CVSS: 9.3EPSS: 6%CPEs: 2EXPL: 0CVE-2009-1060
https://notcve.org/view.php?id=CVE-2009-1060
Unspecified vulnerability in Apple Safari on Mac OS X 10.5.6 allows remote attackers to execute arbitrary code via unknown vectors triggered by clicking on a link, as demonstrated by Charlie Miller during a PWN2OWN competition at CanSecWest 2009. Vulnerabilidad inespecífica en Apple Safari en Mac OS X v10.5.6 permite a atacantes remotos ejecutar código de forma arbitraria a través de vectores desconocidos que se inician cuando se hace click en un enlace, como demostró Charlie Miller durante la competición PWN2OWN en CanSecWest 2009. • http://cansecwest.com/index.html http://dvlabs.tippingpoint.com/blog/2009/02/25/pwn2own-2009 http://dvlabs.tippingpoint.com/blog/2009/03/18/pwn2own-2009-day-1---safari-internet-explorer-and-firefox-taken-down-by-four-zero-day-exploits http://news.cnet.com/8301-1009_3-10199652-83.html http://osvdb.org/52888 http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9129978 http://www.securityfocus.com/bid/34179 http://www.securitytracker.com/id?1021879 https:& •
CVSS: 9.3EPSS: 6%CPEs: 2EXPL: 0CVE-2009-1042
https://notcve.org/view.php?id=CVE-2009-1042
Unspecified vulnerability in Apple Safari on Mac OS X 10.5.6 allows remote attackers to execute arbitrary code via unknown vectors triggered by clicking on a link, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009. Vulnerabilidad no especificada en Apple Safari en Mac OS X 10.5.6 permite a atacantes remotos ejecutar código de su elección a través de vécnoes desconocidos, provocados por hacer "clic" en un enlace, como se demostró por Nils durante la competición PWN2OWN en CanSecWest 2009. • http://blogs.zdnet.com/security/?p=2934 http://cansecwest.com/index.html http://dvlabs.tippingpoint.com/blog/2009/02/25/pwn2own-2009 http://dvlabs.tippingpoint.com/blog/2009/03/18/pwn2own-2009-day-1---safari-internet-explorer-and-firefox-taken-down-by-four-zero-day-exploits http://news.cnet.com/8301-1009_3-10199652-83.html http://osvdb.org/52888 http://twitter.com/tippingpoint1/status/1351485521 http://www.h-online.com/security/Pwn2Own-2009-Safari-IE-8-and-Firefox-exp •
CVSS: 6.8EPSS: 7%CPEs: 15EXPL: 0CVE-2009-0040 – libpng arbitrary free() flaw
https://notcve.org/view.php?id=CVE-2009-0040
The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables. La libreria de referencia PNG (tambien conocida como libpng) anterior a v1.0.43, y v1.2.x anteriores a 1.2.35, utilizado en pngcrush y otras aplicaciones, lo que permite a atacantes dependientes de contexto producir una denegacion de servicio (caida de aplicacion) o posiblemente ejecutar codigo a traves de de un fichero PNG manipulado que inicia un puntero sin inicializar en (1) la funcion png_read_png, (2) manejador pCAL, o (3) instalacion de tablas de gamma de 16-bit. • ftp://ftp.simplesystems.org/pub/png/src/libpng-1.2.34-ADVISORY.txt http://downloads.sourceforge.net/libpng/libpng-1.2.34-ADVISORY.txt http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2009-03/msg000 • CWE-824: Access of Uninitialized Pointer •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0CVE-2009-0015
https://notcve.org/view.php?id=CVE-2009-0015
Unspecified vulnerability in fseventsd in the FSEvents framework in Apple Mac OS X 10.5.6 allows local users to obtain sensitive information (filesystem activities and directory names) via unknown vectors related to "credential management." Vulnerabilidad no especificada en fseventsd en the FSEvents framework en Apple Mac OS X v10.5.6 que permite a los usuarios locales obtener información sensible (actividades de los ficheros del sistema y nombres de directorios) a través de vectores desconocidos relativos a "gestión de credenciales". • http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html http://secunia.com/advisories/33937 http://support.apple.com/kb/HT3438 http://www.securityfocus.com/bid/33759 http://www.securityfocus.com/bid/33821 http://www.vupen.com/english/advisories/2009/0422 • CWE-255: Credentials Management Errors •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2009-0017
https://notcve.org/view.php?id=CVE-2009-0017
csregprinter in the Printing component in Apple Mac OS X 10.4.11 and 10.5.6 does not properly handle error conditions, which allows local users to execute arbitrary code via unknown vectors that trigger a heap-based buffer overflow. csregprinter en el componente Printing de Apple Mac OS X v10.4.11 y v10.5.6, no maneja adecuadamente las condiciones de error, esto permite a usuarios locales ejecutar código de su elección a través de vectores desconocidos que provocan un desbordamiento del búfer basado en montículo. • http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html http://secunia.com/advisories/33937 http://support.apple.com/kb/HT3438 http://www.securityfocus.com/bid/33759 http://www.securityfocus.com/bid/33811 http://www.vupen.com/english/advisories/2009/0422 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •