CVE-2009-0141
- EPSS 0.3%
- Veröffentlicht 13.02.2009 00:30:05
- Zuletzt bearbeitet 16.06.2026 23:04:20
XTerm in Apple Mac OS X 10.4.11 and 10.5.6, when used with luit, creates tty devices with insecure world-writable permissions, which allows local users to write to the Xterm of another user.
CVE-2009-0011
- EPSS 0.29%
- Veröffentlicht 13.02.2009 00:30:04
- Zuletzt bearbeitet 16.06.2026 23:04:04
Certificate Assistant in Apple Mac OS X 10.5.6 allows local users to overwrite arbitrary files via unknown vectors related to an "insecure file operation" on a temporary file.
- EPSS 5.43%
- Veröffentlicht 13.02.2009 00:30:04
- Zuletzt bearbeitet 16.06.2026 23:04:04
Heap-based buffer overflow in CoreText in Apple Mac OS X 10.5.6 allows remote attackers to execute arbitrary code via a crafted Unicode string.
CVE-2009-0013
- EPSS 0.32%
- Veröffentlicht 13.02.2009 00:30:04
- Zuletzt bearbeitet 16.06.2026 23:04:04
dscl in DS Tools in Apple Mac OS X 10.4.11 and 10.5.6 requires that passwords must be provided as command line arguments, which allows local users to gain privileges by listing process information.
CVE-2009-0014
- EPSS 0.35%
- Veröffentlicht 13.02.2009 00:30:04
- Zuletzt bearbeitet 16.06.2026 23:04:05
Folder Manager in Apple Mac OS X 10.5.6 uses insecure default permissions when recreating a Downloads folder after it has been deleted, which allows local users to bypass intended access restrictions and read the Downloads folder.
CVE-2009-0015
- EPSS 0.32%
- Veröffentlicht 13.02.2009 00:30:04
- Zuletzt bearbeitet 16.06.2026 23:04:05
Unspecified vulnerability in fseventsd in the FSEvents framework in Apple Mac OS X 10.5.6 allows local users to obtain sensitive information (filesystem activities and directory names) via unknown vectors related to "credential management."
CVE-2009-0017
- EPSS 0.45%
- Veröffentlicht 13.02.2009 00:30:04
- Zuletzt bearbeitet 16.06.2026 23:04:05
csregprinter in the Printing component in Apple Mac OS X 10.4.11 and 10.5.6 does not properly handle error conditions, which allows local users to execute arbitrary code via unknown vectors that trigger a heap-based buffer overflow.
CVE-2009-0018
- EPSS 2.52%
- Veröffentlicht 13.02.2009 00:30:04
- Zuletzt bearbeitet 16.06.2026 23:04:05
The Remote Apple Events server in Apple Mac OS X 10.4.11 and 10.5.6 does not properly initialize a buffer, which allows remote attackers to read portions of memory.
CVE-2009-0019
- EPSS 2.12%
- Veröffentlicht 13.02.2009 00:30:04
- Zuletzt bearbeitet 16.06.2026 23:04:05
Remote Apple Events in Apple Mac OS X 10.4.11 and 10.5.6 allows remote attackers to cause a denial of service (application termination) or obtain sensitive information via unspecified vectors that trigger an out-of-bounds memory access.
CVE-2009-0020
- EPSS 2.9%
- Veröffentlicht 13.02.2009 00:30:04
- Zuletzt bearbeitet 16.06.2026 23:04:05
Unspecified vulnerability in CarbonCore in Apple Mac OS X 10.4.11 and 10.5.6 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted resource fork that triggers memory corruption.