Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTA-2009-AVI-487
Vulnerability from certfr_avis - Published: 2009-11-10 - Updated: 2009-11-10
De multiples vulnérabilités dans Apple MacOS X permettent entre autres l'exécution de code arbitraire à distance.
Description
L'éditeur Apple a publié un ensemble de correctifs pour les applications livrées avec son système d'exploitation Mac OS X. L'exploitation des vulnérabilités par une personne malintentionnée pourrait permettre, entre autres, l'exécution de code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Mac OS X 10.5 ;",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Mac OS X 10.6 ;",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Mac OS X Server 10.5 ;",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Mac OS X Server 10.6.",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nL\u0027\u00e9diteur Apple a publi\u00e9 un ensemble de correctifs pour les applications\nlivr\u00e9es avec son syst\u00e8me d\u0027exploitation Mac OS X. L\u0027exploitation des\nvuln\u00e9rabilit\u00e9s par une personne malintentionn\u00e9e pourrait permettre,\nentre autres, l\u0027ex\u00e9cution de code arbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2009-2832",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2832"
},
{
"name": "CVE-2009-3293",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3293"
},
{
"name": "CVE-2009-2820",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2820"
},
{
"name": "CVE-2009-1890",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1890"
},
{
"name": "CVE-2009-3292",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3292"
},
{
"name": "CVE-2009-2839",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2839"
},
{
"name": "CVE-2009-2825",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2825"
},
{
"name": "CVE-2009-2810",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2810"
},
{
"name": "CVE-2009-2411",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2411"
},
{
"name": "CVE-2009-2408",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2408"
},
{
"name": "CVE-2009-2416",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2416"
},
{
"name": "CVE-2009-2798",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2798"
},
{
"name": "CVE-2007-6698",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-6698"
},
{
"name": "CVE-2009-2833",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2833"
},
{
"name": "CVE-2009-2203",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2203"
},
{
"name": "CVE-2009-2823",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2823"
},
{
"name": "CVE-2009-2840",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2840"
},
{
"name": "CVE-2009-2824",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2824"
},
{
"name": "CVE-2009-2819",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2819"
},
{
"name": "CVE-2009-1891",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1891"
},
{
"name": "CVE-2009-0023",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0023"
},
{
"name": "CVE-2009-2838",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2838"
},
{
"name": "CVE-2009-1632",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1632"
},
{
"name": "CVE-2009-2818",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2818"
},
{
"name": "CVE-2009-1956",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1956"
},
{
"name": "CVE-2007-5707",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-5707"
},
{
"name": "CVE-2008-0658",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-0658"
},
{
"name": "CVE-2009-2412",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2412"
},
{
"name": "CVE-2009-1195",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1195"
},
{
"name": "CVE-2009-1191",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1191"
},
{
"name": "CVE-2009-2808",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2808"
},
{
"name": "CVE-2009-2830",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2830"
},
{
"name": "CVE-2008-5161",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5161"
},
{
"name": "CVE-2009-3111",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3111"
},
{
"name": "CVE-2009-2829",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2829"
},
{
"name": "CVE-2009-2826",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2826"
},
{
"name": "CVE-2009-2414",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2414"
},
{
"name": "CVE-2009-2285",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2285"
},
{
"name": "CVE-2009-3291",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3291"
},
{
"name": "CVE-2009-2837",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2837"
},
{
"name": "CVE-2009-2409",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2409"
},
{
"name": "CVE-2009-2836",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2836"
},
{
"name": "CVE-2009-2799",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2799"
},
{
"name": "CVE-2009-1574",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1574"
},
{
"name": "CVE-2009-2835",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2835"
},
{
"name": "CVE-2009-2831",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2831"
},
{
"name": "CVE-2009-3235",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3235"
},
{
"name": "CVE-2009-1955",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1955"
},
{
"name": "CVE-2009-2828",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2828"
},
{
"name": "CVE-2009-2202",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2202"
}
],
"initial_release_date": "2009-11-10T00:00:00",
"last_revision_date": "2009-11-10T00:00:00",
"links": [],
"reference": "CERTA-2009-AVI-487",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2009-11-10T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s dans Apple MacOS X permettent entre autres\nl\u0027ex\u00e9cution de code arbitraire \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple MacOS X",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT3937 du 09 novembre 2009",
"url": "http://docs.info.apple.com/article.html?artnum=HT3937"
}
]
}
CVE-2009-2824 (GCVE-0-2009-2824)
Vulnerability from cvelistv5 – Published: 2009-11-10 19:00 – Updated: 2024-08-07 06:07
VLAI
EPSS
Summary
Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 allow remote attackers to execute arbitrary code via a crafted embedded font in a document.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/36956 | vdb-entryx_refsource_BID |
| http://www.vupen.com/english/advisories/2009/3184 | vdb-entryx_refsource_VUPEN |
| http://lists.apple.com/archives/security-announce… | vendor-advisoryx_refsource_APPLE |
| http://support.apple.com/kb/HT3937 | x_refsource_CONFIRM |
Date Public
2009-11-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:07:36.408Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "36956",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36956"
},
{
"name": "ADV-2009-3184",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3184"
},
{
"name": "APPLE-SA-2009-11-09-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3937"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-11-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 allow remote attackers to execute arbitrary code via a crafted embedded font in a document."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-11-17T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "36956",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36956"
},
{
"name": "ADV-2009-3184",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3184"
},
{
"name": "APPLE-SA-2009-11-09-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3937"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2824",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 allow remote attackers to execute arbitrary code via a crafted embedded font in a document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36956",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36956"
},
{
"name": "ADV-2009-3184",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3184"
},
{
"name": "APPLE-SA-2009-11-09-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
},
{
"name": "http://support.apple.com/kb/HT3937",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3937"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2824",
"datePublished": "2009-11-10T19:00:00.000Z",
"dateReserved": "2009-08-17T00:00:00.000Z",
"dateUpdated": "2024-08-07T06:07:36.408Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2825 (GCVE-0-2009-2825)
Vulnerability from cvelistv5 – Published: 2009-11-10 19:00 – Updated: 2024-08-07 06:07
VLAI
EPSS
Summary
Certificate Assistant in Apple Mac OS X before 10.6.2 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/36956 | vdb-entryx_refsource_BID |
| http://www.vupen.com/english/advisories/2009/3184 | vdb-entryx_refsource_VUPEN |
| http://lists.apple.com/archives/security-announce… | vendor-advisoryx_refsource_APPLE |
| http://support.apple.com/kb/HT3937 | x_refsource_CONFIRM |
Date Public
2009-11-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:07:36.498Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "36956",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36956"
},
{
"name": "ADV-2009-3184",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3184"
},
{
"name": "APPLE-SA-2009-11-09-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3937"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-11-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Certificate Assistant in Apple Mac OS X before 10.6.2 does not properly handle a \u0027\\0\u0027 character in a domain name in the subject\u0027s Common Name (CN) field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-11-17T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "36956",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36956"
},
{
"name": "ADV-2009-3184",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3184"
},
{
"name": "APPLE-SA-2009-11-09-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3937"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2825",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Certificate Assistant in Apple Mac OS X before 10.6.2 does not properly handle a \u0027\\0\u0027 character in a domain name in the subject\u0027s Common Name (CN) field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36956",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36956"
},
{
"name": "ADV-2009-3184",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3184"
},
{
"name": "APPLE-SA-2009-11-09-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
},
{
"name": "http://support.apple.com/kb/HT3937",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3937"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2825",
"datePublished": "2009-11-10T19:00:00.000Z",
"dateReserved": "2009-08-17T00:00:00.000Z",
"dateUpdated": "2024-08-07T06:07:36.498Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2826 (GCVE-0-2009-2826)
Vulnerability from cvelistv5 – Published: 2009-11-10 19:00 – Updated: 2024-08-07 06:07
VLAI
EPSS
Summary
Multiple integer overflows in CoreGraphics in Apple Mac OS X 10.5.8 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document that triggers a heap-based buffer overflow.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/36956 | vdb-entryx_refsource_BID |
| http://www.vupen.com/english/advisories/2009/3184 | vdb-entryx_refsource_VUPEN |
| http://lists.apple.com/archives/security-announce… | vendor-advisoryx_refsource_APPLE |
| http://support.apple.com/kb/HT3937 | x_refsource_CONFIRM |
Date Public
2009-11-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:07:36.499Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "36956",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36956"
},
{
"name": "ADV-2009-3184",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3184"
},
{
"name": "APPLE-SA-2009-11-09-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3937"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-11-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple integer overflows in CoreGraphics in Apple Mac OS X 10.5.8 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document that triggers a heap-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-11-17T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "36956",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36956"
},
{
"name": "ADV-2009-3184",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3184"
},
{
"name": "APPLE-SA-2009-11-09-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3937"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2826",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple integer overflows in CoreGraphics in Apple Mac OS X 10.5.8 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document that triggers a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36956",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36956"
},
{
"name": "ADV-2009-3184",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3184"
},
{
"name": "APPLE-SA-2009-11-09-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
},
{
"name": "http://support.apple.com/kb/HT3937",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3937"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2826",
"datePublished": "2009-11-10T19:00:00.000Z",
"dateReserved": "2009-08-17T00:00:00.000Z",
"dateUpdated": "2024-08-07T06:07:36.499Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2828 (GCVE-0-2009-2828)
Vulnerability from cvelistv5 – Published: 2009-11-10 19:00 – Updated: 2024-08-07 06:07
VLAI
EPSS
Summary
The server in DirectoryService in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/36956 | vdb-entryx_refsource_BID |
| http://www.vupen.com/english/advisories/2009/3184 | vdb-entryx_refsource_VUPEN |
| http://lists.apple.com/archives/security-announce… | vendor-advisoryx_refsource_APPLE |
| http://support.apple.com/kb/HT3937 | x_refsource_CONFIRM |
Date Public
2009-11-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:07:36.286Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "36956",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36956"
},
{
"name": "ADV-2009-3184",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3184"
},
{
"name": "APPLE-SA-2009-11-09-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3937"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-11-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The server in DirectoryService in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-11-17T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "36956",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36956"
},
{
"name": "ADV-2009-3184",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3184"
},
{
"name": "APPLE-SA-2009-11-09-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3937"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2828",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The server in DirectoryService in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36956",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36956"
},
{
"name": "ADV-2009-3184",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3184"
},
{
"name": "APPLE-SA-2009-11-09-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
},
{
"name": "http://support.apple.com/kb/HT3937",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3937"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2828",
"datePublished": "2009-11-10T19:00:00.000Z",
"dateReserved": "2009-08-17T00:00:00.000Z",
"dateUpdated": "2024-08-07T06:07:36.286Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2829 (GCVE-0-2009-2829)
Vulnerability from cvelistv5 – Published: 2009-11-10 19:00 – Updated: 2024-08-07 06:07
VLAI
EPSS
Summary
Event Monitor in Apple Mac OS X 10.5.8 does not properly handle crafted authentication data sent to an SSH daemon, which allows remote attackers to cause a denial of service via vectors involving processing of XML log documents by other services, related to a "log injection" issue.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/36956 | vdb-entryx_refsource_BID |
| http://www.vupen.com/english/advisories/2009/3184 | vdb-entryx_refsource_VUPEN |
| http://lists.apple.com/archives/security-announce… | vendor-advisoryx_refsource_APPLE |
| http://support.apple.com/kb/HT3937 | x_refsource_CONFIRM |
Date Public
2009-11-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:07:36.396Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "36956",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36956"
},
{
"name": "ADV-2009-3184",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3184"
},
{
"name": "APPLE-SA-2009-11-09-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3937"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-11-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Event Monitor in Apple Mac OS X 10.5.8 does not properly handle crafted authentication data sent to an SSH daemon, which allows remote attackers to cause a denial of service via vectors involving processing of XML log documents by other services, related to a \"log injection\" issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-11-17T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "36956",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36956"
},
{
"name": "ADV-2009-3184",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3184"
},
{
"name": "APPLE-SA-2009-11-09-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3937"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2829",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Event Monitor in Apple Mac OS X 10.5.8 does not properly handle crafted authentication data sent to an SSH daemon, which allows remote attackers to cause a denial of service via vectors involving processing of XML log documents by other services, related to a \"log injection\" issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36956",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36956"
},
{
"name": "ADV-2009-3184",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3184"
},
{
"name": "APPLE-SA-2009-11-09-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
},
{
"name": "http://support.apple.com/kb/HT3937",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3937"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2829",
"datePublished": "2009-11-10T19:00:00.000Z",
"dateReserved": "2009-08-17T00:00:00.000Z",
"dateUpdated": "2024-08-07T06:07:36.396Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2830 (GCVE-0-2009-2830)
Vulnerability from cvelistv5 – Published: 2009-11-10 19:00 – Updated: 2024-08-07 06:07
VLAI
EPSS
Summary
Multiple buffer overflows in Christos Zoulas file before 5.03 in Apple Mac OS X 10.6.x before 10.6.2 allow user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Common Document Format (CDF) file. NOTE: this might overlap CVE-2009-1515.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/36956 | vdb-entryx_refsource_BID |
| http://www.vupen.com/english/advisories/2009/3184 | vdb-entryx_refsource_VUPEN |
| http://lists.apple.com/archives/security-announce… | vendor-advisoryx_refsource_APPLE |
| http://support.apple.com/kb/HT3937 | x_refsource_CONFIRM |
Date Public
2009-11-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:07:36.399Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "36956",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36956"
},
{
"name": "ADV-2009-3184",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3184"
},
{
"name": "APPLE-SA-2009-11-09-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3937"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-11-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in Christos Zoulas file before 5.03 in Apple Mac OS X 10.6.x before 10.6.2 allow user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Common Document Format (CDF) file. NOTE: this might overlap CVE-2009-1515."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-11-17T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "36956",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36956"
},
{
"name": "ADV-2009-3184",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3184"
},
{
"name": "APPLE-SA-2009-11-09-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3937"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2830",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in Christos Zoulas file before 5.03 in Apple Mac OS X 10.6.x before 10.6.2 allow user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Common Document Format (CDF) file. NOTE: this might overlap CVE-2009-1515."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36956",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36956"
},
{
"name": "ADV-2009-3184",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3184"
},
{
"name": "APPLE-SA-2009-11-09-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
},
{
"name": "http://support.apple.com/kb/HT3937",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3937"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2830",
"datePublished": "2009-11-10T19:00:00.000Z",
"dateReserved": "2009-08-17T00:00:00.000Z",
"dateUpdated": "2024-08-07T06:07:36.399Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2831 (GCVE-0-2009-2831)
Vulnerability from cvelistv5 – Published: 2009-11-10 19:00 – Updated: 2024-08-07 06:07
VLAI
EPSS
Summary
Dictionary in Apple Mac OS X 10.5.8 allows remote attackers to create arbitrary files with any contents, and thereby execute arbitrary code, via crafted JavaScript, related to a "design issue."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/36956 | vdb-entryx_refsource_BID |
| http://www.vupen.com/english/advisories/2009/3184 | vdb-entryx_refsource_VUPEN |
| http://lists.apple.com/archives/security-announce… | vendor-advisoryx_refsource_APPLE |
| http://support.apple.com/kb/HT3937 | x_refsource_CONFIRM |
Date Public
2009-11-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:07:36.281Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "36956",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36956"
},
{
"name": "ADV-2009-3184",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3184"
},
{
"name": "APPLE-SA-2009-11-09-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3937"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-11-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Dictionary in Apple Mac OS X 10.5.8 allows remote attackers to create arbitrary files with any contents, and thereby execute arbitrary code, via crafted JavaScript, related to a \"design issue.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-11-17T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "36956",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36956"
},
{
"name": "ADV-2009-3184",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3184"
},
{
"name": "APPLE-SA-2009-11-09-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3937"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2831",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dictionary in Apple Mac OS X 10.5.8 allows remote attackers to create arbitrary files with any contents, and thereby execute arbitrary code, via crafted JavaScript, related to a \"design issue.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36956",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36956"
},
{
"name": "ADV-2009-3184",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3184"
},
{
"name": "APPLE-SA-2009-11-09-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
},
{
"name": "http://support.apple.com/kb/HT3937",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3937"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2831",
"datePublished": "2009-11-10T19:00:00.000Z",
"dateReserved": "2009-08-17T00:00:00.000Z",
"dateUpdated": "2024-08-07T06:07:36.281Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2832 (GCVE-0-2009-2832)
Vulnerability from cvelistv5 – Published: 2009-11-10 19:00 – Updated: 2024-08-07 06:07
VLAI
EPSS
Summary
Buffer overflow in FTP Server in Apple Mac OS X before 10.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a CWD command specifying a pathname in a deeply nested hierarchy of directories, related to a "CWD command line tool."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/36956 | vdb-entryx_refsource_BID |
| http://www.vupen.com/english/advisories/2009/3184 | vdb-entryx_refsource_VUPEN |
| http://lists.apple.com/archives/security-announce… | vendor-advisoryx_refsource_APPLE |
| http://support.apple.com/kb/HT3937 | x_refsource_CONFIRM |
Date Public
2009-11-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:07:37.283Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "36956",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36956"
},
{
"name": "ADV-2009-3184",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3184"
},
{
"name": "APPLE-SA-2009-11-09-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3937"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-11-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in FTP Server in Apple Mac OS X before 10.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a CWD command specifying a pathname in a deeply nested hierarchy of directories, related to a \"CWD command line tool.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-11-17T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "36956",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36956"
},
{
"name": "ADV-2009-3184",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3184"
},
{
"name": "APPLE-SA-2009-11-09-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3937"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2832",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in FTP Server in Apple Mac OS X before 10.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a CWD command specifying a pathname in a deeply nested hierarchy of directories, related to a \"CWD command line tool.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36956",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36956"
},
{
"name": "ADV-2009-3184",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3184"
},
{
"name": "APPLE-SA-2009-11-09-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
},
{
"name": "http://support.apple.com/kb/HT3937",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3937"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2832",
"datePublished": "2009-11-10T19:00:00.000Z",
"dateReserved": "2009-08-17T00:00:00.000Z",
"dateUpdated": "2024-08-07T06:07:37.283Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2833 (GCVE-0-2009-2833)
Vulnerability from cvelistv5 – Published: 2009-11-10 19:00 – Updated: 2024-08-07 06:07
VLAI
EPSS
Summary
Buffer overflow in the UCCompareTextDefault API in International Components for Unicode in Apple Mac OS X 10.5.8 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/36956 | vdb-entryx_refsource_BID |
| http://www.vupen.com/english/advisories/2009/3184 | vdb-entryx_refsource_VUPEN |
| http://lists.apple.com/archives/security-announce… | vendor-advisoryx_refsource_APPLE |
| http://support.apple.com/kb/HT3937 | x_refsource_CONFIRM |
Date Public
2009-11-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:07:36.661Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "36956",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36956"
},
{
"name": "ADV-2009-3184",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3184"
},
{
"name": "APPLE-SA-2009-11-09-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3937"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-11-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the UCCompareTextDefault API in International Components for Unicode in Apple Mac OS X 10.5.8 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-11-17T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "36956",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36956"
},
{
"name": "ADV-2009-3184",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3184"
},
{
"name": "APPLE-SA-2009-11-09-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3937"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2833",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the UCCompareTextDefault API in International Components for Unicode in Apple Mac OS X 10.5.8 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36956",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36956"
},
{
"name": "ADV-2009-3184",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3184"
},
{
"name": "APPLE-SA-2009-11-09-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
},
{
"name": "http://support.apple.com/kb/HT3937",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3937"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2833",
"datePublished": "2009-11-10T19:00:00.000Z",
"dateReserved": "2009-08-17T00:00:00.000Z",
"dateUpdated": "2024-08-07T06:07:36.661Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2835 (GCVE-0-2009-2835)
Vulnerability from cvelistv5 – Published: 2009-11-10 19:00 – Updated: 2024-08-07 06:07
VLAI
EPSS
Summary
The kernel in Apple Mac OS X before 10.6.2 does not properly handle task state segments, which allows local users to gain privileges, cause a denial of service (system crash), or obtain sensitive information via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/36956 | vdb-entryx_refsource_BID |
| http://www.vupen.com/english/advisories/2009/3184 | vdb-entryx_refsource_VUPEN |
| http://lists.apple.com/archives/security-announce… | vendor-advisoryx_refsource_APPLE |
| http://support.apple.com/kb/HT3937 | x_refsource_CONFIRM |
Date Public
2009-11-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:07:37.338Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "36956",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36956"
},
{
"name": "ADV-2009-3184",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3184"
},
{
"name": "APPLE-SA-2009-11-09-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3937"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-11-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The kernel in Apple Mac OS X before 10.6.2 does not properly handle task state segments, which allows local users to gain privileges, cause a denial of service (system crash), or obtain sensitive information via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-11-17T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "36956",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36956"
},
{
"name": "ADV-2009-3184",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3184"
},
{
"name": "APPLE-SA-2009-11-09-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3937"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2835",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The kernel in Apple Mac OS X before 10.6.2 does not properly handle task state segments, which allows local users to gain privileges, cause a denial of service (system crash), or obtain sensitive information via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36956",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36956"
},
{
"name": "ADV-2009-3184",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3184"
},
{
"name": "APPLE-SA-2009-11-09-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
},
{
"name": "http://support.apple.com/kb/HT3937",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3937"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2835",
"datePublished": "2009-11-10T19:00:00.000Z",
"dateReserved": "2009-08-17T00:00:00.000Z",
"dateUpdated": "2024-08-07T06:07:37.338Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…