CVE-2009-2188
- EPSS 7.93%
- Veröffentlicht 06.08.2009 16:30:00
- Zuletzt bearbeitet 16.06.2026 23:08:57
Buffer overflow in ImageIO in Apple Mac OS X 10.5 before 10.5.8, and Safari before 4.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image with crafted EXIF metadata.
CVE-2009-2190
- EPSS 4.29%
- Veröffentlicht 06.08.2009 16:30:00
- Zuletzt bearbeitet 16.06.2026 23:08:58
launchd in Apple Mac OS X 10.5 before 10.5.8 allows remote attackers to cause a denial of service (individual service outage) by making many connections to an inetd-based launchd service.
CVE-2009-2191
- EPSS 4.17%
- Veröffentlicht 06.08.2009 16:30:00
- Zuletzt bearbeitet 16.06.2026 23:08:58
Format string vulnerability in Login Window in Apple Mac OS X 10.4.11 and 10.5 before 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in an application name.
CVE-2009-2192
- EPSS 2.51%
- Veröffentlicht 06.08.2009 16:30:00
- Zuletzt bearbeitet 16.06.2026 23:08:58
MobileMe in Apple Mac OS X 10.5 before 10.5.8 does not properly delete credentials upon signout from the preference pane, which makes it easier for attackers to hijack a MobileMe session via unspecified vectors, related to a "logic issue."
- EPSS 9.45%
- Veröffentlicht 06.08.2009 16:30:00
- Zuletzt bearbeitet 16.06.2026 23:08:58
Buffer overflow in the kernel in Apple Mac OS X 10.5 before 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a crafted AppleTalk response packet.
CVE-2009-2194
- EPSS 0.4%
- Veröffentlicht 06.08.2009 16:30:00
- Zuletzt bearbeitet 16.06.2026 23:08:58
Apple Mac OS X 10.5 before 10.5.8 does not properly share file descriptors over local sockets, which allows local users to cause a denial of service (system crash) by placing file descriptors in messages sent to a socket that has no receiver, related...
CVE-2009-0151
- EPSS 0.36%
- Veröffentlicht 06.08.2009 15:30:00
- Zuletzt bearbeitet 16.06.2026 23:04:22
The screen saver in Dock in Apple Mac OS X 10.5 before 10.5.8 does not prevent four-finger Multi-Touch gestures, which allows physically proximate attackers to bypass locking and "manage applications or use Expose" via unspecified vectors.
CVE-2009-1723
- EPSS 1.38%
- Veröffentlicht 06.08.2009 15:30:00
- Zuletzt bearbeitet 16.06.2026 23:07:55
CFNetwork in Apple Mac OS X 10.5 before 10.5.8 places an incorrect URL in a certificate warning in certain 302 redirection scenarios, which makes it easier for remote attackers to trick a user into visiting an arbitrary https web site by leveraging a...
CVE-2009-2422
- EPSS 3.38%
- Veröffentlicht 10.07.2009 15:30:00
- Zuletzt bearbeitet 16.06.2026 23:09:25
The example code for the digest authentication functionality (http_authentication.rb) in Ruby on Rails before 2.3.3 defines an authenticate_or_request_with_http_digest block that returns nil instead of false when the user does not exist, which allows...
CVE-2009-0949
- EPSS 19.63%
- Veröffentlicht 09.06.2009 17:30:00
- Zuletzt bearbeitet 16.06.2026 23:06:10
The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10 does not properly initialize memory for IPP request packets, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a scheduler re...