Apple : Security Vulnerabilities, CVEs, Published In 2009 (Denial of service)
Stack consumption vulnerability in Apple Safari 4.0.3 on Windows allows remote attackers to cause a denial of service (application crash) via a long URI value (aka url) in the Cascading Style Sheets (CSS) background property.
Max CVSS
9.3
EPSS Score
1.16%
Published
2009-12-03
Updated
2017-08-17
PHP before 5.2.12 and 5.3.x before 5.3.1 does not restrict the number of temporary files created when handling a multipart/form-data POST request, which allows remote attackers to cause a denial of service (resource exhaustion), and makes it easier for remote attackers to exploit local file inclusion vulnerabilities, via multiple requests, related to lack of support for the max_file_uploads directive.
Max CVSS
5.0
EPSS Score
5.39%
Published
2009-11-24
Updated
2024-02-15
Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information.
Max CVSS
7.5
EPSS Score
8.45%
Published
2009-11-20
Updated
2024-02-02
Multiple unspecified vulnerabilities in WebKit in Apple Safari before 4.0.4 on Windows allow remote FTP servers to execute arbitrary code, cause a denial of service (application crash), or obtain sensitive information via a crafted directory listing in a reply.
Max CVSS
9.3
EPSS Score
0.25%
Published
2009-11-13
Updated
2017-09-19
Stack consumption vulnerability in WebKit.dll in WebKit in Apple Safari 3.2.3, and possibly other versions before 4.1.2, allows remote attackers to cause a denial of service (application crash) via JavaScript code that calls eval on a long string composed of A/ sequences.
Max CVSS
5.0
EPSS Score
52.64%
Published
2009-09-21
Updated
2017-09-19
Apple Safari on iPhone OS 3.0.1 allows remote attackers to cause a denial of service (application crash) via a long tel: URL in the SRC attribute of an IFRAME element.
Max CVSS
4.3
EPSS Score
1.13%
Published
2009-09-21
Updated
2017-09-19
Screen Sharing in Apple Mac OS X 10.5.8 allows remote VNC servers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.
Max CVSS
6.8
EPSS Score
0.25%
Published
2009-11-10
Updated
2009-12-19
Integer overflow in QuickLook in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Office document that triggers a buffer overflow.
Max CVSS
6.8
EPSS Score
0.95%
Published
2009-11-10
Updated
2009-11-17
Heap-based buffer overflow in QuickDraw Manager in Apple Mac OS X before 10.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image.
Max CVSS
6.8
EPSS Score
2.22%
Published
2009-11-10
Updated
2017-09-19
The kernel in Apple Mac OS X before 10.6.2 does not properly handle task state segments, which allows local users to gain privileges, cause a denial of service (system crash), or obtain sensitive information via unspecified vectors.
Max CVSS
4.6
EPSS Score
0.04%
Published
2009-11-10
Updated
2009-11-17
Buffer overflow in the UCCompareTextDefault API in International Components for Unicode in Apple Mac OS X 10.5.8 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
Max CVSS
7.5
EPSS Score
0.31%
Published
2009-11-10
Updated
2009-11-17
Buffer overflow in FTP Server in Apple Mac OS X before 10.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a CWD command specifying a pathname in a deeply nested hierarchy of directories, related to a "CWD command line tool."
Max CVSS
5.1
EPSS Score
0.95%
Published
2009-11-10
Updated
2009-11-17
Multiple buffer overflows in Christos Zoulas file before 5.03 in Apple Mac OS X 10.6.x before 10.6.2 allow user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Common Document Format (CDF) file. NOTE: this might overlap CVE-2009-1515.
Max CVSS
6.8
EPSS Score
0.95%
Published
2009-11-10
Updated
2009-11-17
Event Monitor in Apple Mac OS X 10.5.8 does not properly handle crafted authentication data sent to an SSH daemon, which allows remote attackers to cause a denial of service via vectors involving processing of XML log documents by other services, related to a "log injection" issue.
Max CVSS
5.0
EPSS Score
0.77%
Published
2009-11-10
Updated
2009-11-17
The server in DirectoryService in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.
Max CVSS
7.5
EPSS Score
1.91%
Published
2009-11-10
Updated
2009-11-17
Heap-based buffer overflow in Disk Images in Apple Mac OS X 10.5.8 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FAT filesystem on a disk image.
Max CVSS
6.8
EPSS Score
1.01%
Published
2009-11-10
Updated
2009-11-17
Multiple integer overflows in CoreGraphics in Apple Mac OS X 10.5.8 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document that triggers a heap-based buffer overflow.
Max CVSS
6.8
EPSS Score
0.76%
Published
2009-11-10
Updated
2009-11-17
AFP Client in Apple Mac OS X 10.5.8 allows remote AFP servers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via unspecified vectors.
Max CVSS
9.3
EPSS Score
0.21%
Published
2009-11-10
Updated
2009-11-17
Buffer overflow in Apple iTunes before 9.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted .pls file.
Max CVSS
9.3
EPSS Score
2.83%
Published
2009-09-24
Updated
2017-09-19
The Telephony component in Apple iPhone OS before 3.1 does not properly handle SMS arrival notifications, which allows remote attackers to cause a denial of service (NULL pointer dereference and service interruption) via a crafted SMS message.
Max CVSS
7.8
EPSS Score
0.23%
Published
2009-09-10
Updated
2009-09-24
ImageIO in Apple Mac OS X 10.4.11 and 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PixarFilm encoded TIFF image, related to "multiple memory corruption issues."
Max CVSS
6.8
EPSS Score
3.37%
Published
2009-09-14
Updated
2017-08-17
Integer overflow in CoreGraphics in Apple Mac OS X 10.4.11 and 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JBIG2 stream in a PDF file, leading to a heap-based buffer overflow.
Max CVSS
6.8
EPSS Score
2.03%
Published
2009-09-14
Updated
2017-08-17
Integer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5.8, and Safari before 4.0.4 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ColorSync profile embedded in an image, leading to a heap-based buffer overflow.
Max CVSS
6.8
EPSS Score
2.44%
Published
2009-09-14
Updated
2017-08-17
CarbonCore in Apple Mac OS X 10.4.11 and 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a file with a crafted resource fork.
Max CVSS
6.8
EPSS Score
0.29%
Published
2009-09-14
Updated
2017-08-17
Buffer overflow in Alias Manager in Apple Mac OS X 10.4.11 and 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted alias file.
Max CVSS
6.8
EPSS Score
0.26%
Published
2009-09-11
Updated
2017-08-17