CVSS: 7.5EPSS: 4%CPEs: 21EXPL: 0CVE-2009-0946 – freetype: multiple integer overflows
https://notcve.org/view.php?id=CVE-2009-0946
Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c. Múltiples desbordamientos de entero en FreeType v2.3.9 y anteriores permiten a atacantes remotos ejecutar código de su elección mediante vectores relacionados con valores grandes en ciertas entradas en (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, y (3) cff/cffload.c. • http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0545ec1ca36b27cb928128870a83e5f668980bc5 http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=79972af4f0485a11dcb19551356c45245749fc5b http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=a18788b14db60ae3673f932249cd02d33a227c4e http://git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/ChangeLog http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html http://lists.apple.com/archives/security-announce/2009/May/msg • CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 62%CPEs: 18EXPL: 0CVE-2009-0846 – krb5: ASN.1 decoder can free uninitialized pointer when decoding an invalid encoding (MITKRB5-SA-2009-002)
https://notcve.org/view.php?id=CVE-2009-0846
The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before 1.6.4 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors involving an invalid DER encoding that triggers a free of an uninitialized pointer. La función asn1_decode_generaltime en lib/krb5/asn.1/asn1_decode.c en el decodificador ASN.1 GeneralizedTime en MIT Kerberos 5 (también conocido como Krb5) anteriores a v1.6.4, permite a atacantes remotos provocar una denegación de servicio (caída del demonio) o posiblemente ejecución de código de su elección a través de vectores que implican una codificación DER inválida, que provocará una liberación del puntero no inicializado. • http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://lists.vmware.com/pipermail/security-announce/2009/000059.html http://marc.info/?l=bugtraq&m=124896429301168&w=2 http://marc.info/?l=bugtraq&m=130497213107107&w=2 http://rhn.redhat.com/errata/RHSA-2009-0409.html http://rhn.redhat.com/errata/RHSA-2009-0410.html http://secunia.com/advisories/34594 http://secunia.com/advisories/34598 http://secunia.com/advisories/34617 http://secunia.com/adv • CWE-416: Use After Free CWE-824: Access of Uninitialized Pointer •
CVSS: 7.2EPSS: 0%CPEs: 114EXPL: 3CVE-2009-1238 – Apple Mac OSX xnu 1228.x - 'vfssysctl' Local Kernel Denial of Service (PoC)
https://notcve.org/view.php?id=CVE-2009-1238
Race condition in the HFS vfs sysctl interface in XNU 1228.8.20 and earlier on Apple Mac OS X 10.5.6 and earlier allows local users to cause a denial of service (kernel memory corruption) by simultaneously executing the same HFS_SET_PKG_EXTENSIONS code path in multiple threads, which is problematic because of lack of mutex locking for an unspecified global variable. Condición de carrera en el interfaz HFS vfs sysctl en XNU v1228.8.20 y anteriores en Apple Mac OS X v10.5.6 y anteriores permite a usuarios locales producir una denegación de servicio (corrupción de la memoria del kernel) mediante la ejecucion simultanea de la ruta de código HFS_SET_PKG_EXTENSIONS en múltiples lineas de ejecución, lo cual es problemático debido a la ausencia de bloqueo de mutex para una variable inespecífica global. • https://www.exploit-db.com/exploits/8265 http://secunia.com/advisories/34424 http://www.digit-labs.org/files/exploits/xnu-vfssysctl-dos.c http://www.informationweek.com/news/hardware/mac/showArticle.jhtml?articleID=216401181 http://www.securityfocus.com/bid/34202 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 4.9EPSS: 0%CPEs: 114EXPL: 5CVE-2009-1237 – Apple Mac OSX xnu 1228.3.13 - 'macfsstat' Local Kernel Memory Leak/Denial of Service
https://notcve.org/view.php?id=CVE-2009-1237
Multiple memory leaks in XNU 1228.3.13 and earlier on Apple Mac OS X 10.5.6 and earlier allow local users to cause a denial of service (kernel memory consumption) via a crafted (1) SYS_add_profil or (2) SYS___mac_getfsstat system call. Múltiples fugas de memoria en XNU v1228.3.13 y anteriores en Apple Mac OS X v10.5.6 y anteriores permite a usuarios locales producir una denegación de servicio (consumo de memoria del kernel) a traves de llamadas de sistema (1) SYS_add_profil o (2) SYS___mac_getfsstat manipuladas. • https://www.exploit-db.com/exploits/8263 https://www.exploit-db.com/exploits/8264 http://secunia.com/advisories/34424 http://www.digit-labs.org/files/exploits/xnu-macfsstat-leak.c http://www.digit-labs.org/files/exploits/xnu-profil-leak.c http://www.informationweek.com/news/hardware/mac/showArticle.jhtml?articleID=216401181 http://www.securityfocus.com/bid/34202 • CWE-399: Resource Management Errors •
CVSS: 7.2EPSS: 0%CPEs: 114EXPL: 4CVE-2009-1235 – Apple Mac OSX xnu 1228.x - 'hfs-fcntl' Kernel Privilege Escalation
https://notcve.org/view.php?id=CVE-2009-1235
XNU 1228.9.59 and earlier on Apple Mac OS X 10.5.6 and earlier does not properly restrict interaction between user space and the HFS IOCTL handler, which allows local users to overwrite kernel memory and gain privileges by attaching an HFS+ disk image and performing certain steps involving HFS_GET_BOOT_INFO fcntl calls. XNU v1228.9.59 y anteriores en Apple Mac OS X v10.5.6 no aplica las restricciones adecuadas entre el espacio del usuario y el manejador HFS IOCTL, lo que permite a usuarios locales sobrescribir la memoria del kernel y conseguir ganar privilegios adjuntando una imagen de un disco HFS+ y realizando ciertos pasos incluyendo llamadas HFS_GET_BOOT_INFO fcntl. • https://www.exploit-db.com/exploits/8266 http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html http://secunia.com/advisories/34424 http://secunia.com/advisories/36096 http://support.apple.com/kb/HT3757 http://www.digit-labs.org/files/exploits/xnu-hfs-fcntl-v2.c http://www.digit-labs.org/files/exploits/xnu-hfs-fcntl-v2.sh http://www.informationweek.com/news/hardware/mac/showArticle.jhtml?articleID=216401181 http://www.securityfocus.com/bid/34203 http:/&# • CWE-264: Permissions, Privileges, and Access Controls •