CVSS: 10.0EPSS: 6%CPEs: 114EXPL: 3CVE-2009-1236 – Apple Mac OSX xnu 1228.3.13 - 'zip-notify' Remote Kernel Overflow (PoC)
https://notcve.org/view.php?id=CVE-2009-1236
Heap-based buffer overflow in the AppleTalk networking stack in XNU 1228.3.13 and earlier on Apple Mac OS X 10.5.6 and earlier allows remote attackers to cause a denial of service (system crash) via a ZIP NOTIFY (aka ZIPOP_NOTIFY) packet that overwrites a certain ifPort structure member. Desbordamiento de búfer basado en pila en AppleTalk networking stack en XNU v1228.3.13 y anteriores en Apple Mac OS X v10.5.6 permite a atacantes remotos producir una denegación de servicio (caída del sistema) a través de un paquete NOTIFY (también conocido como ZIPOP_NOTIFY) que sobrescribe miembro de estructura ifPort. • https://www.exploit-db.com/exploits/8262 http://secunia.com/advisories/34424 http://www.digit-labs.org/files/exploits/xnu-appletalk-zip.c http://www.informationweek.com/news/hardware/mac/showArticle.jhtml?articleID=216401181 http://www.securityfocus.com/bid/34201 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0CVE-2009-0015
https://notcve.org/view.php?id=CVE-2009-0015
Unspecified vulnerability in fseventsd in the FSEvents framework in Apple Mac OS X 10.5.6 allows local users to obtain sensitive information (filesystem activities and directory names) via unknown vectors related to "credential management." Vulnerabilidad no especificada en fseventsd en the FSEvents framework en Apple Mac OS X v10.5.6 que permite a los usuarios locales obtener información sensible (actividades de los ficheros del sistema y nombres de directorios) a través de vectores desconocidos relativos a "gestión de credenciales". • http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html http://secunia.com/advisories/33937 http://support.apple.com/kb/HT3438 http://www.securityfocus.com/bid/33759 http://www.securityfocus.com/bid/33821 http://www.vupen.com/english/advisories/2009/0422 • CWE-255: Credentials Management Errors •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2009-0017
https://notcve.org/view.php?id=CVE-2009-0017
csregprinter in the Printing component in Apple Mac OS X 10.4.11 and 10.5.6 does not properly handle error conditions, which allows local users to execute arbitrary code via unknown vectors that trigger a heap-based buffer overflow. csregprinter en el componente Printing de Apple Mac OS X v10.4.11 y v10.5.6, no maneja adecuadamente las condiciones de error, esto permite a usuarios locales ejecutar código de su elección a través de vectores desconocidos que provocan un desbordamiento del búfer basado en montículo. • http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html http://secunia.com/advisories/33937 http://support.apple.com/kb/HT3438 http://www.securityfocus.com/bid/33759 http://www.securityfocus.com/bid/33811 http://www.vupen.com/english/advisories/2009/0422 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 0CVE-2009-0138
https://notcve.org/view.php?id=CVE-2009-0138
servermgrd (Server Manager) in Apple Mac OS X 10.5.6 does not properly validate authentication credentials, which allows remote attackers to modify the system configuration. servermgrd (Server Manager) en Apple Mac OS X v10.5.6 no valida apropiadamente la autenticación de credenciales, el cual permite a los atacantes remotos modificar el sistema de configuración. • http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html http://secunia.com/advisories/33937 http://support.apple.com/kb/HT3438 http://www.securityfocus.com/bid/33759 http://www.securityfocus.com/bid/33813 http://www.vupen.com/english/advisories/2009/0422 • CWE-287: Improper Authentication •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2009-0011
https://notcve.org/view.php?id=CVE-2009-0011
Certificate Assistant in Apple Mac OS X 10.5.6 allows local users to overwrite arbitrary files via unknown vectors related to an "insecure file operation" on a temporary file. Certificate Assistant en Apple Mac OS X v10.5.6 que permite a los usuarios locales sobrescribir arbitrariamente archivos a través de vectores desconocidos en relación a una "operación de archivo insegura" en un fichero temporal. • http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html http://osvdb.org/51979 http://secunia.com/advisories/33937 http://securitytracker.com/alerts/2009/Feb/1021720.html http://support.apple.com/kb/HT3438 http://www.securityfocus.com/bid/33759 http://www.vupen.com/english/advisories/2009/0422 https://exchange.xforce.ibmcloud.com/vulnerabilities/48715 • CWE-264: Permissions, Privileges, and Access Controls •