CVSS: 4.9EPSS: 0%CPEs: 20EXPL: 0CVE-2009-2194
https://notcve.org/view.php?id=CVE-2009-2194
Apple Mac OS X 10.5 before 10.5.8 does not properly share file descriptors over local sockets, which allows local users to cause a denial of service (system crash) by placing file descriptors in messages sent to a socket that has no receiver, related to a "synchronization issue." Apple Mac OS X v10.5 anterior a v10.5.8 no comparte correctamente los descriptores de archivos sobre sockets locales, lo cual permite a usuarios locales provocar una denegación de servicio (caida del sistema) mediante la colocación de descriptores de archivo en los mensajes enviados a un socket que no tiene el receptor, relaccionado con una "incidencia de sincronización". • http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html http://osvdb.org/56836 http://secunia.com/advisories/36096 http://support.apple.com/kb/HT3757 http://www.securityfocus.com/bid/35954 http://www.securitytracker.com/id?1022672 http://www.us-cert.gov/cas/techalerts/TA09-218A.html http://www.vupen.com/english/advisories/2009/2172 https://exchange.xforce.ibmcloud.com/vulnerabilities/52439 •
CVSS: 6.8EPSS: 2%CPEs: 19EXPL: 0CVE-2009-1727
https://notcve.org/view.php?id=CVE-2009-1727
Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X 10.5 before 10.5.8 makes it easier for user-assisted remote attackers to execute arbitrary JavaScript via a web page that offers a download with a Content-Type value that is not on the list of possibly unsafe content types for Safari. Vulnerabilidad de lista negra incompleta en CoreTypes en Apple Mac OS X v10.5 anterior a v10.5.8 hace mas fácil a atacantes remotos asistidos por usuarios ejecutar código JavaScript arbitrario a través de una pagina web que ofrece una descarga con un valor Content-Type que no esta en la lista de posibles tipos de contenido inseguros para Safari. • http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html http://osvdb.org/56844 http://secunia.com/advisories/36096 http://support.apple.com/kb/HT3757 http://www.securityfocus.com/bid/35954 http://www.us-cert.gov/cas/techalerts/TA09-218A.html http://www.vupen.com/english/advisories/2009/2172 https://exchange.xforce.ibmcloud.com/vulnerabilities/52420 •
CVSS: 9.3EPSS: 22%CPEs: 22EXPL: 0CVE-2009-1726
https://notcve.org/view.php?id=CVE-2009-1726
Heap-based buffer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5 before 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image containing an embedded ColorSync profile. Desbordamiento de búfer basado en memoria dinámica en ColorSync en Apple Mac OS X v10.4.11 y v10.5 anterior a v10.5.8 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (cuelgue de aplicación) a través de una imagen manipulada que contiene un perfil ColorSync incrustado. • http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html http://osvdb.org/56845 http://secunia.com/advisories/36096 http://secunia.com/advisories/40105 http://secunia.com/advisories/40196 http://support.apple.com/kb/HT3757 http://support.apple.com/kb/HT4196 http://support.apple.com/kb/HT4220 http://www.se • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 13%CPEs: 20EXPL: 0CVE-2009-2188
https://notcve.org/view.php?id=CVE-2009-2188
Buffer overflow in ImageIO in Apple Mac OS X 10.5 before 10.5.8, and Safari before 4.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image with crafted EXIF metadata. Desbordamiento de búfer en ImageIO en Apple Mac OS X v10.5 anterior a v10.5.8 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (cuelgue de aplicación) a través de una imagen con metadatos EXIF manipulados. • http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html http://lists.apple.com/archives/security-announce/2009/Aug/msg00002.html http://osvdb.org/56842 http://secunia.com/advisories/36096 http://support.apple.com/kb/HT3733 http://support.apple.com/kb/HT3757 http://www.securityfocus.com/bid/35954 http://www.securitytracker.com/id?1022674 http://www.us-cert.gov/cas/techalerts/TA09-218A.html http://www.vupen.com/english/advisories/2009/2172 https:// • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.2EPSS: 0%CPEs: 20EXPL: 0CVE-2009-0151
https://notcve.org/view.php?id=CVE-2009-0151
The screen saver in Dock in Apple Mac OS X 10.5 before 10.5.8 does not prevent four-finger Multi-Touch gestures, which allows physically proximate attackers to bypass locking and "manage applications or use Expose" via unspecified vectors. El protector de pantalla en el Dock en Apple Mac OS X v10.5 anterior a v10.5.8 no previene gestos multi-tactiles cuatro-dedos (four-finger Multi-Touch), lo cual permite a atacantes próximos físicamente eludir el bloqueo y "gestionar aplicaciones o exposición al uso" a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html http://osvdb.org/56847 http://secunia.com/advisories/36096 http://support.apple.com/kb/HT3757 http://www.securityfocus.com/bid/35954 http://www.us-cert.gov/cas/techalerts/TA09-218A.html http://www.vupen.com/english/advisories/2009/2172 https://exchange.xforce.ibmcloud.com/vulnerabilities/52421 •