CVSS: 5.0EPSS: 0%CPEs: 59EXPL: 0CVE-2009-2818
https://notcve.org/view.php?id=CVE-2009-2818
Adaptive Firewall in Apple Mac OS X before 10.6.2 does not properly handle invalid usernames in SSH login attempts, which makes it easier for remote attackers to obtain login access via a brute-force attack (aka dictionary attack). Adaptive Firewall en Apple Mac OS X anterior a v10.6.2 no maneja adecuadamente los nombres de usuario no válidos en los intentos de login SSH, lo que facilita a atacantes remotos obtener acceso mediante un ataque de fuerza bruta (también conocido como ataque por diccionario). • http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html http://support.apple.com/kb/HT3937 http://www.securityfocus.com/bid/36956 http://www.vupen.com/english/advisories/2009/3184 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.8EPSS: 1%CPEs: 2EXPL: 0CVE-2009-2824
https://notcve.org/view.php?id=CVE-2009-2824
Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 allow remote attackers to execute arbitrary code via a crafted embedded font in a document. Múltiples desbordamiento de búfer en Apple Type Services (ATS) en Apple Mac OS X v10.5.8 permite a atacantes remotos ejecutar código de su elección a través de fuentes manipuladas embebidas en un documento. • http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html http://support.apple.com/kb/HT3937 http://www.securityfocus.com/bid/36956 http://www.vupen.com/english/advisories/2009/3184 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.9EPSS: 0%CPEs: 118EXPL: 0CVE-2009-2834
https://notcve.org/view.php?id=CVE-2009-2834
IOKit in Apple Mac OS X before 10.6.2 allows local users to modify the firmware of a (1) USB or (2) Bluetooth keyboard via unspecified vectors. IOKit en Apple Mac OS X anterior v10.6.2 permite a usuarios locales modificar el firmware de (1) USB o (2) teclado Bluetooth a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html http://support.apple.com/kb/HT3937 http://www.securityfocus.com/bid/36956 http://www.vupen.com/english/advisories/2009/3184 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 0CVE-2009-2819
https://notcve.org/view.php?id=CVE-2009-2819
AFP Client in Apple Mac OS X 10.5.8 allows remote AFP servers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via unspecified vectors. AFP Client in Apple Mac OS X v10.5.8, permite a servidores AFP ejecutar comandos de su elección o provocar una denegación de servicio (corrupción de memoria o caída de aplicación) a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html http://support.apple.com/kb/HT3937 http://www.securityfocus.com/bid/36956 http://www.vupen.com/english/advisories/2009/3184 • CWE-399: Resource Management Errors •
CVSS: 4.3EPSS: 0%CPEs: 118EXPL: 1CVE-2009-2820 – CUPS - 'kerberos' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2009-2820
The web interface in CUPS before 1.4.2, as used on Apple Mac OS X before 10.6.2 and other platforms, does not properly handle (1) HTTP headers and (2) HTML templates, which allows remote attackers to conduct cross-site scripting (XSS) attacks and HTTP response splitting attacks via vectors related to (a) the product's web interface, (b) the configuration of the print system, and (c) the titles of printed jobs, as demonstrated by an XSS attack that uses the kerberos parameter to the admin program, and leverages attribute injection and HTTP Parameter Pollution (HPP) issues. CUPS en Apple Mac OS X anterior a v10.6.2no maneja adecuadamente (1) las cabeceras HTTP y (2) las plantillas HTML, lo que permite a atacantes remotos dirigir ataques de petición de sitios cruzados (XSS) y ataques de separación de respuesta HTTP a través de vectores relacionados con (a) la interfaz web del producto, (b) la configuración del sistema de impresión, y (c) los títulos de los trabajos impresos. • https://www.exploit-db.com/exploits/10001 http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html http://secunia.com/advisories/37308 http://secunia.com/advisories/37360 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021115.1-1 http://support.apple.com/kb/HT3937 http://www.cups.org/articles.php?L590 http://www.cups.org/documentation.php/relnotes.html http://www.cups.org/str.php?L3367 http://www.mandriva.com/security/advisories?name=MDVSA-2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •