CVSS: 10.0EPSS: 8%CPEs: 114EXPL: 3CVE-2009-1236 – Apple Mac OSX xnu 1228.3.13 - 'zip-notify' Remote Kernel Overflow (PoC)
https://notcve.org/view.php?id=CVE-2009-1236
Heap-based buffer overflow in the AppleTalk networking stack in XNU 1228.3.13 and earlier on Apple Mac OS X 10.5.6 and earlier allows remote attackers to cause a denial of service (system crash) via a ZIP NOTIFY (aka ZIPOP_NOTIFY) packet that overwrites a certain ifPort structure member. Desbordamiento de búfer basado en pila en AppleTalk networking stack en XNU v1228.3.13 y anteriores en Apple Mac OS X v10.5.6 permite a atacantes remotos producir una denegación de servicio (caída del sistema) a través de un paquete NOTIFY (también conocido como ZIPOP_NOTIFY) que sobrescribe miembro de estructura ifPort. • https://www.exploit-db.com/exploits/8262 http://secunia.com/advisories/34424 http://www.digit-labs.org/files/exploits/xnu-appletalk-zip.c http://www.informationweek.com/news/hardware/mac/showArticle.jhtml?articleID=216401181 http://www.securityfocus.com/bid/34201 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 1%CPEs: 4EXPL: 0CVE-2009-0009
https://notcve.org/view.php?id=CVE-2009-0009
Unspecified vulnerability in the Pixlet codec in Apple Mac OS X 10.4.11 and 10.5.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted movie file that triggers memory corruption. Vulnerabilidad no especificada en Pixlet codec en Apple Mac OS X v10.4.11 y v10.5.6 que permite a los atacantes remotos causar una denegación de servicios (terminación de la aplicación) y posiblemente una ejecución arbitraria de código a través de archivos de vídeo manipuladas que lanzan una corrupción de memoria. • http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html http://osvdb.org/51980 http://secunia.com/advisories/33937 http://securitytracker.com/alerts/2009/Feb/1021718.html http://support.apple.com/kb/HT3438 http://www.securityfocus.com/bid/33759 http://www.vupen.com/english/advisories/2009/0422 https://exchange.xforce.ibmcloud.com/vulnerabilities/48713 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 3%CPEs: 4EXPL: 0CVE-2009-0020
https://notcve.org/view.php?id=CVE-2009-0020
Unspecified vulnerability in CarbonCore in Apple Mac OS X 10.4.11 and 10.5.6 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted resource fork that triggers memory corruption. Vulnerabilidad no especificada en CarbonCore en Apple Mac OS X v10.4.11 y v10.5.6 que permite a los atacantes remotos causar una denegación de servicios (terminación de la aplicación) y ejecuta arbitrariamente código a través de bifurcación de recurso manipulada que lanza una corrupción de memoria. • http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html http://secunia.com/advisories/33937 http://support.apple.com/kb/HT3438 http://www.securityfocus.com/bid/33759 http://www.vupen.com/english/advisories/2009/0422 • CWE-399: Resource Management Errors •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2009-0141
https://notcve.org/view.php?id=CVE-2009-0141
XTerm in Apple Mac OS X 10.4.11 and 10.5.6, when used with luit, creates tty devices with insecure world-writable permissions, which allows local users to write to the Xterm of another user. XTerm en Apple Mac OS X v10.4.11 y v10.5.6, cuando usado con luit, crea dispositivos tty con permisos inseguros de escritura, el cual permite a los usuarios locales escribir a el Xterm de otro usuario. • http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html http://secunia.com/advisories/33937 http://securitytracker.com/alerts/2009/Feb/1021729.html http://support.apple.com/kb/HT3438 http://www.securityfocus.com/bid/33798 http://www.vupen.com/english/advisories/2009/0422 https://exchange.xforce.ibmcloud.com/vulnerabilities/48727 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 0CVE-2009-0140
https://notcve.org/view.php?id=CVE-2009-0140
Unspecified vulnerability in the SMB component in Apple Mac OS X 10.4.11 and 10.5.6 allows remote SMB servers to cause a denial of service (memory exhaustion and system shutdown) via a crafted file system name. Vulnerabilidad no especificada en el componente SMB en Apple Mac OS X v10.4.11 y v10.5.6 que permite a los servidores SMB remotos causar una denegación de servicios (agotamiento de memoria y caída del sistema) a través de nombres de ficheros del sistema manipulados. • http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html http://secunia.com/advisories/33937 http://support.apple.com/kb/HT3438 http://www.vupen.com/english/advisories/2009/0422 • CWE-399: Resource Management Errors •