CVSS: 6.8EPSS: 5%CPEs: 16EXPL: 0CVE-2009-0944
https://notcve.org/view.php?id=CVE-2009-0944
The Microsoft Office Spotlight Importer in Spotlight in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not properly validate Microsoft Office files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a file that triggers memory corruption. Microsoft Office Spotlight Importer en Apple Mac OS X v10.4.11 y v10.5 anterior a v10.5.7 no valida adecuadamente los archivos de Microsoft Office, lo cual permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (cuelgue de aplicación) a través de un archivo que provoca la corrupción de memoria. • http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://secunia.com/advisories/35074 http://support.apple.com/kb/HT3549 http://www.securityfocus.com/bid/34926 http://www.securityfocus.com/bid/34939 http://www.securitytracker.com/id?1022215 http://www.us-cert.gov/cas/techalerts/TA09-133A.html http://www.vupen.com/english/advisories/2009/1297 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.4EPSS: 0%CPEs: 14EXPL: 0CVE-2009-0161
https://notcve.org/view.php?id=CVE-2009-0161
The OpenSSL::OCSP module for Ruby in Apple Mac OS X 10.5 before 10.5.7 misinterprets an unspecified invalid response as a successful OCSP certificate validation, which might allow remote attackers to spoof certificate authentication via a revoked certificate. El módulo OpenSSL::OCSP de Ruby en Apple Mac OS X v10.5 anterior a v10.5.7 malinterpreta una respuesta no válida no especificada como un certificado de validación OCSP válido, lo que podría permitir a atacantes remotos falsear certificados de autenticación a través de un certificado revocados • http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://secunia.com/advisories/35074 http://support.apple.com/kb/HT3549 http://www.securityfocus.com/bid/34926 http://www.us-cert.gov/cas/techalerts/TA09-133A.html http://www.vupen.com/english/advisories/2009/1297 https://exchange.xforce.ibmcloud.com/vulnerabilities/50592 • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 5%CPEs: 16EXPL: 0CVE-2009-0942
https://notcve.org/view.php?id=CVE-2009-0942
Help Viewer in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not verify that certain Cascading Style Sheets (CSS) are located in a registered help book, which allows remote attackers to execute arbitrary code via a help: URL that triggers invocation of AppleScript files. Help Viewer de Apple Mac OS X v10.4.11 y v10.5 anterior a v10.5.7 no comprueba que ciertas Hojas de Estilo en Cascada (CSS) se encuentran en un libro de ayuda registrado, lo cual permite a atacantes remotos ejecutar código arbitrario a través de una URL help: lo cual desencadena invocación de archivos AppleScript. • http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://secunia.com/advisories/35074 http://support.apple.com/kb/HT3549 http://www.securityfocus.com/bid/34926 http://www.securitytracker.com/id?1022216 http://www.us-cert.gov/cas/techalerts/TA09-133A.html http://www.vupen.com/english/advisories/2009/1297 https://exchange.xforce.ibmcloud.com/vulnerabilities/50485 • CWE-20: Improper Input Validation •
CVSS: 4.4EPSS: 0%CPEs: 14EXPL: 0CVE-2009-0150
https://notcve.org/view.php?id=CVE-2009-0150
Stack-based buffer overflow in Apple Mac OS X 10.5 before 10.5.7 allows local users to gain privileges or cause a denial of service (application crash) by attempting to mount a crafted sparse disk image. Desbordamiento de búfer basado en pila en Apple Mac OS X v10.5 antes de v10.5.7 permite a usuarios locales obtener privilegios o provocar una denegación de servicio (cuelgue de aplicación) por tratar de montar una imagen de disco dispersa elaborada. • http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://secunia.com/advisories/35074 http://support.apple.com/kb/HT3549 http://www.securityfocus.com/bid/34926 http://www.securitytracker.com/id?1022217 http://www.us-cert.gov/cas/techalerts/TA09-133A.html http://www.vupen.com/english/advisories/2009/1297 https://exchange.xforce.ibmcloud.com/vulnerabilities/50483 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2009-0152
https://notcve.org/view.php?id=CVE-2009-0152
iChat in Apple Mac OS X 10.5 before 10.5.7 disables SSL for AOL Instant Messenger (AIM) communication in certain circumstances that are inconsistent with the Require SSL setting, which allows remote attackers to obtain sensitive information by sniffing the network. iChat en Apple Mac OS X v10.5 antes de v10.5.7 desactiva SSL para la comunicación de AOL Instant Messenger (AIM) en determinadas circunstancias que sean incompatibles con la configuración "Require SSL", lo cual permite a atacantes remotos obtener información sensible capturando el tráfico de la red. • http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://secunia.com/advisories/35074 http://support.apple.com/kb/HT3549 http://www.securityfocus.com/bid/34926 http://www.securitytracker.com/id?1022212 http://www.us-cert.gov/cas/techalerts/TA09-133A.html http://www.vupen.com/english/advisories/2009/1297 https://exchange.xforce.ibmcloud.com/vulnerabilities/50487 • CWE-312: Cleartext Storage of Sensitive Information •