CVSS: 7.8EPSS: 16%CPEs: 15EXPL: 0CVE-2009-0145
https://notcve.org/view.php?id=CVE-2009-0145
13 May 2009 — CoreGraphics in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF file that triggers memory corruption. CoreGraphics en Apple Mac OS X v10.4.11 y v10.5 antes de v10.5.7 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (cuelgue de aplicación) a través de un archivo PDF manipulado ... • http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.4EPSS: 1%CPEs: 14EXPL: 0CVE-2009-0161
https://notcve.org/view.php?id=CVE-2009-0161
13 May 2009 — The OpenSSL::OCSP module for Ruby in Apple Mac OS X 10.5 before 10.5.7 misinterprets an unspecified invalid response as a successful OCSP certificate validation, which might allow remote attackers to spoof certificate authentication via a revoked certificate. El módulo OpenSSL::OCSP de Ruby en Apple Mac OS X v10.5 anterior a v10.5.7 malinterpreta una respuesta no válida no especificada como un certificado de validación OCSP válido, lo que podría permitir a atacantes remotos falsear certificados de autentica... • http://lists.apple.com/archives/security-announce/2009/May/msg00002.html • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 9%CPEs: 16EXPL: 0CVE-2009-0158
https://notcve.org/view.php?id=CVE-2009-0158
13 May 2009 — Stack-based buffer overflow in telnet in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long hostname for a telnet server. Desbordamiento de búfer basado en pila en telnet en Apple Mac OS X v10.4.11 y v10.5 antes de v10.5.7 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (cuelgue de aplicación) a través de un nombre de host largo para un servidor telnet. • http://lists.apple.com/archives/security-announce/2009/May/msg00002.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 3%CPEs: 70EXPL: 1CVE-2009-0162 – Apple Safari 3.2.2 - 'feed:' URI Multiple Input Validation Vulnerabilities
https://notcve.org/view.php?id=CVE-2009-0162
13 May 2009 — Cross-site scripting (XSS) vulnerability in Safari before 3.2.3, and 4 Public Beta, on Apple Mac OS X 10.5 before 10.5.7 and Windows allows remote attackers to inject arbitrary web script or HTML via a crafted feed: URL. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Safari v3.2.3 y v4 Beta Pública, en el Apple Mac OS X v10.5 y anteriores a v10.5.7 y Windows permite a atacantes remotos inyectar script web arbitrario o HTML a través de una suscripción manipulada: URL. • https://www.exploit-db.com/exploits/32994 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 2%CPEs: 14EXPL: 0CVE-2009-0153 – icu: XSS vulnerability due to improper invalid byte sequence handling
https://notcve.org/view.php?id=CVE-2009-0153
13 May 2009 — International Components for Unicode (ICU) 4.0, 3.6, and other 3.x versions, as used in Apple Mac OS X 10.5 before 10.5.7, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Fedora 9 and 10, and possibly other operating systems, does not properly handle invalid byte sequences during Unicode conversion, which might allow remote attackers to conduct cross-site scripting (XSS) attacks. International Components para Unicode (ICU) en Apple Mac OS X v10.5 antes de v10.5.7 no maneja correctam... • http://bugs.icu-project.org/trac/ticket/5691 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 3%CPEs: 16EXPL: 0CVE-2009-0942
https://notcve.org/view.php?id=CVE-2009-0942
13 May 2009 — Help Viewer in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not verify that certain Cascading Style Sheets (CSS) are located in a registered help book, which allows remote attackers to execute arbitrary code via a help: URL that triggers invocation of AppleScript files. Help Viewer de Apple Mac OS X v10.4.11 y v10.5 anterior a v10.5.7 no comprueba que ciertas Hojas de Estilo en Cascada (CSS) se encuentran en un libro de ayuda registrado, lo cual permite a atacantes remotos ejecutar código arbitrario a... • http://lists.apple.com/archives/security-announce/2009/May/msg00002.html • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 35%CPEs: 14EXPL: 0CVE-2009-0155
https://notcve.org/view.php?id=CVE-2009-0155
13 May 2009 — Integer underflow in CoreGraphics in Apple Mac OS X 10.5 before 10.5.7, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF file that triggers a heap-based buffer overflow. Desbordamiento inferior de enteros en CoreGraphics en Apple Mac OS X v10.5 antes de v10.5.7 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (cuelgue de apl... • http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 0%CPEs: 14EXPL: 0CVE-2009-0157
https://notcve.org/view.php?id=CVE-2009-0157
13 May 2009 — Heap-based buffer overflow in CFNetwork in Apple Mac OS X 10.5 before 10.5.7 allows remote web servers to execute arbitrary code or cause a denial of service (application crash) via long HTTP headers. Desbordamiento de búfer basado pila en CFNetwork en Apple Mac OS X v10.5 antes de v10.5.7 permite a servidores web remotos ejecutar código arbitrario o causar una denegación de servicio (cuelgue de aplicación) a través de cabeceras HTTP largas. • http://lists.apple.com/archives/security-announce/2009/May/msg00002.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 1%CPEs: 13EXPL: 0CVE-2009-0144
https://notcve.org/view.php?id=CVE-2009-0144
13 May 2009 — CFNetwork in Apple Mac OS X 10.5 before 10.5.7 does not properly parse noncompliant Set-Cookie headers, which allows remote attackers to obtain sensitive information by sniffing the network for "secure cookies" that are sent over unencrypted HTTP connections. CFNetwork en Apple Mac OS X v10.5 antes de v10.5.7 no analiza adecuadamente las cabeceras Set-Cookie no válidas, lo cual permite a atacantes remotos obtener información sensible mediante la captura de trafico de la red de "cookies seguras" que son envi... • http://lists.apple.com/archives/security-announce/2009/May/msg00002.html • CWE-16: Configuration •
CVSS: 8.8EPSS: 7%CPEs: 16EXPL: 0CVE-2009-0160
https://notcve.org/view.php?id=CVE-2009-0160
13 May 2009 — QuickDraw Manager in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image that triggers memory corruption. QuickDraw Manager en Apple Mac OS X v10.4.11 y v10.5 antes de v10.5.7 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (cuelgue de aplicación) a través de una imagen PICT elaborado lo que provoca la corrupción de memoria. • http://lists.apple.com/archives/security-announce/2009/May/msg00002.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •