CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 0CVE-2009-0138
https://notcve.org/view.php?id=CVE-2009-0138
servermgrd (Server Manager) in Apple Mac OS X 10.5.6 does not properly validate authentication credentials, which allows remote attackers to modify the system configuration. servermgrd (Server Manager) en Apple Mac OS X v10.5.6 no valida apropiadamente la autenticación de credenciales, el cual permite a los atacantes remotos modificar el sistema de configuración. • http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html http://secunia.com/advisories/33937 http://support.apple.com/kb/HT3438 http://www.securityfocus.com/bid/33759 http://www.securityfocus.com/bid/33813 http://www.vupen.com/english/advisories/2009/0422 • CWE-287: Improper Authentication •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2009-0011
https://notcve.org/view.php?id=CVE-2009-0011
Certificate Assistant in Apple Mac OS X 10.5.6 allows local users to overwrite arbitrary files via unknown vectors related to an "insecure file operation" on a temporary file. Certificate Assistant en Apple Mac OS X v10.5.6 que permite a los usuarios locales sobrescribir arbitrariamente archivos a través de vectores desconocidos en relación a una "operación de archivo insegura" en un fichero temporal. • http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html http://osvdb.org/51979 http://secunia.com/advisories/33937 http://securitytracker.com/alerts/2009/Feb/1021720.html http://support.apple.com/kb/HT3438 http://www.securityfocus.com/bid/33759 http://www.vupen.com/english/advisories/2009/0422 https://exchange.xforce.ibmcloud.com/vulnerabilities/48715 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 2.1EPSS: 0%CPEs: 2EXPL: 0CVE-2009-0014
https://notcve.org/view.php?id=CVE-2009-0014
Folder Manager in Apple Mac OS X 10.5.6 uses insecure default permissions when recreating a Downloads folder after it has been deleted, which allows local users to bypass intended access restrictions and read the Downloads folder. Folder Manager en Apple Mac OS X 10.5.6 usa permisos inseguros por defecto cuando recrea un carpeta Downloads después de que ha sido borrada, lo que permite a los usuarios evitar las restricciones de acceso y lee la carpeta Downloads. • http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html http://secunia.com/advisories/33937 http://support.apple.com/kb/HT3438 http://www.securityfocus.com/bid/33759 http://www.securityfocus.com/bid/33820 http://www.vupen.com/english/advisories/2009/0422 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2009-0141
https://notcve.org/view.php?id=CVE-2009-0141
XTerm in Apple Mac OS X 10.4.11 and 10.5.6, when used with luit, creates tty devices with insecure world-writable permissions, which allows local users to write to the Xterm of another user. XTerm en Apple Mac OS X v10.4.11 y v10.5.6, cuando usado con luit, crea dispositivos tty con permisos inseguros de escritura, el cual permite a los usuarios locales escribir a el Xterm de otro usuario. • http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html http://secunia.com/advisories/33937 http://securitytracker.com/alerts/2009/Feb/1021729.html http://support.apple.com/kb/HT3438 http://www.securityfocus.com/bid/33798 http://www.vupen.com/english/advisories/2009/0422 https://exchange.xforce.ibmcloud.com/vulnerabilities/48727 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2009-0018
https://notcve.org/view.php?id=CVE-2009-0018
The Remote Apple Events server in Apple Mac OS X 10.4.11 and 10.5.6 does not properly initialize a buffer, which allows remote attackers to read portions of memory. The Remote Apple Events server en Apple Mac OS X 10.4.11 y 10.5.6 no inicializa apropiadamente un búfer, lo cual permite a los atacantes remotos leer porciones de memoria. • http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html http://secunia.com/advisories/33937 http://support.apple.com/kb/HT3438 http://www.securityfocus.com/bid/33759 http://www.securityfocus.com/bid/33816 http://www.vupen.com/english/advisories/2009/0422 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •