CVSS: 9.3EPSS: 18%CPEs: 20EXPL: 0CVE-2009-2188
https://notcve.org/view.php?id=CVE-2009-2188
06 Aug 2009 — Buffer overflow in ImageIO in Apple Mac OS X 10.5 before 10.5.8, and Safari before 4.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image with crafted EXIF metadata. Desbordamiento de búfer en ImageIO en Apple Mac OS X v10.5 anterior a v10.5.8 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (cuelgue de aplicación) a través de una imagen con metadatos EXIF manipulados. • http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 11%CPEs: 22EXPL: 0CVE-2009-1726
https://notcve.org/view.php?id=CVE-2009-1726
06 Aug 2009 — Heap-based buffer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5 before 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image containing an embedded ColorSync profile. Desbordamiento de búfer basado en memoria dinámica en ColorSync en Apple Mac OS X v10.4.11 y v10.5 anterior a v10.5.8 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (cuelgue de aplicación) a través de una imagen manipu... • http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.1EPSS: 0%CPEs: 19EXPL: 0CVE-2009-1727
https://notcve.org/view.php?id=CVE-2009-1727
06 Aug 2009 — Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X 10.5 before 10.5.8 makes it easier for user-assisted remote attackers to execute arbitrary JavaScript via a web page that offers a download with a Content-Type value that is not on the list of possibly unsafe content types for Safari. Vulnerabilidad de lista negra incompleta en CoreTypes en Apple Mac OS X v10.5 anterior a v10.5.8 hace mas fácil a atacantes remotos asistidos por usuarios ejecutar código JavaScript arbitrario a través de una pa... • http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html •
CVSS: 7.8EPSS: 1%CPEs: 20EXPL: 0CVE-2009-2190
https://notcve.org/view.php?id=CVE-2009-2190
06 Aug 2009 — launchd in Apple Mac OS X 10.5 before 10.5.8 allows remote attackers to cause a denial of service (individual service outage) by making many connections to an inetd-based launchd service. launchd en Apple Mac OS X v10.5 anterior a v10.5.8 permite a atacantes remotos provocar una denegación de servicio (corte de servicio individual) haciendo muchas conexiones a un servicio lanzado basado en inetd-based. • http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html • CWE-399: Resource Management Errors •
CVSS: 9.1EPSS: 0%CPEs: 20EXPL: 0CVE-2009-2192
https://notcve.org/view.php?id=CVE-2009-2192
06 Aug 2009 — MobileMe in Apple Mac OS X 10.5 before 10.5.8 does not properly delete credentials upon signout from the preference pane, which makes it easier for attackers to hijack a MobileMe session via unspecified vectors, related to a "logic issue." MobileMe en Apple Mac OS X 10.5 anterior a v10.5.8 no elimina adecuadamente las credenciales al salir del panel de preferencias, lo cual hace más fácil para los atacantes secuestrar una sesión MobileMe a través de vectores no especificados, relacionado con una "cuestión l... • http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html • CWE-255: Credentials Management Errors •
CVSS: 7.2EPSS: 0%CPEs: 20EXPL: 0CVE-2009-0151
https://notcve.org/view.php?id=CVE-2009-0151
06 Aug 2009 — The screen saver in Dock in Apple Mac OS X 10.5 before 10.5.8 does not prevent four-finger Multi-Touch gestures, which allows physically proximate attackers to bypass locking and "manage applications or use Expose" via unspecified vectors. El protector de pantalla en el Dock en Apple Mac OS X v10.5 anterior a v10.5.8 no previene gestos multi-tactiles cuatro-dedos (four-finger Multi-Touch), lo cual permite a atacantes próximos físicamente eludir el bloqueo y "gestionar aplicaciones o exposición al uso" a tra... • http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html •
CVSS: 6.1EPSS: 0%CPEs: 20EXPL: 0CVE-2009-1723
https://notcve.org/view.php?id=CVE-2009-1723
06 Aug 2009 — CFNetwork in Apple Mac OS X 10.5 before 10.5.8 places an incorrect URL in a certificate warning in certain 302 redirection scenarios, which makes it easier for remote attackers to trick a user into visiting an arbitrary https web site by leveraging an open redirect vulnerability, a different issue than CVE-2009-2062. CFNetwork en Apple Mac OS X v10.5 anterior a v10.5.8 coloca una URL incorrecta en una advertencia de certificado en algunos escenarios de redirección 302, lo cual hace más fácil para los atacan... • http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 1CVE-2009-2422 – Gentoo Linux Security Advisory 200912-2
https://notcve.org/view.php?id=CVE-2009-2422
10 Jul 2009 — The example code for the digest authentication functionality (http_authentication.rb) in Ruby on Rails before 2.3.3 defines an authenticate_or_request_with_http_digest block that returns nil instead of false when the user does not exist, which allows context-dependent attackers to bypass authentication for applications that are derived from this example by sending an invalid username without a password. El código de ejemplo para la funcionalidad de autenticación digest (http_authentication.rb) en Ruby on Ra... • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 3%CPEs: 39EXPL: 0CVE-2009-1719 – Apple Java CColourUIResource Pointer Dereference Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2009-1719
16 Jun 2009 — The Aqua Look and Feel for Java implementation in Java 1.5 on Mac OS X 10.5 allows remote attackers to execute arbitrary code via a call to the undocumented apple.laf.CColourUIResource constructor with a crafted value in the first argument, which is dereferenced as a pointer. Aqua Look and Feel para la implementación de Java en Java v1.5 en Mac OS X 10.5 permite a atacantes remotos ejecutar código arbitrario a través de una llamada a los indocumentados. El constructor apple.laf.CColourUIResource con un valo... • http://lists.apple.com/archives/security-announce/2009/Jun/msg00003.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 2%CPEs: 16EXPL: 0CVE-2009-1717 – Apple Terminal xterm Resize Escape Sequence Memory Corruption
https://notcve.org/view.php?id=CVE-2009-1717
03 Jun 2009 — Integer overflow in Terminal in Apple Mac OS X 10.5 before 10.5.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted size value in a CSI[4 xterm resize escape sequence that triggers a heap-based buffer overflow. Vulnerabilidad de desbordamiento de entero en Terminal de Apple Mac OS X en sus versiones v10.5 anteriores a v10.5.7. Permite a atacantes remotos ejecutar código de su elección o ejecutar una denegación de servicio (... • http://dvlabs.tippingpoint.com/advisory/TPTI-09-04 • CWE-189: Numeric Errors •