CVSS: 6.8EPSS: 2%CPEs: 16EXPL: 0CVE-2009-1717
https://notcve.org/view.php?id=CVE-2009-1717
Integer overflow in Terminal in Apple Mac OS X 10.5 before 10.5.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted size value in a CSI[4 xterm resize escape sequence that triggers a heap-based buffer overflow. Vulnerabilidad de desbordamiento de entero en Terminal de Apple Mac OS X en sus versiones v10.5 anteriores a v10.5.7. Permite a atacantes remotos ejecutar código de su elección o ejecutar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de valores de tamaño manipulados en la secuencia de escape de redimensionamiento de xterm CSI[4, lo que provoca un desbordamiento de buffer de la memoria dinámica (heap). • http://dvlabs.tippingpoint.com/advisory/TPTI-09-04 http://securitytracker.com/id?1022322 http://support.apple.com/kb/HT3549 http://www.securityfocus.com/archive/1/504031/100/0/threaded http://www.securityfocus.com/bid/35182 https://exchange.xforce.ibmcloud.com/vulnerabilities/50982 • CWE-189: Numeric Errors •
CVSS: 6.8EPSS: 5%CPEs: 16EXPL: 0CVE-2009-0943
https://notcve.org/view.php?id=CVE-2009-0943
Help Viewer in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not verify that HTML pathnames are located in a registered help book, which allows remote attackers to execute arbitrary code via a help: URL that triggers invocation of AppleScript files. Help Viewer de Apple Mac OS X v10.4.11 y v10.5 anteriores a v10.5.7 no verifica que las rutas HTML esten localizadas en un libro de ayuda registrado, lo cual permite a atacantes remotos ejecutar código arbitrario a través de una URL help: la que desencadena la invocación de archivos AppleScript. • http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://secunia.com/advisories/35074 http://support.apple.com/kb/HT3549 http://www.securityfocus.com/bid/34926 http://www.securitytracker.com/id?1022216 http://www.us-cert.gov/cas/techalerts/TA09-133A.html http://www.vupen.com/english/advisories/2009/1297 https://exchange.xforce.ibmcloud.com/vulnerabilities/50486 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 1%CPEs: 16EXPL: 0CVE-2009-0156
https://notcve.org/view.php?id=CVE-2009-0156
Launch Services in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to cause a denial of service (persistent Finder crash) via a crafted Mach-O executable that triggers an out-of-bounds memory read. Launch Services en Apple Mac OS X v10.4.11 y v10.5 antes de v10.5.7 permite a atacantes remotos provocar una denegación de servicio (cuelgue persistente de Finder) a través de un ejecutable elaborado "Mach-O" que desencadena una lectura fuera de los límites de memoria. • http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://secunia.com/advisories/35074 http://support.apple.com/kb/HT3549 http://www.securityfocus.com/bid/34926 http://www.securityfocus.com/bid/34932 http://www.securitytracker.com/id?1022215 http://www.us-cert.gov/cas/techalerts/TA09-133A.html http://www.vupen.com/english/advisories/2009/1297 https://exchange.xforce.ibmcloud.com/vulnerabilities/50490 • CWE-20: Improper Input Validation •
CVSS: 4.4EPSS: 0%CPEs: 16EXPL: 0CVE-2009-0149
https://notcve.org/view.php?id=CVE-2009-0149
Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows local users to gain privileges or cause a denial of service (application crash) by attempting to mount a crafted sparse disk image that triggers memory corruption. Apple Mac OS X v10.4.11 y v10.5 antes de v10.5.7 permite a usuarios locales obtener privilegios o provocar una denegación de servicio (cuelgue de aplicación) por tratar de montar una imagen de disco (disperso) elaborado lo cual provoca la corrupción de memoria. • http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://secunia.com/advisories/35074 http://support.apple.com/kb/HT3549 http://www.securityfocus.com/bid/34926 http://www.securityfocus.com/bid/34942 http://www.securitytracker.com/id?1022217 http://www.us-cert.gov/cas/techalerts/TA09-133A.html http://www.vupen.com/english/advisories/2009/1297 https://exchange.xforce.ibmcloud.com/vulnerabilities/50484 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 14EXPL: 0CVE-2009-0153 – icu: XSS vulnerability due to improper invalid byte sequence handling
https://notcve.org/view.php?id=CVE-2009-0153
International Components for Unicode (ICU) 4.0, 3.6, and other 3.x versions, as used in Apple Mac OS X 10.5 before 10.5.7, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Fedora 9 and 10, and possibly other operating systems, does not properly handle invalid byte sequences during Unicode conversion, which might allow remote attackers to conduct cross-site scripting (XSS) attacks. International Components para Unicode (ICU) en Apple Mac OS X v10.5 antes de v10.5.7 no maneja correctamente las secuencias de bytes no válidos durante la conversión a Unicode, lo cual podría permitir a atacantes remotos realizar ataques de secuencias de comandos en sitios cruzados (XSS). • http://bugs.icu-project.org/trac/ticket/5691 http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html http://secunia.com/advisories/35074 http://secunia.com/advisories/35379 http://secunia.com/advisories/35436 http://secunia.com/advisories/35498 http://secunia.com/advisories/35584 http://support.apple.com/kb/HT3549 htt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •