CVSS: 7.5EPSS: 20%CPEs: 39EXPL: 0CVE-2009-1719 – Apple Java CColourUIResource Pointer Dereference Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2009-1719
The Aqua Look and Feel for Java implementation in Java 1.5 on Mac OS X 10.5 allows remote attackers to execute arbitrary code via a call to the undocumented apple.laf.CColourUIResource constructor with a crafted value in the first argument, which is dereferenced as a pointer. Aqua Look and Feel para la implementación de Java en Java v1.5 en Mac OS X 10.5 permite a atacantes remotos ejecutar código arbitrario a través de una llamada a los indocumentados. El constructor apple.laf.CColourUIResource con un valor manipulado en el primer argumento, lo que permite desreferenciar como puntero. his vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Java HotSpot. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the undocumented apple.laf.CColourUIResource(long, int, int ,int, int) constructor. When passing a long integer value as the first argument, the value is interpreted as pointer to an Objective-C object. By constructing a special memory structure and passing the pointer to the first argument an attacker may execute arbitrary code. • http://lists.apple.com/archives/security-announce/2009/Jun/msg00003.html http://support.apple.com/kb/HT3632 http://www.securityfocus.com/archive/1/504364/100/0/threaded http://www.securityfocus.com/bid/35381 http://www.securityfocus.com/bid/35401 http://www.zerodayinitiative.com/advisories/ZDI-09-043 https://exchange.xforce.ibmcloud.com/vulnerabilities/51185 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 17%CPEs: 13EXPL: 1CVE-2009-1955 – Apache mod_dav / svn - Remote Denial of Service
https://notcve.org/view.php?id=CVE-2009-1955
The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564. El parseador XML en el interfaz apr_xml_* en xml/apr_xml.c en Apache APR-util anteriores a v1.3.7 tal y como es utilizado en los módulos mod_dav y mod_dav_svn en el servidor HTTP de Apache, permite a atacantes remotos producir una denegación de servicio (agotamiento de memoria) a través de un documento XML manipulado que contiene un gran numero de referencias anidadas, como se demostró en la petición PROPFIND, una vulnerabilidad similar a CVE-2003-1564. • https://www.exploit-db.com/exploits/8842 http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html http://marc.info/?l=apr-dev&m=124396021826125&w=2 http://marc.info/?l=bugtraq&m=129190899612998&w=2 http://secunia.com/advisories/34724 http://secunia.com/advisories/35284 http://secunia.com/advisories/35360 http://secunia.com/advisories/35395 http://secunia.com/advisories/35444 http: • CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •
CVSS: 7.5EPSS: 6%CPEs: 15EXPL: 3CVE-2009-0949 – CUPS 1.3.9 - 'cups/ipp.c' Null Pointer Dereference Denial of Service
https://notcve.org/view.php?id=CVE-2009-0949
The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10 does not properly initialize memory for IPP request packets, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a scheduler request with two consecutive IPP_TAG_UNSUPPORTED tags. La función ippReadIO en cups/ipp.c en cupsd en CUPS antes de la versión 1.3.10 no inicia de manera apropiada la memoria para paquetes de solicitud IPP, lo que permite a atacantes remotos provocar una denegación de servicio (referencia a puntero nulo y caída del demonio) mediante una solicitud de programación (scheduler) con dos etiquetas IPP_TAG_UNSUPPORTED consecutivas. • https://www.exploit-db.com/exploits/33020 http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html http://secunia.com/advisories/35322 http://secunia.com/advisories/35328 http://secunia.com/advisories/35340 http://secunia.com/advisories/35342 http://secunia.com/advisories/35685 http://secunia.com/advisories/36701 http://securitytracker.com/id?1022321 http://support.apple.com/kb/HT3865 http&# • CWE-476: NULL Pointer Dereference CWE-908: Use of Uninitialized Resource •
CVSS: 6.8EPSS: 2%CPEs: 16EXPL: 0CVE-2009-1717
https://notcve.org/view.php?id=CVE-2009-1717
Integer overflow in Terminal in Apple Mac OS X 10.5 before 10.5.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted size value in a CSI[4 xterm resize escape sequence that triggers a heap-based buffer overflow. Vulnerabilidad de desbordamiento de entero en Terminal de Apple Mac OS X en sus versiones v10.5 anteriores a v10.5.7. Permite a atacantes remotos ejecutar código de su elección o ejecutar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de valores de tamaño manipulados en la secuencia de escape de redimensionamiento de xterm CSI[4, lo que provoca un desbordamiento de buffer de la memoria dinámica (heap). • http://dvlabs.tippingpoint.com/advisory/TPTI-09-04 http://securitytracker.com/id?1022322 http://support.apple.com/kb/HT3549 http://www.securityfocus.com/archive/1/504031/100/0/threaded http://www.securityfocus.com/bid/35182 https://exchange.xforce.ibmcloud.com/vulnerabilities/50982 • CWE-189: Numeric Errors •
CVSS: 6.8EPSS: 5%CPEs: 16EXPL: 0CVE-2009-0943
https://notcve.org/view.php?id=CVE-2009-0943
Help Viewer in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not verify that HTML pathnames are located in a registered help book, which allows remote attackers to execute arbitrary code via a help: URL that triggers invocation of AppleScript files. Help Viewer de Apple Mac OS X v10.4.11 y v10.5 anteriores a v10.5.7 no verifica que las rutas HTML esten localizadas en un libro de ayuda registrado, lo cual permite a atacantes remotos ejecutar código arbitrario a través de una URL help: la que desencadena la invocación de archivos AppleScript. • http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://secunia.com/advisories/35074 http://support.apple.com/kb/HT3549 http://www.securityfocus.com/bid/34926 http://www.securitytracker.com/id?1022216 http://www.us-cert.gov/cas/techalerts/TA09-133A.html http://www.vupen.com/english/advisories/2009/1297 https://exchange.xforce.ibmcloud.com/vulnerabilities/50486 • CWE-20: Improper Input Validation •