CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2009-2801
https://notcve.org/view.php?id=CVE-2009-2801
30 Mar 2010 — The Application Firewall in Apple Mac OS X 10.5.8 drops unspecified firewall rules after a reboot, which might allow remote attackers to bypass intended access restrictions via packet data, related to a "timing issue." La aplicación Firewall en Apple Mac OS X v10.5.8 borra reglas firewall no especificadas después de rearrancar, lo que puede permitir a atacantes superar las restricciones de acceso establecidas a través de un paquete de datos, relacionado con el tema "timing". • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.1EPSS: 0%CPEs: 26EXPL: 0CVE-2010-0057
https://notcve.org/view.php?id=CVE-2010-0057
30 Mar 2010 — AFP Server in Apple Mac OS X before 10.6.3 does not prevent guest use of AFP shares when guest access is disabled, which allows remote attackers to bypass intended access restrictions via a mount request. AFP Server en Apple Mac OS X en versiones anteriores a la v10.6.3 no previene el uso de invitado de los elementos compartidos de AFP cuando el acceso de invitado está deshabilitado, lo que permite a atacantes remotos evitar las restricciones de aceso previstas a través de una petición de montaje. • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 4%CPEs: 6EXPL: 0CVE-2010-0059 – Apple QuickTime QDM2/QDCA Atom Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0059
30 Mar 2010 — CoreAudio in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted audio content with QDM2 encoding, which triggers a buffer overflow due to inconsistent length fields, related to QDCA. CoreAudio en Apple Mac OS X anterior v10.6.3 permite a atacantse remotos ejecutar código de su elección o causar una denegación de servicio (corrupción de memoria o caída de programa) a través de un contenido de audio ... • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2010-0058
https://notcve.org/view.php?id=CVE-2010-0058
30 Mar 2010 — freshclam in ClamAV in Apple Mac OS X 10.5.8 with Security Update 2009-005 has an incorrect launchd.plist ProgramArguments key and consequently does not run, which might allow remote attackers to introduce viruses into the system. freshclam en ClamAV en Apple Mac OS X v10.5.8 con Security Update 2009-005 una clave aunchd.plist ProgramArgument incorrecta y consecuentemente no se ejecuta, lo que peude permitir a atacantes remotos introducir virus en el sistema. • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html • CWE-16: Configuration •
CVSS: 10.0EPSS: 28%CPEs: 108EXPL: 1CVE-2010-1119 – Apple Webkit Attribute Child Removal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-1119
25 Mar 2010 — Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Safari before 4.1 on Mac OS X 10.4, and Safari on Apple iPhone OS allows remote attackers to execute arbitrary code or cause a denial of service (application crash), or read the SMS database or other data, via vectors related to "attribute manipulation," as demonstrated by Vincenzo Iozzo and Ralf Philipp Weinmann during a Pwn2Own competition at CanSecWest 2010. Una vulnerabilidad de uso de memoria pr... • https://www.exploit-db.com/exploits/16974 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 5%CPEs: 16EXPL: 0CVE-2010-0302 – cups Incomplete fix for CVE-2009-3553
https://notcve.org/view.php?id=CVE-2010-0302
05 Mar 2010 — Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS before 1.4.4, when kqueue or epoll is used, allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability ex... • http://cups.org/articles.php?L596 • CWE-416: Use After Free •
CVSS: 9.3EPSS: 4%CPEs: 4EXPL: 0CVE-2010-0037
https://notcve.org/view.php?id=CVE-2010-0037
20 Jan 2010 — Buffer overflow in Image RAW in Apple Mac OS X 10.5.8 and 10.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted DNG image. Desbordamiento de búfer en Image RAW en Apple Mac OS X v10.5.8 y v10.6.2 permite a atacantes remotos ejecutar código arbitrario o producir una denegación de servicio (caída de aplicación) a través de una imagen DNG manipulada. • http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 1%CPEs: 4EXPL: 0CVE-2010-0036
https://notcve.org/view.php?id=CVE-2010-0036
20 Jan 2010 — Buffer overflow in CoreAudio in Apple Mac OS X 10.5.8 and 10.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MP4 audio file. Desbordamiento de búfer en CoreAudio in Apple Mac OS X v10.5.8 y v10.6.2 permite a atacantes remotos ejecutar código arbitrario o producir una denegación de servicio (caída de aplicación) a través de un fichero de audio MP4 manipulado. • http://lists.apple.com/archives/security-announce/2010/Feb/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 0CVE-2009-2843
https://notcve.org/view.php?id=CVE-2009-2843
08 Dec 2009 — Java for Mac OS X 10.5 before Update 6 and 10.6 before Update 1 accepts expired certificates for applets, which makes it easier for remote attackers to execute arbitrary code via an applet. Java para Mac OS X 1v0.5 anterior Update v6 y v10.6 anterior Update v1 acepta certificados expirados para applets, lo que hace que sea facil para atacantes remotos ejecutar código de su elección a través de un applet. • http://lists.apple.com/archives/security-announce/2009/Dec/msg00000.html • CWE-310: Cryptographic Issues •
CVSS: 7.5EPSS: 9%CPEs: 14EXPL: 0CVE-2009-3553 – cups: Use-after-free (crash) due improper reference counting in abstract file descriptors handling interface
https://notcve.org/view.php?id=CVE-2009-3553
20 Nov 2009 — Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information. Vulnerabilidad de uso anterior a la liberación en el d... • http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html • CWE-416: Use After Free •