CVSS: 5.5EPSS: 0%CPEs: 16EXPL: 0CVE-2009-0156
https://notcve.org/view.php?id=CVE-2009-0156
13 May 2009 — Launch Services in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to cause a denial of service (persistent Finder crash) via a crafted Mach-O executable that triggers an out-of-bounds memory read. Launch Services en Apple Mac OS X v10.4.11 y v10.5 antes de v10.5.7 permite a atacantes remotos provocar una denegación de servicio (cuelgue persistente de Finder) a través de un ejecutable elaborado "Mach-O" que desencadena una lectura fuera de los límites de memoria. • http://lists.apple.com/archives/security-announce/2009/May/msg00002.html • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 1%CPEs: 14EXPL: 0CVE-2009-0157
https://notcve.org/view.php?id=CVE-2009-0157
13 May 2009 — Heap-based buffer overflow in CFNetwork in Apple Mac OS X 10.5 before 10.5.7 allows remote web servers to execute arbitrary code or cause a denial of service (application crash) via long HTTP headers. Desbordamiento de búfer basado pila en CFNetwork en Apple Mac OS X v10.5 antes de v10.5.7 permite a servidores web remotos ejecutar código arbitrario o causar una denegación de servicio (cuelgue de aplicación) a través de cabeceras HTTP largas. • http://lists.apple.com/archives/security-announce/2009/May/msg00002.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 1%CPEs: 16EXPL: 0CVE-2009-0158
https://notcve.org/view.php?id=CVE-2009-0158
13 May 2009 — Stack-based buffer overflow in telnet in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long hostname for a telnet server. Desbordamiento de búfer basado en pila en telnet en Apple Mac OS X v10.4.11 y v10.5 antes de v10.5.7 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (cuelgue de aplicación) a través de un nombre de host largo para un servidor telnet. • http://lists.apple.com/archives/security-announce/2009/May/msg00002.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 1%CPEs: 16EXPL: 0CVE-2009-0160
https://notcve.org/view.php?id=CVE-2009-0160
13 May 2009 — QuickDraw Manager in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image that triggers memory corruption. QuickDraw Manager en Apple Mac OS X v10.4.11 y v10.5 antes de v10.5.7 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (cuelgue de aplicación) a través de una imagen PICT elaborado lo que provoca la corrupción de memoria. • http://lists.apple.com/archives/security-announce/2009/May/msg00002.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.4EPSS: 0%CPEs: 14EXPL: 0CVE-2009-0161
https://notcve.org/view.php?id=CVE-2009-0161
13 May 2009 — The OpenSSL::OCSP module for Ruby in Apple Mac OS X 10.5 before 10.5.7 misinterprets an unspecified invalid response as a successful OCSP certificate validation, which might allow remote attackers to spoof certificate authentication via a revoked certificate. El módulo OpenSSL::OCSP de Ruby en Apple Mac OS X v10.5 anterior a v10.5.7 malinterpreta una respuesta no válida no especificada como un certificado de validación OCSP válido, lo que podría permitir a atacantes remotos falsear certificados de autentica... • http://lists.apple.com/archives/security-announce/2009/May/msg00002.html • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 1%CPEs: 70EXPL: 1CVE-2009-0162 – Apple Safari 3.2.2 - 'feed:' URI Multiple Input Validation Vulnerabilities
https://notcve.org/view.php?id=CVE-2009-0162
13 May 2009 — Cross-site scripting (XSS) vulnerability in Safari before 3.2.3, and 4 Public Beta, on Apple Mac OS X 10.5 before 10.5.7 and Windows allows remote attackers to inject arbitrary web script or HTML via a crafted feed: URL. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Safari v3.2.3 y v4 Beta Pública, en el Apple Mac OS X v10.5 y anteriores a v10.5.7 y Windows permite a atacantes remotos inyectar script web arbitrario o HTML a través de una suscripción manipulada: URL. • https://www.exploit-db.com/exploits/32994 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 1%CPEs: 16EXPL: 0CVE-2009-0942
https://notcve.org/view.php?id=CVE-2009-0942
13 May 2009 — Help Viewer in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not verify that certain Cascading Style Sheets (CSS) are located in a registered help book, which allows remote attackers to execute arbitrary code via a help: URL that triggers invocation of AppleScript files. Help Viewer de Apple Mac OS X v10.4.11 y v10.5 anterior a v10.5.7 no comprueba que ciertas Hojas de Estilo en Cascada (CSS) se encuentran en un libro de ayuda registrado, lo cual permite a atacantes remotos ejecutar código arbitrario a... • http://lists.apple.com/archives/security-announce/2009/May/msg00002.html • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 1%CPEs: 16EXPL: 0CVE-2009-0943
https://notcve.org/view.php?id=CVE-2009-0943
13 May 2009 — Help Viewer in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not verify that HTML pathnames are located in a registered help book, which allows remote attackers to execute arbitrary code via a help: URL that triggers invocation of AppleScript files. Help Viewer de Apple Mac OS X v10.4.11 y v10.5 anteriores a v10.5.7 no verifica que las rutas HTML esten localizadas en un libro de ayuda registrado, lo cual permite a atacantes remotos ejecutar código arbitrario a través de una URL help: la que desencadena... • http://lists.apple.com/archives/security-announce/2009/May/msg00002.html • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 1%CPEs: 16EXPL: 0CVE-2009-0944
https://notcve.org/view.php?id=CVE-2009-0944
13 May 2009 — The Microsoft Office Spotlight Importer in Spotlight in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not properly validate Microsoft Office files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a file that triggers memory corruption. Microsoft Office Spotlight Importer en Apple Mac OS X v10.4.11 y v10.5 anterior a v10.5.7 no valida adecuadamente los archivos de Microsoft Office, lo cual permite a atacantes remotos ejecutar código arbitrario... • http://lists.apple.com/archives/security-announce/2009/May/msg00002.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 16%CPEs: 16EXPL: 0CVE-2009-0154 – Apple OS X ATSServer Compact Font Format Parsing Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2009-0154
13 May 2009 — Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to execute arbitrary code via a crafted Compact Font Format (CFF) font. Desbordamiento de búfer basado en pila en Apple Type Services (ATS) en Apple Mac OS X v10.4.11 y v10.5 antes de v10.5.7 permite a atacantes remotos ejecutar código arbitrario a través de una fuente Compact Font Format (CFF) elaborada. This vulnerability allows remote attackers to execute arbitrary code on vuln... • http://lists.apple.com/archives/security-announce/2009/May/msg00002.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •