CVSS: 2.1EPSS: 0%CPEs: 4EXPL: 0CVE-2009-0013
https://notcve.org/view.php?id=CVE-2009-0013
dscl in DS Tools in Apple Mac OS X 10.4.11 and 10.5.6 requires that passwords must be provided as command line arguments, which allows local users to gain privileges by listing process information. dscl en DS Tools den Apple Mac OS X v10.4.11 y v10.5.6, requiere que la contraseña sea proporcionada como argumentos de la línea de comandos, esto permite a usuarios locales ganar privilegios al listar información de los procesos. • http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html http://secunia.com/advisories/33937 http://securitytracker.com/alerts/2009/Feb/1021722.html http://support.apple.com/kb/HT3438 http://www.securityfocus.com/bid/33759 http://www.securityfocus.com/bid/33815 http://www.vupen.com/english/advisories/2009/0422 https://exchange.xforce.ibmcloud.com/vulnerabilities/48717 • CWE-255: Credentials Management Errors •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0CVE-2009-0015
https://notcve.org/view.php?id=CVE-2009-0015
Unspecified vulnerability in fseventsd in the FSEvents framework in Apple Mac OS X 10.5.6 allows local users to obtain sensitive information (filesystem activities and directory names) via unknown vectors related to "credential management." Vulnerabilidad no especificada en fseventsd en the FSEvents framework en Apple Mac OS X v10.5.6 que permite a los usuarios locales obtener información sensible (actividades de los ficheros del sistema y nombres de directorios) a través de vectores desconocidos relativos a "gestión de credenciales". • http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html http://secunia.com/advisories/33937 http://support.apple.com/kb/HT3438 http://www.securityfocus.com/bid/33759 http://www.securityfocus.com/bid/33821 http://www.vupen.com/english/advisories/2009/0422 • CWE-255: Credentials Management Errors •
CVSS: 10.0EPSS: 0%CPEs: 7EXPL: 0CVE-2009-0137
https://notcve.org/view.php?id=CVE-2009-0137
Multiple unspecified vulnerabilities in Safari RSS in Apple Mac OS X 10.4.11 and 10.5.6, and Windows XP and Vista, allow remote attackers to execute arbitrary JavaScript in the local security zone via a crafted feed: URL, related to "input validation issues." Vulnerabilidades múltiples no especificadas en Safari RSS en Apple Mac OS X v10.4.11 y v10.5.6, y Windows XP y Vista, que permite a los atacantes remotos ejecutar arbitrariamente JavaScript en la zona de seguridad local a través de una suscripción manipulada: URL, relativa a "asunto de validación de entrada". • http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html http://lists.apple.com/archives/security-announce/2009/Feb/msg00001.html http://support.apple.com/kb/HT3438 • CWE-20: Improper Input Validation •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2009-0011
https://notcve.org/view.php?id=CVE-2009-0011
Certificate Assistant in Apple Mac OS X 10.5.6 allows local users to overwrite arbitrary files via unknown vectors related to an "insecure file operation" on a temporary file. Certificate Assistant en Apple Mac OS X v10.5.6 que permite a los usuarios locales sobrescribir arbitrariamente archivos a través de vectores desconocidos en relación a una "operación de archivo insegura" en un fichero temporal. • http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html http://osvdb.org/51979 http://secunia.com/advisories/33937 http://securitytracker.com/alerts/2009/Feb/1021720.html http://support.apple.com/kb/HT3438 http://www.securityfocus.com/bid/33759 http://www.vupen.com/english/advisories/2009/0422 https://exchange.xforce.ibmcloud.com/vulnerabilities/48715 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 2.1EPSS: 0%CPEs: 2EXPL: 0CVE-2009-0014
https://notcve.org/view.php?id=CVE-2009-0014
Folder Manager in Apple Mac OS X 10.5.6 uses insecure default permissions when recreating a Downloads folder after it has been deleted, which allows local users to bypass intended access restrictions and read the Downloads folder. Folder Manager en Apple Mac OS X 10.5.6 usa permisos inseguros por defecto cuando recrea un carpeta Downloads después de que ha sido borrada, lo que permite a los usuarios evitar las restricciones de acceso y lee la carpeta Downloads. • http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html http://secunia.com/advisories/33937 http://support.apple.com/kb/HT3438 http://www.securityfocus.com/bid/33759 http://www.securityfocus.com/bid/33820 http://www.vupen.com/english/advisories/2009/0422 • CWE-264: Permissions, Privileges, and Access Controls •