: 0CVE-2009-0151
https://notcve.org/view.php?id=CVE-2009-0151
06 Aug 2009 — The screen saver in Dock in Apple Mac OS X 10.5 before 10.5.8 does not prevent four-finger Multi-Touch gestures, which allows physically proximate attackers to bypass locking and "manage applications or use Expose" via unspecified vectors. El protector de pantalla en el Dock en Apple Mac OS X v10.5 anterior a v10.5.8 no previene gestos multi-tactiles cuatro-dedos (four-finger Multi-Touch), lo cual permite a atacantes próximos físicamente eludir el bloqueo y "gestionar aplicaciones o exposición al uso" a tra... • http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html •
CVSS: 9.8EPSS: 0%CPEs: 13EXPL: 0CVE-2009-1721 – Gentoo Linux Security Advisory 201312-07
https://notcve.org/view.php?id=CVE-2009-1721
31 Jul 2009 — The decompression implementation in the Imf::hufUncompress function in OpenEXR 1.2.2 and 1.6.1 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger a free of an uninitialized pointer. La implementación de la descompresión en la función Imf::hufUncompress en OpenEXR v1.2.2 y v1.6.1 permite a los atacantes dependientes del contexto provocar una denegación de servicio (finalización de la aplicación) o posiblemente ejecut... • http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html • CWE-824: Access of Uninitialized Pointer •
CVSS: 9.8EPSS: 4%CPEs: 5EXPL: 1CVE-2009-2422
https://notcve.org/view.php?id=CVE-2009-2422
10 Jul 2009 — The example code for the digest authentication functionality (http_authentication.rb) in Ruby on Rails before 2.3.3 defines an authenticate_or_request_with_http_digest block that returns nil instead of false when the user does not exist, which allows context-dependent attackers to bypass authentication for applications that are derived from this example by sending an invalid username without a password. El código de ejemplo para la funcionalidad de autenticación digest (http_authentication.rb) en Ruby on Ra... • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 22%CPEs: 39EXPL: 0CVE-2009-1719 – Apple Java CColourUIResource Pointer Dereference Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2009-1719
16 Jun 2009 — The Aqua Look and Feel for Java implementation in Java 1.5 on Mac OS X 10.5 allows remote attackers to execute arbitrary code via a call to the undocumented apple.laf.CColourUIResource constructor with a crafted value in the first argument, which is dereferenced as a pointer. Aqua Look and Feel para la implementación de Java en Java v1.5 en Mac OS X 10.5 permite a atacantes remotos ejecutar código arbitrario a través de una llamada a los indocumentados. El constructor apple.laf.CColourUIResource con un valo... • http://lists.apple.com/archives/security-announce/2009/Jun/msg00003.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 31%CPEs: 15EXPL: 3CVE-2009-0949 – CUPS 1.3.9 - 'cups/ipp.c' Null Pointer Dereference Denial of Service
https://notcve.org/view.php?id=CVE-2009-0949
09 Jun 2009 — The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10 does not properly initialize memory for IPP request packets, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a scheduler request with two consecutive IPP_TAG_UNSUPPORTED tags. La función ippReadIO en cups/ipp.c en cupsd en CUPS antes de la versión 1.3.10 no inicia de manera apropiada la memoria para paquetes de solicitud IPP, lo que permite a atacantes remotos provocar una denegació... • https://www.exploit-db.com/exploits/33020 • CWE-476: NULL Pointer Dereference CWE-908: Use of Uninitialized Resource •
CVSS: 7.5EPSS: 33%CPEs: 13EXPL: 1CVE-2009-1955 – Apache mod_dav / svn - Remote Denial of Service
https://notcve.org/view.php?id=CVE-2009-1955
06 Jun 2009 — The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564. El parseador XML en el interfaz apr_xml_* en xml/apr_xml.c en Apache APR-util anteriores a v1.3.7 tal y como es... • https://www.exploit-db.com/exploits/8842 • CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •
CVSS: 7.8EPSS: 2%CPEs: 16EXPL: 0CVE-2009-1717
https://notcve.org/view.php?id=CVE-2009-1717
05 Jun 2009 — Integer overflow in Terminal in Apple Mac OS X 10.5 before 10.5.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted size value in a CSI[4 xterm resize escape sequence that triggers a heap-based buffer overflow. Vulnerabilidad de desbordamiento de entero en Terminal de Apple Mac OS X en sus versiones v10.5 anteriores a v10.5.7. Permite a atacantes remotos ejecutar código de su elección o ejecutar una denegación de servicio (... • http://dvlabs.tippingpoint.com/advisory/TPTI-09-04 • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 92%CPEs: 17EXPL: 0CVE-2009-0010 – Apple Quicktime PICT Opcode 0x71 Heap Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2009-0010
13 May 2009 — Integer underflow in QuickDraw Manager in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7, and Apple QuickTime before 7.6.2, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PICT image with a crafted 0x77 Poly tag and a crafted length field, which triggers a heap-based buffer overflow. Desbordamiento inferior de entero en QuickDraw Manager en Apple Mac OS X v10.4.11 y v10.5 antes de v10.5.7 permite a atacantes remotos ejecutar código arbitrario o causar ... • http://lists.apple.com/archives/security-announce/2009/Jun/msg00000.html • CWE-189: Numeric Errors •