CVSS: 4.3EPSS: 1%CPEs: 16EXPL: 0CVE-2009-0156
https://notcve.org/view.php?id=CVE-2009-0156
Launch Services in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to cause a denial of service (persistent Finder crash) via a crafted Mach-O executable that triggers an out-of-bounds memory read. Launch Services en Apple Mac OS X v10.4.11 y v10.5 antes de v10.5.7 permite a atacantes remotos provocar una denegación de servicio (cuelgue persistente de Finder) a través de un ejecutable elaborado "Mach-O" que desencadena una lectura fuera de los límites de memoria. • http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://secunia.com/advisories/35074 http://support.apple.com/kb/HT3549 http://www.securityfocus.com/bid/34926 http://www.securityfocus.com/bid/34932 http://www.securitytracker.com/id?1022215 http://www.us-cert.gov/cas/techalerts/TA09-133A.html http://www.vupen.com/english/advisories/2009/1297 https://exchange.xforce.ibmcloud.com/vulnerabilities/50490 • CWE-20: Improper Input Validation •
CVSS: 7.2EPSS: 0%CPEs: 16EXPL: 0CVE-2008-1517
https://notcve.org/view.php?id=CVE-2008-1517
Array index error in the xnu (Mach) kernel in Apple Mac OS X 10.5 before 10.5.7 allows local users to gain privileges or cause a denial of service (system shutdown) via unspecified vectors related to workqueues. El núcleo en Apple Mac OS X v10.5 antes de v10.5.7 no verifica los índices correctamente durante la tramitación de colas de trabajo (workqueues), lo cual permite a usuarios locales obtener privilegios o provocar una denegación de servicio (apagado del sistema) a través de vectores no especificados. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=797 http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://secunia.com/advisories/35074 http://support.apple.com/kb/HT3549 http://www.securitytracker.com/id?1022213 http://www.us-cert.gov/cas/techalerts/TA09-133A.html http://www.vupen.com/english/advisories/2009/1297 https://exchange.xforce.ibmcloud.com/vulnerabilities/50489 • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 3%CPEs: 16EXPL: 0CVE-2009-0158
https://notcve.org/view.php?id=CVE-2009-0158
Stack-based buffer overflow in telnet in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long hostname for a telnet server. Desbordamiento de búfer basado en pila en telnet en Apple Mac OS X v10.4.11 y v10.5 antes de v10.5.7 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (cuelgue de aplicación) a través de un nombre de host largo para un servidor telnet. • http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://marc.info/?l=bugtraq&m=136482797910018&w=2 http://secunia.com/advisories/35074 http://support.apple.com/kb/HT3549 http://www.securityfocus.com/bid/34926 http://www.us-cert.gov/cas/techalerts/TA09-133A.html http://www.vupen.com/english/advisories/2009/1297 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.4EPSS: 0%CPEs: 16EXPL: 0CVE-2009-0149
https://notcve.org/view.php?id=CVE-2009-0149
Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows local users to gain privileges or cause a denial of service (application crash) by attempting to mount a crafted sparse disk image that triggers memory corruption. Apple Mac OS X v10.4.11 y v10.5 antes de v10.5.7 permite a usuarios locales obtener privilegios o provocar una denegación de servicio (cuelgue de aplicación) por tratar de montar una imagen de disco (disperso) elaborado lo cual provoca la corrupción de memoria. • http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://secunia.com/advisories/35074 http://support.apple.com/kb/HT3549 http://www.securityfocus.com/bid/34926 http://www.securityfocus.com/bid/34942 http://www.securitytracker.com/id?1022217 http://www.us-cert.gov/cas/techalerts/TA09-133A.html http://www.vupen.com/english/advisories/2009/1297 https://exchange.xforce.ibmcloud.com/vulnerabilities/50484 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 14EXPL: 0CVE-2009-0153 – icu: XSS vulnerability due to improper invalid byte sequence handling
https://notcve.org/view.php?id=CVE-2009-0153
International Components for Unicode (ICU) 4.0, 3.6, and other 3.x versions, as used in Apple Mac OS X 10.5 before 10.5.7, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Fedora 9 and 10, and possibly other operating systems, does not properly handle invalid byte sequences during Unicode conversion, which might allow remote attackers to conduct cross-site scripting (XSS) attacks. International Components para Unicode (ICU) en Apple Mac OS X v10.5 antes de v10.5.7 no maneja correctamente las secuencias de bytes no válidos durante la conversión a Unicode, lo cual podría permitir a atacantes remotos realizar ataques de secuencias de comandos en sitios cruzados (XSS). • http://bugs.icu-project.org/trac/ticket/5691 http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html http://secunia.com/advisories/35074 http://secunia.com/advisories/35379 http://secunia.com/advisories/35436 http://secunia.com/advisories/35498 http://secunia.com/advisories/35584 http://support.apple.com/kb/HT3549 htt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •