CVSS: 9.3EPSS: 90%CPEs: 81EXPL: 1CVE-2009-2195 – WebKit - Floating Point Number Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2009-2195
Buffer overflow in WebKit in Apple Safari before 4.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted floating-point numbers. Desbordamiento de búfer en WebKit en Apple Safari anteriores a v4.0.3, permite a los atacantes remotos ejecutar arbitrariamente código o causar una denegación de servicio (caída de la aplicación) a través de un número punto-flotante manipulado. • https://www.exploit-db.com/exploits/33164 http://lists.apple.com/archives/security-announce/2009/Aug/msg00002.html http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/43068 http://support.apple.com/kb/HT3733 http://support.apple.com/kb/HT4225 http://www.securityfocus.com/bid/36023 http://www.securitytracker.com/id?1022717 http://www.vupen.com/english/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 0%CPEs: 11EXPL: 0CVE-2009-2196
https://notcve.org/view.php?id=CVE-2009-2196
Unspecified vulnerability in Apple Safari 4 before 4.0.3 allows remote web servers to place an arbitrary web site in the Top Sites view, and possibly conduct phishing attacks, via unknown vectors. Vulnerabilidad no especificada en Apple Safari 4 anteriores a v4.0.3 que permite a los servidores web remotos colocar un sitio web arbitrario en la vista "Top Sites", y posiblemente conducir un ataque de phishing, a través de vectores desconocidos. • http://lists.apple.com/archives/security-announce/2009/Aug/msg00002.html http://support.apple.com/kb/HT3733 http://www.securityfocus.com/bid/36022 http://www.securitytracker.com/id?1022718 •
CVSS: 6.5EPSS: 0%CPEs: 38EXPL: 0CVE-2009-2416 – mingw32-libxml2: Pointer use-after-free flaws by parsing Notation and Enumeration attribute types
https://notcve.org/view.php?id=CVE-2009-2416
Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework. Múltiples vulnerabilidades de uso anterior a la liberación en libxml2 v2.5.10, v2.6.16, v2.6.26, v2.6.27, y v2.6.32, y libxml v1.8.17, permite a atacantes dependientes de contexto producir una denegación de servicio (caída de aplicación) a través de una ,manipulación de (1) una notación o (2) tipos de atributo de enumeración en un fichero XML como se demostró en Codenomicon XML fuzzing framework. • http://googlechromereleases.blogspot.com/2009/08/stable-update-security-fixes.html http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html http://lists.apple.com/archives/security-announce/2009/Nov/msg00001.html http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html http://secunia.com/advisories/35036 http://secunia.com/advisories/36207 http://secunia.com/advisories/36338 http://secunia • CWE-416: Use After Free •
CVSS: 6.8EPSS: 10%CPEs: 44EXPL: 0CVE-2009-1728
https://notcve.org/view.php?id=CVE-2009-1728
Stack-based buffer overflow in Image RAW in Apple Mac OS X 10.5 before 10.5.8, and 10.4 before Digital Camera RAW Compatibility Update 2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Canon RAW image. Desbordamiento de Pila basado en búfer en Image RAW en Apple Mac OS X v10.5 anterior a v10.5.8, y v10.4 anterior a Digital Camera RAW Compatibility Update v2.6(actualización de compatibilidad con cámara digital RAW v2.6), permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (cuelgue de aplicación) a través de una imagen Canon RAW manipulada. • http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html http://osvdb.org/56843 http://secunia.com/advisories/36096 http://support.apple.com/kb/HT3757 http://www.securityfocus.com/bid/35954 http://www.securitytracker.com/id?1022674 http://www.us-cert.gov/cas/techalerts/TA09-218A.html http://www.vupen.com/english/advisories/2009/2172 https://exchange.xforce.ibmcloud.com/vulnerabilities/52423 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 0%CPEs: 13EXPL: 0CVE-2009-1721
https://notcve.org/view.php?id=CVE-2009-1721
The decompression implementation in the Imf::hufUncompress function in OpenEXR 1.2.2 and 1.6.1 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger a free of an uninitialized pointer. La implementación de la descompresión en la función Imf::hufUncompress en OpenEXR v1.2.2 y v1.6.1 permite a los atacantes dependientes del contexto provocar una denegación de servicio (finalización de la aplicación) o posiblemente ejecutar código de su elección mediante vectores que provocan una estructura de punteros no inicializados. • http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00000.html http://release.debian.org/proposed-updates/stable_diffs/openexr_1.6.1-3%2Blenny3.debdiff http://secunia.com/advisories/36030 http://secunia.com/advisories/36032 http://secunia.com/advisories/36096 http://secunia.com/advisories/36123 http://secunia.com/advisories/36753 http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2&# • CWE-824: Access of Uninitialized Pointer •