CVSS: 7.5EPSS: 0%CPEs: 59EXPL: 0CVE-2009-2818
https://notcve.org/view.php?id=CVE-2009-2818
10 Nov 2009 — Adaptive Firewall in Apple Mac OS X before 10.6.2 does not properly handle invalid usernames in SSH login attempts, which makes it easier for remote attackers to obtain login access via a brute-force attack (aka dictionary attack). Adaptive Firewall en Apple Mac OS X anterior a v10.6.2 no maneja adecuadamente los nombres de usuario no válidos en los intentos de login SSH, lo que facilita a atacantes remotos obtener acceso mediante un ataque de fuerza bruta (también conocido como ataque por diccionario). • http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 1%CPEs: 118EXPL: 1CVE-2009-2820 – CUPS - 'kerberos' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2009-2820
10 Nov 2009 — The web interface in CUPS before 1.4.2, as used on Apple Mac OS X before 10.6.2 and other platforms, does not properly handle (1) HTTP headers and (2) HTML templates, which allows remote attackers to conduct cross-site scripting (XSS) attacks and HTTP response splitting attacks via vectors related to (a) the product's web interface, (b) the configuration of the print system, and (c) the titles of printed jobs, as demonstrated by an XSS attack that uses the kerberos parameter to the admin program, and levera... • https://www.exploit-db.com/exploits/10001 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 118EXPL: 0CVE-2009-2823
https://notcve.org/view.php?id=CVE-2009-2823
10 Nov 2009 — The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software. El servidor Apache HTTP en Apple Mac OS X anterior v10.6.2 habilita el método HTTP TRACE, lo que permite a atacantes dirigir ejecuciones de secuencias de comandos en sitios cruzados (XSS) a través de software de clientes web no especificados. • http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 118EXPL: 0CVE-2009-2825
https://notcve.org/view.php?id=CVE-2009-2825
10 Nov 2009 — Certificate Assistant in Apple Mac OS X before 10.6.2 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. Certificate Assistant en Apple Mac OS X anterior a v10.6.2 no controla correctamente un caracter '\0' en el nombre de dominio en el campo nombre comú... • http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html • CWE-310: Cryptographic Issues •
CVSS: 7.8EPSS: 1%CPEs: 4EXPL: 0CVE-2009-2830
https://notcve.org/view.php?id=CVE-2009-2830
10 Nov 2009 — Multiple buffer overflows in Christos Zoulas file before 5.03 in Apple Mac OS X 10.6.x before 10.6.2 allow user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Common Document Format (CDF) file. NOTE: this might overlap CVE-2009-1515. Múltiples desbordamientos de búfer en fichero Christos Zoulas antes de v5.03 en Apple Mac OS X v10.6.x anterior a v10.6.2 permite a atacantes remotos asistido por usuario ejecutar código arbitrario o causar una... • http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 1%CPEs: 59EXPL: 0CVE-2009-2832
https://notcve.org/view.php?id=CVE-2009-2832
10 Nov 2009 — Buffer overflow in FTP Server in Apple Mac OS X before 10.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a CWD command specifying a pathname in a deeply nested hierarchy of directories, related to a "CWD command line tool." Desbordamiento de bufer en FTP Server en Apple Mac OS X anterior v10.6.2 permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (caída de demonio) a través de un comando CWD especificando un no... • http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 118EXPL: 0CVE-2009-2834
https://notcve.org/view.php?id=CVE-2009-2834
10 Nov 2009 — IOKit in Apple Mac OS X before 10.6.2 allows local users to modify the firmware of a (1) USB or (2) Bluetooth keyboard via unspecified vectors. IOKit en Apple Mac OS X anterior v10.6.2 permite a usuarios locales modificar el firmware de (1) USB o (2) teclado Bluetooth a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.1EPSS: 0%CPEs: 118EXPL: 0CVE-2009-2835
https://notcve.org/view.php?id=CVE-2009-2835
10 Nov 2009 — The kernel in Apple Mac OS X before 10.6.2 does not properly handle task state segments, which allows local users to gain privileges, cause a denial of service (system crash), or obtain sensitive information via unspecified vectors. El núcleo de Apple Mac OS X anterior a v10.6.2 no controla correctamente los segmentos de estado de la tarea, lo que permite a usuarios locales obtener privilegios, provocar una denegación de servicio (cuelgue del sistema), u obtener información sensible a través de vectores no ... • http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html • CWE-20: Improper Input Validation •
CVSS: 8.1EPSS: 0%CPEs: 4EXPL: 0CVE-2009-2836
https://notcve.org/view.php?id=CVE-2009-2836
10 Nov 2009 — Race condition in Login Window in Apple Mac OS X 10.6.x before 10.6.2, when at least one account has a blank password, allows attackers to bypass password authentication and obtain login access to an arbitrary account via unspecified vectors. Race condition en Login Window en Apple Mac OS X v10.6.x anterior v10.6.2, cuando al menos una cuenta tiene el password en blanco, permite a atacantes superar la autenticación de password y obtener acceso a una cuenta arbitraria a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.5EPSS: 0%CPEs: 38EXPL: 0CVE-2009-2416 – mingw32-libxml2: Pointer use-after-free flaws by parsing Notation and Enumeration attribute types
https://notcve.org/view.php?id=CVE-2009-2416
11 Aug 2009 — Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework. Múltiples vulnerabilidades de uso anterior a la liberación en libxml2 v2.5.10, v2.6.16, v2.6.26, v2.6.27, y v2.6.32, y libxml v1.8.17, permite a atacantes dependientes de contexto p... • http://googlechromereleases.blogspot.com/2009/08/stable-update-security-fixes.html • CWE-416: Use After Free •