CVSS: 9.3EPSS: 21%CPEs: 20EXPL: 0CVE-2009-2188
https://notcve.org/view.php?id=CVE-2009-2188
06 Aug 2009 — Buffer overflow in ImageIO in Apple Mac OS X 10.5 before 10.5.8, and Safari before 4.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image with crafted EXIF metadata. Desbordamiento de búfer en ImageIO en Apple Mac OS X v10.5 anterior a v10.5.8 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (cuelgue de aplicación) a través de una imagen con metadatos EXIF manipulados. • http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 7%CPEs: 20EXPL: 0CVE-2009-2190
https://notcve.org/view.php?id=CVE-2009-2190
06 Aug 2009 — launchd in Apple Mac OS X 10.5 before 10.5.8 allows remote attackers to cause a denial of service (individual service outage) by making many connections to an inetd-based launchd service. launchd en Apple Mac OS X v10.5 anterior a v10.5.8 permite a atacantes remotos provocar una denegación de servicio (corte de servicio individual) haciendo muchas conexiones a un servicio lanzado basado en inetd-based. • http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html • CWE-399: Resource Management Errors •
CVSS: 8.8EPSS: 6%CPEs: 8EXPL: 0CVE-2009-2191
https://notcve.org/view.php?id=CVE-2009-2191
06 Aug 2009 — Format string vulnerability in Login Window in Apple Mac OS X 10.4.11 and 10.5 before 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in an application name. Vulnerabilidad de formato de cadena en la ventana de inicio de sesión (Login Window) en Apple Mac OS X v10.4.11 y v10.5 anterior a v10.5.8 permite a atacantes ejecutar código arbitrario o causar una denegación de servicio (cuelgue de aplicación) a través de especificadores ... • http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html • CWE-134: Use of Externally-Controlled Format String •
CVSS: 10.0EPSS: 21%CPEs: 19EXPL: 0CVE-2009-2193
https://notcve.org/view.php?id=CVE-2009-2193
06 Aug 2009 — Buffer overflow in the kernel in Apple Mac OS X 10.5 before 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a crafted AppleTalk response packet. Desbordamiento de búfer en el núcleo de Apple Mac OS X v10.5 anteriores a v10.5.8 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída del sistema) a través de un paquete de respuesta AppleTalk manipulado. • http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 20EXPL: 0CVE-2009-2194
https://notcve.org/view.php?id=CVE-2009-2194
06 Aug 2009 — Apple Mac OS X 10.5 before 10.5.8 does not properly share file descriptors over local sockets, which allows local users to cause a denial of service (system crash) by placing file descriptors in messages sent to a socket that has no receiver, related to a "synchronization issue." Apple Mac OS X v10.5 anterior a v10.5.8 no comparte correctamente los descriptores de archivos sobre sockets locales, lo cual permite a usuarios locales provocar una denegación de servicio (caida del sistema) mediante la colocación... • http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html •
CVSS: 6.1EPSS: 2%CPEs: 20EXPL: 0CVE-2009-1723
https://notcve.org/view.php?id=CVE-2009-1723
06 Aug 2009 — CFNetwork in Apple Mac OS X 10.5 before 10.5.8 places an incorrect URL in a certificate warning in certain 302 redirection scenarios, which makes it easier for remote attackers to trick a user into visiting an arbitrary https web site by leveraging an open redirect vulnerability, a different issue than CVE-2009-2062. CFNetwork en Apple Mac OS X v10.5 anterior a v10.5.8 coloca una URL incorrecta en una advertencia de certificado en algunos escenarios de redirección 302, lo cual hace más fácil para los atacan... • http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html •
CVSS: 7.2EPSS: 0%CPEs: 20EXPL: 0CVE-2009-0151
https://notcve.org/view.php?id=CVE-2009-0151
06 Aug 2009 — The screen saver in Dock in Apple Mac OS X 10.5 before 10.5.8 does not prevent four-finger Multi-Touch gestures, which allows physically proximate attackers to bypass locking and "manage applications or use Expose" via unspecified vectors. El protector de pantalla en el Dock en Apple Mac OS X v10.5 anterior a v10.5.8 no previene gestos multi-tactiles cuatro-dedos (four-finger Multi-Touch), lo cual permite a atacantes próximos físicamente eludir el bloqueo y "gestionar aplicaciones o exposición al uso" a tra... • http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html •
CVSS: 9.8EPSS: 4%CPEs: 5EXPL: 1CVE-2009-2422
https://notcve.org/view.php?id=CVE-2009-2422
10 Jul 2009 — The example code for the digest authentication functionality (http_authentication.rb) in Ruby on Rails before 2.3.3 defines an authenticate_or_request_with_http_digest block that returns nil instead of false when the user does not exist, which allows context-dependent attackers to bypass authentication for applications that are derived from this example by sending an invalid username without a password. El código de ejemplo para la funcionalidad de autenticación digest (http_authentication.rb) en Ruby on Ra... • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 22%CPEs: 39EXPL: 0CVE-2009-1719 – Apple Java CColourUIResource Pointer Dereference Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2009-1719
16 Jun 2009 — The Aqua Look and Feel for Java implementation in Java 1.5 on Mac OS X 10.5 allows remote attackers to execute arbitrary code via a call to the undocumented apple.laf.CColourUIResource constructor with a crafted value in the first argument, which is dereferenced as a pointer. Aqua Look and Feel para la implementación de Java en Java v1.5 en Mac OS X 10.5 permite a atacantes remotos ejecutar código arbitrario a través de una llamada a los indocumentados. El constructor apple.laf.CColourUIResource con un valo... • http://lists.apple.com/archives/security-announce/2009/Jun/msg00003.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 31%CPEs: 15EXPL: 3CVE-2009-0949 – CUPS 1.3.9 - 'cups/ipp.c' Null Pointer Dereference Denial of Service
https://notcve.org/view.php?id=CVE-2009-0949
09 Jun 2009 — The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10 does not properly initialize memory for IPP request packets, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a scheduler request with two consecutive IPP_TAG_UNSUPPORTED tags. La función ippReadIO en cups/ipp.c en cupsd en CUPS antes de la versión 1.3.10 no inicia de manera apropiada la memoria para paquetes de solicitud IPP, lo que permite a atacantes remotos provocar una denegació... • https://www.exploit-db.com/exploits/33020 • CWE-476: NULL Pointer Dereference CWE-908: Use of Uninitialized Resource •