Vulnerability-Lookup

CVE-2009-0946 (GCVE-0-2009-0946)

Vulnerability from cvelistv5 – Published: 2009-04-17 00:00 – Updated: 2024-08-07 04:57

Summary

Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

39 references

URL	Tags
http://secunia.com/advisories/34967	third-party-advisoryx_refsource_SECUNIA
http://support.apple.com/kb/HT3639	x_refsource_CONFIRM
http://support.apple.com/kb/HT4435	x_refsource_CONFIRM
http://secunia.com/advisories/34913	third-party-advisoryx_refsource_SECUNIA
http://git.savannah.gnu.org/cgit/freetype/freetyp…	x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2009/1621	vdb-entryx_refsource_VUPEN
http://www.securityfocus.com/bid/34550	vdb-entryx_refsource_BID
http://support.apple.com/kb/HT3549	x_refsource_CONFIRM
http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
http://www.ubuntu.com/usn/USN-767-1	vendor-advisoryx_refsource_UBUNTU
http://sunsolve.sun.com/search/document.do?assetk…	vendor-advisoryx_refsource_SUNALERT
http://secunia.com/advisories/35198	third-party-advisoryx_refsource_SECUNIA
http://git.savannah.gnu.org/cgit/freetype/freetyp…	x_refsource_CONFIRM
http://secunia.com/advisories/35074	third-party-advisoryx_refsource_SECUNIA
http://git.savannah.gnu.org/cgit/freetype/freetyp…	x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2009/1522	vdb-entryx_refsource_VUPEN
http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
http://www.redhat.com/support/errata/RHSA-2009-10…	vendor-advisoryx_refsource_REDHAT
http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
http://secunia.com/advisories/35065	third-party-advisoryx_refsource_SECUNIA
http://www.debian.org/security/2009/dsa-1784	vendor-advisoryx_refsource_DEBIAN
http://secunia.com/advisories/35210	third-party-advisoryx_refsource_SECUNIA
http://security.gentoo.org/glsa/glsa-200905-05.xml	vendor-advisoryx_refsource_GENTOO
http://secunia.com/advisories/35379	third-party-advisoryx_refsource_SECUNIA
https://bugzilla.redhat.com/show_bug.cgi?id=491384	x_refsource_CONFIRM
https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
http://git.savannah.gnu.org/cgit/freetype/freetyp…	x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
http://www.us-cert.gov/cas/techalerts/TA09-133A.html	third-party-advisoryx_refsource_CERT
http://www.vupen.com/english/advisories/2009/1297	vdb-entryx_refsource_VUPEN
http://secunia.com/advisories/35200	third-party-advisoryx_refsource_SECUNIA
http://support.apple.com/kb/HT3613	x_refsource_CONFIRM
http://www.redhat.com/support/errata/RHSA-2009-03…	vendor-advisoryx_refsource_REDHAT
http://www.vupen.com/english/advisories/2009/1058	vdb-entryx_refsource_VUPEN
http://secunia.com/advisories/35204	third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/34723	third-party-advisoryx_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2009-10…	vendor-advisoryx_refsource_REDHAT

Date Public ?

2009-04-16 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T04:57:17.538Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "34967",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34967"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT3639"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT4435"
          },
          {
            "name": "34913",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34913"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=a18788b14db60ae3673f932249cd02d33a227c4e"
          },
          {
            "name": "ADV-2009-1621",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/1621"
          },
          {
            "name": "34550",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/34550"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT3549"
          },
          {
            "name": "MDVSA-2009:243",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:243"
          },
          {
            "name": "APPLE-SA-2009-06-08-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
          },
          {
            "name": "USN-767-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-767-1"
          },
          {
            "name": "270268",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-270268-1"
          },
          {
            "name": "35198",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35198"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=79972af4f0485a11dcb19551356c45245749fc5b"
          },
          {
            "name": "35074",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35074"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0545ec1ca36b27cb928128870a83e5f668980bc5"
          },
          {
            "name": "ADV-2009-1522",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/1522"
          },
          {
            "name": "APPLE-SA-2010-11-10-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
          },
          {
            "name": "RHSA-2009:1062",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2009-1062.html"
          },
          {
            "name": "APPLE-SA-2009-06-17-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
          },
          {
            "name": "APPLE-SA-2009-05-12",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
          },
          {
            "name": "35065",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35065"
          },
          {
            "name": "DSA-1784",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2009/dsa-1784"
          },
          {
            "name": "35210",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35210"
          },
          {
            "name": "GLSA-200905-05",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200905-05.xml"
          },
          {
            "name": "35379",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35379"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=491384"
          },
          {
            "name": "oval:org.mitre.oval:def:10149",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10149"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/ChangeLog"
          },
          {
            "name": "SUSE-SR:2009:010",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
          },
          {
            "name": "TA09-133A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
          },
          {
            "name": "ADV-2009-1297",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/1297"
          },
          {
            "name": "35200",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35200"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT3613"
          },
          {
            "name": "RHSA-2009:0329",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2009-0329.html"
          },
          {
            "name": "ADV-2009-1058",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/1058"
          },
          {
            "name": "35204",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35204"
          },
          {
            "name": "34723",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34723"
          },
          {
            "name": "RHSA-2009:1061",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2009-1061.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-04-16T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-28T12:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "34967",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34967"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT3639"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT4435"
        },
        {
          "name": "34913",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34913"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=a18788b14db60ae3673f932249cd02d33a227c4e"
        },
        {
          "name": "ADV-2009-1621",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/1621"
        },
        {
          "name": "34550",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/34550"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT3549"
        },
        {
          "name": "MDVSA-2009:243",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:243"
        },
        {
          "name": "APPLE-SA-2009-06-08-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
        },
        {
          "name": "USN-767-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-767-1"
        },
        {
          "name": "270268",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-270268-1"
        },
        {
          "name": "35198",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35198"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=79972af4f0485a11dcb19551356c45245749fc5b"
        },
        {
          "name": "35074",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35074"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0545ec1ca36b27cb928128870a83e5f668980bc5"
        },
        {
          "name": "ADV-2009-1522",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/1522"
        },
        {
          "name": "APPLE-SA-2010-11-10-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
        },
        {
          "name": "RHSA-2009:1062",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2009-1062.html"
        },
        {
          "name": "APPLE-SA-2009-06-17-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
        },
        {
          "name": "APPLE-SA-2009-05-12",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
        },
        {
          "name": "35065",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35065"
        },
        {
          "name": "DSA-1784",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2009/dsa-1784"
        },
        {
          "name": "35210",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35210"
        },
        {
          "name": "GLSA-200905-05",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200905-05.xml"
        },
        {
          "name": "35379",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35379"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=491384"
        },
        {
          "name": "oval:org.mitre.oval:def:10149",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10149"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/ChangeLog"
        },
        {
          "name": "SUSE-SR:2009:010",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
        },
        {
          "name": "TA09-133A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
        },
        {
          "name": "ADV-2009-1297",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/1297"
        },
        {
          "name": "35200",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35200"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT3613"
        },
        {
          "name": "RHSA-2009:0329",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2009-0329.html"
        },
        {
          "name": "ADV-2009-1058",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/1058"
        },
        {
          "name": "35204",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35204"
        },
        {
          "name": "34723",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34723"
        },
        {
          "name": "RHSA-2009:1061",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2009-1061.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-0946",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "34967",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/34967"
            },
            {
              "name": "http://support.apple.com/kb/HT3639",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT3639"
            },
            {
              "name": "http://support.apple.com/kb/HT4435",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT4435"
            },
            {
              "name": "34913",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/34913"
            },
            {
              "name": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=a18788b14db60ae3673f932249cd02d33a227c4e",
              "refsource": "CONFIRM",
              "url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=a18788b14db60ae3673f932249cd02d33a227c4e"
            },
            {
              "name": "ADV-2009-1621",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/1621"
            },
            {
              "name": "34550",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/34550"
            },
            {
              "name": "http://support.apple.com/kb/HT3549",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT3549"
            },
            {
              "name": "MDVSA-2009:243",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:243"
            },
            {
              "name": "APPLE-SA-2009-06-08-1",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
            },
            {
              "name": "USN-767-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-767-1"
            },
            {
              "name": "270268",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-270268-1"
            },
            {
              "name": "35198",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35198"
            },
            {
              "name": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=79972af4f0485a11dcb19551356c45245749fc5b",
              "refsource": "CONFIRM",
              "url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=79972af4f0485a11dcb19551356c45245749fc5b"
            },
            {
              "name": "35074",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35074"
            },
            {
              "name": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0545ec1ca36b27cb928128870a83e5f668980bc5",
              "refsource": "CONFIRM",
              "url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0545ec1ca36b27cb928128870a83e5f668980bc5"
            },
            {
              "name": "ADV-2009-1522",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/1522"
            },
            {
              "name": "APPLE-SA-2010-11-10-1",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
            },
            {
              "name": "RHSA-2009:1062",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2009-1062.html"
            },
            {
              "name": "APPLE-SA-2009-06-17-1",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
            },
            {
              "name": "APPLE-SA-2009-05-12",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
            },
            {
              "name": "35065",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35065"
            },
            {
              "name": "DSA-1784",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2009/dsa-1784"
            },
            {
              "name": "35210",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35210"
            },
            {
              "name": "GLSA-200905-05",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200905-05.xml"
            },
            {
              "name": "35379",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35379"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=491384",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=491384"
            },
            {
              "name": "oval:org.mitre.oval:def:10149",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10149"
            },
            {
              "name": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/ChangeLog",
              "refsource": "CONFIRM",
              "url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/ChangeLog"
            },
            {
              "name": "SUSE-SR:2009:010",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
            },
            {
              "name": "TA09-133A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
            },
            {
              "name": "ADV-2009-1297",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/1297"
            },
            {
              "name": "35200",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35200"
            },
            {
              "name": "http://support.apple.com/kb/HT3613",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT3613"
            },
            {
              "name": "RHSA-2009:0329",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2009-0329.html"
            },
            {
              "name": "ADV-2009-1058",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/1058"
            },
            {
              "name": "35204",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35204"
            },
            {
              "name": "34723",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/34723"
            },
            {
              "name": "RHSA-2009:1061",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2009-1061.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-0946",
    "datePublished": "2009-04-17T00:00:00.000Z",
    "dateReserved": "2009-03-18T00:00:00.000Z",
    "dateUpdated": "2024-08-07T04:57:17.538Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2009-0946",
      "date": "2026-05-24",
      "epss": "0.16376",
      "percentile": "0.9495"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:freetype:freetype:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"2.3.9\", \"matchCriteriaId\": \"7039ABA3-F36E-4337-8F61-470B2FA1C9EF\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0F92AB32-E7DE-43F4-B877-1F41FA162EC7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8C757774-08E7-40AA-B532-6F705C8F7639\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"036E8A89-7A16-411F-9D31-676313BB7244\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"454A5D17-B171-4F1F-9E0B-F18D1E5CA9FD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*\", \"matchCriteriaId\": \"7EBFE35C-E243-43D1-883D-4398D71763CC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4747CC68-FAF4-482F-929A-9DA6C24CB663\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A5D026D0-EF78-438D-BEDD-FC8571F3ACEB\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:opensuse:opensuse:10.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C35B68DF-1440-4587-8458-9C5F4D1E43F3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1B42AB65-443B-4655-BAEA-4EB4A43D9509\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FBF7B6A8-3DF9-46EC-A90E-6EF68C39F883\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:suse:linux_enterprise_server:10:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"38C3AEB0-59E2-400A-8943-60C0A223B680\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"F13F07CC-739B-465C-9184-0E9D708BD4C7\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:safari:4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9BDA6DB4-A0DA-43CA-AABD-10EEEEB28EAB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"1.0.0\", \"versionEndIncluding\": \"2.2.1\", \"matchCriteriaId\": \"614C28E3-3645-4B20-95E5-42E7F123ADDB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"10.6.0\", \"versionEndIncluding\": \"10.6.4\", \"matchCriteriaId\": \"C6DA1D55-B689-47CF-A55F-3C16DA4EFFFF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6EE39585-CF3B-4493-96D8-B394544C7643\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:10.5.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1335E35A-D381-4056-9E78-37BC6DF8AD98\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"10.6.0\", \"versionEndIncluding\": \"10.6.4\", \"matchCriteriaId\": \"924AFEE6-E331-4E10-B1B8-1FF1FF801120\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D09D5933-A7D9-4A61-B863-CD8E7D5E67D8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x_server:10.5.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"82B4CD59-9F37-4EF0-BA43-427CFD6E1329\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c.\"}, {\"lang\": \"es\", \"value\": \"M\\u00faltiples desbordamientos de entero en FreeType v2.3.9 y anteriores permiten a atacantes remotos ejecutar c\\u00f3digo de su elecci\\u00f3n mediante vectores relacionados con valores grandes en ciertas entradas en (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, y (3) cff/cffload.c.\"}]",
      "id": "CVE-2009-0946",
      "lastModified": "2024-11-21T01:01:18.440",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2009-04-17T00:30:00.250",
      "references": "[{\"url\": \"http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0545ec1ca36b27cb928128870a83e5f668980bc5\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=79972af4f0485a11dcb19551356c45245749fc5b\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=a18788b14db60ae3673f932249cd02d33a227c4e\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"http://git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/ChangeLog\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\", \"Third Party Advisory\"]}, {\"url\": \"http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://lists.apple.com/archives/security-announce/2009/May/msg00002.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://secunia.com/advisories/34723\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://secunia.com/advisories/34913\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://secunia.com/advisories/34967\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://secunia.com/advisories/35065\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://secunia.com/advisories/35074\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://secunia.com/advisories/35198\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://secunia.com/advisories/35200\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://secunia.com/advisories/35204\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://secunia.com/advisories/35210\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://secunia.com/advisories/35379\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://security.gentoo.org/glsa/glsa-200905-05.xml\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://sunsolve.sun.com/search/document.do?assetkey=1-66-270268-1\", \"source\": \"cve@mitre.org\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://support.apple.com/kb/HT3549\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://support.apple.com/kb/HT3613\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://support.apple.com/kb/HT3639\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://support.apple.com/kb/HT4435\", \"source\": \"cve@mitre.org\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://www.debian.org/security/2009/dsa-1784\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2009:243\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2009-0329.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2009-1061.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2009-1062.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/34550\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.ubuntu.com/usn/USN-767-1\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA09-133A.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2009/1058\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2009/1297\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2009/1522\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2009/1621\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=491384\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10149\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0545ec1ca36b27cb928128870a83e5f668980bc5\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=79972af4f0485a11dcb19551356c45245749fc5b\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=a18788b14db60ae3673f932249cd02d33a227c4e\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"http://git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/ChangeLog\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Third Party Advisory\"]}, {\"url\": \"http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://lists.apple.com/archives/security-announce/2009/May/msg00002.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://secunia.com/advisories/34723\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://secunia.com/advisories/34913\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://secunia.com/advisories/34967\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://secunia.com/advisories/35065\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://secunia.com/advisories/35074\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://secunia.com/advisories/35198\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://secunia.com/advisories/35200\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://secunia.com/advisories/35204\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://secunia.com/advisories/35210\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://secunia.com/advisories/35379\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://security.gentoo.org/glsa/glsa-200905-05.xml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://sunsolve.sun.com/search/document.do?assetkey=1-66-270268-1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://support.apple.com/kb/HT3549\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://support.apple.com/kb/HT3613\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://support.apple.com/kb/HT3639\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://support.apple.com/kb/HT4435\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://www.debian.org/security/2009/dsa-1784\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2009:243\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2009-0329.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2009-1061.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2009-1062.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/34550\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.ubuntu.com/usn/USN-767-1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA09-133A.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2009/1058\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2009/1297\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2009/1522\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2009/1621\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=491384\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10149\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-190\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2009-0946\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2009-04-17T00:30:00.250\",\"lastModified\":\"2026-04-23T00:35:47.467\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c.\"},{\"lang\":\"es\",\"value\":\"M\u00faltiples desbordamientos de entero en FreeType v2.3.9 y anteriores permiten a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante vectores relacionados con valores grandes en ciertas entradas en (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, y (3) cff/cffload.c.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-190\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:freetype:freetype:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.3.9\",\"matchCriteriaId\":\"7039ABA3-F36E-4337-8F61-470B2FA1C9EF\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F92AB32-E7DE-43F4-B877-1F41FA162EC7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C757774-08E7-40AA-B532-6F705C8F7639\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"036E8A89-7A16-411F-9D31-676313BB7244\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"454A5D17-B171-4F1F-9E0B-F18D1E5CA9FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*\",\"matchCriteriaId\":\"7EBFE35C-E243-43D1-883D-4398D71763CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4747CC68-FAF4-482F-929A-9DA6C24CB663\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A5D026D0-EF78-438D-BEDD-FC8571F3ACEB\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:opensuse:10.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C35B68DF-1440-4587-8458-9C5F4D1E43F3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B42AB65-443B-4655-BAEA-4EB4A43D9509\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FBF7B6A8-3DF9-46EC-A90E-6EF68C39F883\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:suse:linux_enterprise_server:10:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"38C3AEB0-59E2-400A-8943-60C0A223B680\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"F13F07CC-739B-465C-9184-0E9D708BD4C7\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9BDA6DB4-A0DA-43CA-AABD-10EEEEB28EAB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.0.0\",\"versionEndIncluding\":\"2.2.1\",\"matchCriteriaId\":\"614C28E3-3645-4B20-95E5-42E7F123ADDB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.6.0\",\"versionEndIncluding\":\"10.6.4\",\"matchCriteriaId\":\"C6DA1D55-B689-47CF-A55F-3C16DA4EFFFF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6EE39585-CF3B-4493-96D8-B394544C7643\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.5.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1335E35A-D381-4056-9E78-37BC6DF8AD98\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.6.0\",\"versionEndIncluding\":\"10.6.4\",\"matchCriteriaId\":\"924AFEE6-E331-4E10-B1B8-1FF1FF801120\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D09D5933-A7D9-4A61-B863-CD8E7D5E67D8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x_server:10.5.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"82B4CD59-9F37-4EF0-BA43-427CFD6E1329\"}]}]}],\"references\":[{\"url\":\"http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0545ec1ca36b27cb928128870a83e5f668980bc5\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=79972af4f0485a11dcb19551356c45245749fc5b\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=a18788b14db60ae3673f932249cd02d33a227c4e\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/ChangeLog\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2009/May/msg00002.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/34723\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/34913\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/34967\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/35065\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/35074\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/35198\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/35200\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/35204\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/35210\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/35379\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://security.gentoo.org/glsa/glsa-200905-05.xml\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://sunsolve.sun.com/search/document.do?assetkey=1-66-270268-1\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://support.apple.com/kb/HT3549\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://support.apple.com/kb/HT3613\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://support.apple.com/kb/HT3639\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://support.apple.com/kb/HT4435\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.debian.org/security/2009/dsa-1784\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2009:243\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2009-0329.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2009-1061.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2009-1062.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/34550\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.ubuntu.com/usn/USN-767-1\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA09-133A.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/1058\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/1297\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/1522\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/1621\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=491384\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10149\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0545ec1ca36b27cb928128870a83e5f668980bc5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=79972af4f0485a11dcb19551356c45245749fc5b\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=a18788b14db60ae3673f932249cd02d33a227c4e\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/ChangeLog\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2009/May/msg00002.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/34723\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/34913\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/34967\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/35065\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/35074\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/35198\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/35200\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/35204\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/35210\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/35379\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://security.gentoo.org/glsa/glsa-200905-05.xml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://sunsolve.sun.com/search/document.do?assetkey=1-66-270268-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://support.apple.com/kb/HT3549\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://support.apple.com/kb/HT3613\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://support.apple.com/kb/HT3639\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://support.apple.com/kb/HT4435\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.debian.org/security/2009/dsa-1784\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2009:243\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2009-0329.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2009-1061.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2009-1062.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/34550\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.ubuntu.com/usn/USN-767-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA09-133A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/1058\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/1297\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/1522\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/1621\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=491384\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10149\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}

CERTA-2009-AVI-179

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités présentes dans la bibliothèque de fonctions FreeType permet à un utilisateur distant d'exécuter du code arbitraire.

Description

Plusieurs vulnérabilités sont présentes dans la bibliothèque de fonctions FreeType. Une personne malintentionnée peut exploiter ces failles par le biais de polices de caractères construites de façon particulière afin d'exécuter du code arbitraire sur le système vulnérable.

Solution

Se référer au bulletin de sécurité des éditeurs pour l'obtention des correctifs (cf. section Documentation).

FreeType versions 2.3.9 et antérieures.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité FreeType du 16 avril 2009	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-767-1 du 27 avril 2009 :	-	other
Bulletin de sécurité Debian DSA 1784 du 01 mai 2009 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eFreeType versions 2.3.9 et ant\u00e9rieures.\u003c/p\u003e",
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s sont pr\u00e9sentes dans la biblioth\u00e8que de\nfonctions FreeType. Une personne malintentionn\u00e9e peut exploiter ces\nfailles par le biais de polices de caract\u00e8res construites de fa\u00e7on\nparticuli\u00e8re afin d\u0027ex\u00e9cuter du code arbitraire sur le syst\u00e8me\nvuln\u00e9rable.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 des \u00e9diteurs pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-0946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0946"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-767-1 du 27 avril 2009 :",
      "url": "http://www.ubuntulinux.org/usn/usn-767-1"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Debian DSA 1784 du 01 mai 2009 :",
      "url": "http://www.debian.org/security/2009/dsa-1784"
    }
  ],
  "reference": "CERTA-2009-AVI-179",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-05-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans la biblioth\u00e8que de fonctions\nFreeType permet \u00e0 un utilisateur distant d\u0027ex\u00e9cuter du code arbitraire.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans FreeType",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FreeType du 16 avril 2009",
      "url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/ChangeLog"
    }
  ]
}

CERTA-2009-AVI-186

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités ont été identifiées dans le système d'exploitation Apple Mac OS X. L'exploitation de certaines d'entre elles peut conduire à l'exécution de code arbitraire à distance sur le système vulnérable.

Description

Plusieurs vulnérabilités ont été identifiées dans le système d'exploitation Apple Mac OS X. Elles touchent divers composants et services installés comme CFNetworks (manipulation des échanges HTTP), CoreGraphics (manipulation de fichiers PDF), Help Viewer (manipulation de l'URI help:), QuickDraw Manager (manipulation d'images PICT), Safari (manipulation de l'URI feed:), OpenSSL, PHP, WebKit, X11, etc.

L'exploitation de certaines de ces vulnérabilités peut conduire à l'exécution de code arbitraire à distance sur le système vulnérable.

Solution

Se référer au bulletin de sécurité 2009-002 de Apple pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	Mac OS X Server version 10.4.11 ainsi que celles antérieures.
Apple	N/A	Mac OS X Server version 10.5.6 ainsi que celles antérieures ;
Apple	N/A	Mac OS X version 10.5.6 ainsi que celles antérieures ;
Apple	N/A	Mac OS X version 10.4.11 ainsi que celles antérieures ;

References

Title

Publication Time

Tags

Bulletin de sécurité 2009-002 Apple du 12 mai 2009	None	vendor-advisory
Détails concernant la mise à jour de sécurité 2009-002 du 12 mai 2009 :	-	other
Bulletin de sécurité Apple 61798 du 12 mai 2009 :	-	other
Détails concernant la mise à jour de sécurité 2009-002 du 12 mai 2009 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Mac OS X Server version 10.4.11 ainsi que celles ant\u00e9rieures.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X Server version 10.5.6 ainsi que celles ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X version 10.5.6 ainsi que celles ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X version 10.4.11 ainsi que celles ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans le syst\u00e8me\nd\u0027exploitation Apple Mac OS X. Elles touchent divers composants et\nservices install\u00e9s comme CFNetworks (manipulation des \u00e9changes HTTP),\nCoreGraphics (manipulation de fichiers PDF), Help Viewer (manipulation\nde l\u0027URI help:), QuickDraw Manager (manipulation d\u0027images PICT), Safari\n(manipulation de l\u0027URI feed:), OpenSSL, PHP, WebKit, X11, etc.\n\nL\u0027exploitation de certaines de ces vuln\u00e9rabilit\u00e9s peut conduire \u00e0\nl\u0027ex\u00e9cution de code arbitraire \u00e0 distance sur le syst\u00e8me vuln\u00e9rable.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 2009-002 de Apple pour l\u0027obtention\ndes correctifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-0160",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0160"
    },
    {
      "name": "CVE-2009-0147",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0147"
    },
    {
      "name": "CVE-2008-3652",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3652"
    },
    {
      "name": "CVE-2009-0846",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0846"
    },
    {
      "name": "CVE-2008-5557",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5557"
    },
    {
      "name": "CVE-2009-0847",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0847"
    },
    {
      "name": "CVE-2009-0155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0155"
    },
    {
      "name": "CVE-2008-3657",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3657"
    },
    {
      "name": "CVE-2009-0153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0153"
    },
    {
      "name": "CVE-2008-1517",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1517"
    },
    {
      "name": "CVE-2008-3660",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3660"
    },
    {
      "name": "CVE-2008-3529",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3529"
    },
    {
      "name": "CVE-2008-0456",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0456"
    },
    {
      "name": "CVE-2009-0943",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0943"
    },
    {
      "name": "CVE-2009-0157",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0157"
    },
    {
      "name": "CVE-2008-3651",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3651"
    },
    {
      "name": "CVE-2009-0010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0010"
    },
    {
      "name": "CVE-2009-0040",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0040"
    },
    {
      "name": "CVE-2008-1382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1382"
    },
    {
      "name": "CVE-2004-1185",
      "url": "https://www.cve.org/CVERecord?id=CVE-2004-1185"
    },
    {
      "name": "CVE-2009-0148",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0148"
    },
    {
      "name": "CVE-2008-2371",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2371"
    },
    {
      "name": "CVE-2008-3658",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3658"
    },
    {
      "name": "CVE-2008-3443",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3443"
    },
    {
      "name": "CVE-2008-3659",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3659"
    },
    {
      "name": "CVE-2009-0025",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0025"
    },
    {
      "name": "CVE-2008-3863",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3863"
    },
    {
      "name": "CVE-2008-2383",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2383"
    },
    {
      "name": "CVE-2008-3530",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3530"
    },
    {
      "name": "CVE-2009-0149",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0149"
    },
    {
      "name": "CVE-2009-0154",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0154"
    },
    {
      "name": "CVE-2008-3790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3790"
    },
    {
      "name": "CVE-2009-0159",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0159"
    },
    {
      "name": "CVE-2008-2829",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2829"
    },
    {
      "name": "CVE-2009-0165",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0165"
    },
    {
      "name": "CVE-2009-0144",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0144"
    },
    {
      "name": "CVE-2009-0162",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0162"
    },
    {
      "name": "CVE-2008-3655",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3655"
    },
    {
      "name": "CVE-2004-1186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2004-1186"
    },
    {
      "name": "CVE-2008-2665",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2665"
    },
    {
      "name": "CVE-2009-0114",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0114"
    },
    {
      "name": "CVE-2008-2666",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2666"
    },
    {
      "name": "CVE-2009-0021",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0021"
    },
    {
      "name": "CVE-2009-0519",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0519"
    },
    {
      "name": "CVE-2009-0145",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0145"
    },
    {
      "name": "CVE-2008-3656",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3656"
    },
    {
      "name": "CVE-2009-0146",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0146"
    },
    {
      "name": "CVE-2009-0844",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0844"
    },
    {
      "name": "CVE-2009-0942",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0942"
    },
    {
      "name": "CVE-2009-0152",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0152"
    },
    {
      "name": "CVE-2009-0156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0156"
    },
    {
      "name": "CVE-2009-0946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0946"
    },
    {
      "name": "CVE-2009-0150",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0150"
    },
    {
      "name": "CVE-2008-4309",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4309"
    },
    {
      "name": "CVE-2007-2754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2754"
    },
    {
      "name": "CVE-2009-0845",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0845"
    },
    {
      "name": "CVE-2009-0944",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0944"
    },
    {
      "name": "CVE-2009-0164",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0164"
    },
    {
      "name": "CVE-2009-0520",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0520"
    },
    {
      "name": "CVE-2008-2939",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2939"
    },
    {
      "name": "CVE-2009-0161",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0161"
    },
    {
      "name": "CVE-2008-0158",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0158"
    },
    {
      "name": "CVE-2004-1184",
      "url": "https://www.cve.org/CVERecord?id=CVE-2004-1184"
    },
    {
      "name": "CVE-2008-5077",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5077"
    },
    {
      "name": "CVE-2006-0747",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-0747"
    },
    {
      "name": "CVE-2009-0945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0945"
    }
  ],
  "links": [
    {
      "title": "D\u00e9tails concernant la mise \u00e0 jour de s\u00e9curit\u00e9 2009-002 du    12 mai 2009\u00a0:",
      "url": "http://support.apple.com/kb/HT3397"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple 61798 du 12 mai 2009 :",
      "url": "http://docs.info.apple.com/article.html?artnum=61798"
    },
    {
      "title": "D\u00e9tails concernant la mise \u00e0 jour de s\u00e9curit\u00e9 2009-002 du    12 mai 2009\u00a0:",
      "url": "http://support.apple.com/kb/HT3549"
    }
  ],
  "reference": "CERTA-2009-AVI-186",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-05-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans le syst\u00e8me\nd\u0027exploitation Apple Mac OS X. L\u0027exploitation de certaines d\u0027entre elles\npeut conduire \u00e0 l\u0027ex\u00e9cution de code arbitraire \u00e0 distance sur le syst\u00e8me\nvuln\u00e9rable.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple Mac OS X",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 2009-002 Apple du 12 mai 2009",
      "url": null
    }
  ]
}

CERTA-2009-AVI-223

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités dans Apple Safari permettant, entre autre, l'exécution de code arbitraire à distance ont été corrigées.

Description

De multiples vulnérabilités dans Apple Safari ont été corrigées dont :

Des images identifiées comme des fichiers HTML permettent l'exécution automatique de Javascript ;
plusieurs corruptions mémoire affectant le composant CoreGraphics permettent l'exécution de code arbitraire (Microsoft Windows) à distance ;
plusieurs vulnérabilités affectent le composant WebKit et permettent, entre autre, des attaques en XSS ou l'exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Les versions de Safari antérieures à 4.0 pour les systèmes d'exploitation suivants :

Mac OS X 10.4.x ;
Mac OS X 10.5.x ;
Mac OS X Server 10.4.x ;
Mac OS X Server 10.5.x ;
Windows XP ;
Windows Vista.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT3613 du 8 juin 2009	None	vendor-advisory
Bulletin de sécurité Apple HT3613 du 08 juin 2009 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eLes versions de Safari ant\u00e9rieures \u00e0  4.0 pour les syst\u00e8mes d\u0027exploitation suivants :  \u003cUL\u003e    \u003cLI\u003eMac OS X 10.4.x ;\u003c/LI\u003e    \u003cLI\u003eMac OS X 10.5.x ;\u003c/LI\u003e    \u003cLI\u003eMac OS X Server 10.4.x ;\u003c/LI\u003e    \u003cLI\u003eMac OS X Server 10.5.x ;\u003c/LI\u003e    \u003cLI\u003eWindows XP ;\u003c/LI\u003e    \u003cLI\u003eWindows Vista.\u003c/LI\u003e  \u003c/UL\u003e\u003c/p\u003e",
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s dans Apple Safari ont \u00e9t\u00e9 corrig\u00e9es dont :\n\n-   Des images identifi\u00e9es comme des fichiers HTML permettent\n    l\u0027ex\u00e9cution automatique de Javascript ;\n-   plusieurs corruptions m\u00e9moire affectant le composant CoreGraphics\n    permettent l\u0027ex\u00e9cution de code arbitraire (Microsoft Windows) \u00e0\n    distance ;\n-   plusieurs vuln\u00e9rabilit\u00e9s affectent le composant WebKit et\n    permettent, entre autre, des attaques en XSS ou l\u0027ex\u00e9cution de code\n    arbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2006-2783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-2783"
    },
    {
      "name": "CVE-2009-1702",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1702"
    },
    {
      "name": "CVE-2008-4226",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4226"
    },
    {
      "name": "CVE-2009-1697",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1697"
    },
    {
      "name": "CVE-2008-4225",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4225"
    },
    {
      "name": "CVE-2009-1710",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1710"
    },
    {
      "name": "CVE-2009-1694",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1694"
    },
    {
      "name": "CVE-2009-0153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0153"
    },
    {
      "name": "CVE-2009-1686",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1686"
    },
    {
      "name": "CVE-2009-1688",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1688"
    },
    {
      "name": "CVE-2008-3529",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3529"
    },
    {
      "name": "CVE-2009-1685",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1685"
    },
    {
      "name": "CVE-2009-1696",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1696"
    },
    {
      "name": "CVE-2009-0040",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0040"
    },
    {
      "name": "CVE-2009-1707",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1707"
    },
    {
      "name": "CVE-2009-1709",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1709"
    },
    {
      "name": "CVE-2009-1708",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1708"
    },
    {
      "name": "CVE-2009-1704",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1704"
    },
    {
      "name": "CVE-2009-1698",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1698"
    },
    {
      "name": "CVE-2009-1701",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1701"
    },
    {
      "name": "CVE-2009-1682",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1682"
    },
    {
      "name": "CVE-2009-1693",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1693"
    },
    {
      "name": "CVE-2009-1684",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1684"
    },
    {
      "name": "CVE-2009-1705",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1705"
    },
    {
      "name": "CVE-2009-1703",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1703"
    },
    {
      "name": "CVE-2008-2320",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2320"
    },
    {
      "name": "CVE-2009-1712",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1712"
    },
    {
      "name": "CVE-2009-1714",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1714"
    },
    {
      "name": "CVE-2008-3281",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3281"
    },
    {
      "name": "CVE-2009-1695",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1695"
    },
    {
      "name": "CVE-2008-3632",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3632"
    },
    {
      "name": "CVE-2009-1681",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1681"
    },
    {
      "name": "CVE-2009-1718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1718"
    },
    {
      "name": "CVE-2008-1588",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1588"
    },
    {
      "name": "CVE-2008-4409",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4409"
    },
    {
      "name": "CVE-2009-1691",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1691"
    },
    {
      "name": "CVE-2009-0145",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0145"
    },
    {
      "name": "CVE-2009-1179",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1179"
    },
    {
      "name": "CVE-2009-1689",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1689"
    },
    {
      "name": "CVE-2009-1687",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1687"
    },
    {
      "name": "CVE-2009-1713",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1713"
    },
    {
      "name": "CVE-2009-1699",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1699"
    },
    {
      "name": "CVE-2009-0946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0946"
    },
    {
      "name": "CVE-2009-1716",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1716"
    },
    {
      "name": "CVE-2009-1706",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1706"
    },
    {
      "name": "CVE-2009-1700",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1700"
    },
    {
      "name": "CVE-2009-1690",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1690"
    },
    {
      "name": "CVE-2008-2321",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2321"
    },
    {
      "name": "CVE-2009-1711",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1711"
    },
    {
      "name": "CVE-2008-4231",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4231"
    },
    {
      "name": "CVE-2009-1715",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1715"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT3613 du 08 juin 2009 :",
      "url": "http://support.apple.com/kb/HT3613"
    }
  ],
  "reference": "CERTA-2009-AVI-223",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-06-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s dans Apple Safari permettant, entre autre,\nl\u0027ex\u00e9cution de code arbitraire \u00e0 distance ont \u00e9t\u00e9 corrig\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple Safari",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT3613 du 8 juin 2009",
      "url": null
    }
  ]
}

CERTA-2009-AVI-243

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulérabilités permettant de réaliser un grand nombre d'actions malveillantes ont été découvertes dans le système d'exploitation des iPhones et des iPods Touch.

Description

De multiples vulnérabilités ont été découvertes dans le système d'exploitation des iPhones et des iPods Touch. L'exploitation de ces vulnérabilités permet à une personne malveillante de réaliser un grand nombre d'actions, dont l'execution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Apple	N/A	Apple iPod Touch Os versions antérieures à la version 3.0.
	Apple	N/A	Apple iPhone Os versions antérieures à la version 3.0 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT3639 du 17 juin 2009

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Apple iPod Touch Os versions ant\u00e9rieures \u00e0 la version 3.0.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple iPhone Os versions ant\u00e9rieures \u00e0 la version 3.0 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le syst\u00e8me\nd\u0027exploitation des iPhones et des iPods Touch. L\u0027exploitation de ces\nvuln\u00e9rabilit\u00e9s permet \u00e0 une personne malveillante de r\u00e9aliser un grand\nnombre d\u0027actions, dont l\u0027execution de code arbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-0147",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0147"
    },
    {
      "name": "CVE-2009-1702",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1702"
    },
    {
      "name": "CVE-2008-3652",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3652"
    },
    {
      "name": "CVE-2008-4226",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4226"
    },
    {
      "name": "CVE-2009-1697",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1697"
    },
    {
      "name": "CVE-2009-0155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0155"
    },
    {
      "name": "CVE-2008-4225",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4225"
    },
    {
      "name": "CVE-2009-1694",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1694"
    },
    {
      "name": "CVE-2009-0153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0153"
    },
    {
      "name": "CVE-2009-1686",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1686"
    },
    {
      "name": "CVE-2009-1688",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1688"
    },
    {
      "name": "CVE-2008-3529",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3529"
    },
    {
      "name": "CVE-2009-1685",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1685"
    },
    {
      "name": "CVE-2008-3651",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3651"
    },
    {
      "name": "CVE-2009-0040",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0040"
    },
    {
      "name": "CVE-2009-1683",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1683"
    },
    {
      "name": "CVE-2009-1698",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1698"
    },
    {
      "name": "CVE-2009-1701",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1701"
    },
    {
      "name": "CVE-2009-1693",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1693"
    },
    {
      "name": "CVE-2009-1684",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1684"
    },
    {
      "name": "CVE-2008-2320",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2320"
    },
    {
      "name": "CVE-2009-0165",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0165"
    },
    {
      "name": "CVE-2008-3281",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3281"
    },
    {
      "name": "CVE-2009-1695",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1695"
    },
    {
      "name": "CVE-2008-3623",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3623"
    },
    {
      "name": "CVE-2008-4409",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4409"
    },
    {
      "name": "CVE-2009-1679",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1679"
    },
    {
      "name": "CVE-2009-1692",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1692"
    },
    {
      "name": "CVE-2009-1691",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1691"
    },
    {
      "name": "CVE-2009-0145",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0145"
    },
    {
      "name": "CVE-2009-0146",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0146"
    },
    {
      "name": "CVE-2009-1179",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1179"
    },
    {
      "name": "CVE-2009-1689",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1689"
    },
    {
      "name": "CVE-2009-1687",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1687"
    },
    {
      "name": "CVE-2009-1699",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1699"
    },
    {
      "name": "CVE-2009-0946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0946"
    },
    {
      "name": "CVE-2009-1680",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1680"
    },
    {
      "name": "CVE-2009-0958",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0958"
    },
    {
      "name": "CVE-2009-0959",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0959"
    },
    {
      "name": "CVE-2009-1700",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1700"
    },
    {
      "name": "CVE-2009-1690",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1690"
    },
    {
      "name": "CVE-2009-0961",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0961"
    },
    {
      "name": "CVE-2009-0945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0945"
    }
  ],
  "links": [],
  "reference": "CERTA-2009-AVI-243",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-06-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vul\u00e9rabilit\u00e9s permettant de r\u00e9aliser un grand nombre\nd\u0027actions malveillantes ont \u00e9t\u00e9 d\u00e9couvertes dans le syst\u00e8me\nd\u0027exploitation des iPhones et des iPods Touch.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s de l\u0027OS iPhone et iPod Touch d\u0027Apple",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT3639 du 17 juin 2009",
      "url": "http://support.apple.com/kb/HT3639"
    }
  ]
}

CERTA-2010-AVI-548

Vulnerability from certfr_avis - Published: - Updated:

De nombreuses vulnérabilités ont été découvertes dans le système d'exploitation Mac OS X. Leur exploitation permet, entre autres, l'exécution de code arbitraire à distance.

Description

De multiples vulnérabilités ont été corrigées dans différents composants du système d'exploitation Mac OS X. Notamment :

AFP Server ;
AppKit ;
ATS ;
CFNetwork ;
CoreGraphics ;
CoreText ;
Directory Services ;
diskdev_cmds ;
Disk Images ;
Image Capture ;
ImageIO ;
Image RAW ;
Kernel ;
Networking ;
Password Server ;
Printing ;
QuickLook ;
QuickTime ;
Safari ;
Time Machine ;
Wiki Server ;
xar.

Cette mise à jour corrige également un grand nombre de vulnérabilités dans des logiciels inclus au système d'exploitation comme Apache, CUPS, Flash Player, gzip, MySQL, OpenLDAP, OpenSSL, PHP, python, X11.

Parmi les failles corrigées, certaines permettent l'exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	Mac OS X Server 10.6.0 à 10.6.4.
N/A	N/A	Mac OS X 10.5.8 ;
N/A	N/A	Mac OS X 10.6.0 à 10.6.4 ;
N/A	N/A	Mac OS X Server 10.5.8 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Apple 2010-007 du 11 novembre 2010

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Mac OS X Server 10.6.0 \u00e0 10.6.4.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X 10.5.8 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X 10.6.0 \u00e0 10.6.4 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X Server 10.5.8 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans diff\u00e9rents composants\ndu syst\u00e8me d\u0027exploitation Mac OS X. Notamment :\n\n-   AFP Server ;\n-   AppKit ;\n-   ATS ;\n-   CFNetwork ;\n-   CoreGraphics ;\n-   CoreText ;\n-   Directory Services ;\n-   diskdev_cmds ;\n-   Disk Images ;\n-   Image Capture ;\n-   ImageIO ;\n-   Image RAW ;\n-   Kernel ;\n-   Networking ;\n-   Password Server ;\n-   Printing ;\n-   QuickLook ;\n-   QuickTime ;\n-   Safari ;\n-   Time Machine ;\n-   Wiki Server ;\n-   xar.\n\nCette mise \u00e0 jour corrige \u00e9galement un grand nombre de vuln\u00e9rabilit\u00e9s\ndans des logiciels inclus au syst\u00e8me d\u0027exploitation comme Apache, CUPS,\nFlash Player, gzip, MySQL, OpenLDAP, OpenSSL, PHP, python, X11.\n\nParmi les failles corrig\u00e9es, certaines permettent l\u0027ex\u00e9cution de code\narbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-3793",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3793"
    },
    {
      "name": "CVE-2010-2167",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2167"
    },
    {
      "name": "CVE-2010-2173",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2173"
    },
    {
      "name": "CVE-2010-3783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3783"
    },
    {
      "name": "CVE-2010-2163",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2163"
    },
    {
      "name": "CVE-2010-3642",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3642"
    },
    {
      "name": "CVE-2009-4134",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-4134"
    },
    {
      "name": "CVE-2010-1803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1803"
    },
    {
      "name": "CVE-2010-3788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3788"
    },
    {
      "name": "CVE-2010-3638",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3638"
    },
    {
      "name": "CVE-2010-1846",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1846"
    },
    {
      "name": "CVE-2010-2484",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2484"
    },
    {
      "name": "CVE-2010-3640",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3640"
    },
    {
      "name": "CVE-2010-0434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0434"
    },
    {
      "name": "CVE-2010-1834",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1834"
    },
    {
      "name": "CVE-2010-2499",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2499"
    },
    {
      "name": "CVE-2010-2519",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2519"
    },
    {
      "name": "CVE-2010-3646",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3646"
    },
    {
      "name": "CVE-2010-0211",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0211"
    },
    {
      "name": "CVE-2010-2531",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2531"
    },
    {
      "name": "CVE-2010-2170",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2170"
    },
    {
      "name": "CVE-2010-3784",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3784"
    },
    {
      "name": "CVE-2010-1840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1840"
    },
    {
      "name": "CVE-2010-1845",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1845"
    },
    {
      "name": "CVE-2010-3639",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3639"
    },
    {
      "name": "CVE-2010-3654",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3654"
    },
    {
      "name": "CVE-2010-0205",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0205"
    },
    {
      "name": "CVE-2010-1752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1752"
    },
    {
      "name": "CVE-2010-2249",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2249"
    },
    {
      "name": "CVE-2010-3643",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3643"
    },
    {
      "name": "CVE-2010-1849",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1849"
    },
    {
      "name": "CVE-2010-1842",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1842"
    },
    {
      "name": "CVE-2010-2176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2176"
    },
    {
      "name": "CVE-2010-3650",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3650"
    },
    {
      "name": "CVE-2010-1378",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1378"
    },
    {
      "name": "CVE-2010-2497",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2497"
    },
    {
      "name": "CVE-2010-3798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3798"
    },
    {
      "name": "CVE-2010-2162",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2162"
    },
    {
      "name": "CVE-2009-2474",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2474"
    },
    {
      "name": "CVE-2010-1205",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1205"
    },
    {
      "name": "CVE-2010-2172",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2172"
    },
    {
      "name": "CVE-2010-2181",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2181"
    },
    {
      "name": "CVE-2010-3796",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3796"
    },
    {
      "name": "CVE-2010-1850",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1850"
    },
    {
      "name": "CVE-2010-3795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3795"
    },
    {
      "name": "CVE-2010-2160",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2160"
    },
    {
      "name": "CVE-2010-3786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3786"
    },
    {
      "name": "CVE-2010-3644",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3644"
    },
    {
      "name": "CVE-2010-2179",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2179"
    },
    {
      "name": "CVE-2010-1831",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1831"
    },
    {
      "name": "CVE-2010-3647",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3647"
    },
    {
      "name": "CVE-2010-3790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3790"
    },
    {
      "name": "CVE-2010-2214",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2214"
    },
    {
      "name": "CVE-2010-1450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1450"
    },
    {
      "name": "CVE-2010-0408",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0408"
    },
    {
      "name": "CVE-2010-2165",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2165"
    },
    {
      "name": "CVE-2010-2171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2171"
    },
    {
      "name": "CVE-2010-1844",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1844"
    },
    {
      "name": "CVE-2010-2498",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2498"
    },
    {
      "name": "CVE-2010-4010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4010"
    },
    {
      "name": "CVE-2010-3793",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3793"
    },
    {
      "name": "CVE-2010-0209",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0209"
    },
    {
      "name": "CVE-2010-2182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2182"
    },
    {
      "name": "CVE-2010-3649",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3649"
    },
    {
      "name": "CVE-2010-1847",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1847"
    },
    {
      "name": "CVE-2010-1841",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1841"
    },
    {
      "name": "CVE-2010-2175",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2175"
    },
    {
      "name": "CVE-2010-2180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2180"
    },
    {
      "name": "CVE-2010-1828",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1828"
    },
    {
      "name": "CVE-2010-0397",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0397"
    },
    {
      "name": "CVE-2010-2520",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2520"
    },
    {
      "name": "CVE-2008-4546",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4546"
    },
    {
      "name": "CVE-2010-1297",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1297"
    },
    {
      "name": "CVE-2010-2941",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2941"
    },
    {
      "name": "CVE-2010-2187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2187"
    },
    {
      "name": "CVE-2010-2164",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2164"
    },
    {
      "name": "CVE-2010-2884",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2884"
    },
    {
      "name": "CVE-2010-3636",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3636"
    },
    {
      "name": "CVE-2010-1836",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1836"
    },
    {
      "name": "CVE-2010-3794",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3794"
    },
    {
      "name": "CVE-2010-2161",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2161"
    },
    {
      "name": "CVE-2010-1843",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1843"
    },
    {
      "name": "CVE-2010-2808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2808"
    },
    {
      "name": "CVE-2010-2215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2215"
    },
    {
      "name": "CVE-2010-2805",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2805"
    },
    {
      "name": "CVE-2010-2178",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2178"
    },
    {
      "name": "CVE-2010-3787",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3787"
    },
    {
      "name": "CVE-2010-1832",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1832"
    },
    {
      "name": "CVE-2009-0946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0946"
    },
    {
      "name": "CVE-2010-2177",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2177"
    },
    {
      "name": "CVE-2009-2473",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2473"
    },
    {
      "name": "CVE-2010-3053",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3053"
    },
    {
      "name": "CVE-2010-3789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3789"
    },
    {
      "name": "CVE-2010-1829",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1829"
    },
    {
      "name": "CVE-2010-2166",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2166"
    },
    {
      "name": "CVE-2010-1848",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1848"
    },
    {
      "name": "CVE-2010-3645",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3645"
    },
    {
      "name": "CVE-2010-0212",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0212"
    },
    {
      "name": "CVE-2010-3054",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3054"
    },
    {
      "name": "CVE-2010-2184",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2184"
    },
    {
      "name": "CVE-2010-3648",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3648"
    },
    {
      "name": "CVE-2010-3791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3791"
    },
    {
      "name": "CVE-2010-1449",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1449"
    },
    {
      "name": "CVE-2010-3976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3976"
    },
    {
      "name": "CVE-2010-3797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3797"
    },
    {
      "name": "CVE-2010-1830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1830"
    },
    {
      "name": "CVE-2010-3641",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3641"
    },
    {
      "name": "CVE-2010-2189",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2189"
    },
    {
      "name": "CVE-2010-3792",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3792"
    },
    {
      "name": "CVE-2010-2216",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2216"
    },
    {
      "name": "CVE-2010-2174",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2174"
    },
    {
      "name": "CVE-2010-2169",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2169"
    },
    {
      "name": "CVE-2010-1837",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1837"
    },
    {
      "name": "CVE-2010-2806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2806"
    },
    {
      "name": "CVE-2009-2624",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2624"
    },
    {
      "name": "CVE-2010-2188",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2188"
    },
    {
      "name": "CVE-2010-2185",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2185"
    },
    {
      "name": "CVE-2010-1833",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1833"
    },
    {
      "name": "CVE-2010-1811",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1811"
    },
    {
      "name": "CVE-2010-2500",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2500"
    },
    {
      "name": "CVE-2010-2213",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2213"
    },
    {
      "name": "CVE-2009-0796",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0796"
    },
    {
      "name": "CVE-2010-2186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2186"
    },
    {
      "name": "CVE-2010-1838",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1838"
    },
    {
      "name": "CVE-2010-2807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2807"
    },
    {
      "name": "CVE-2010-3785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3785"
    },
    {
      "name": "CVE-2010-2183",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2183"
    },
    {
      "name": "CVE-2010-0105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0105"
    },
    {
      "name": "CVE-2010-0001",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0001"
    },
    {
      "name": "CVE-2010-3652",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3652"
    }
  ],
  "links": [],
  "reference": "CERTA-2010-AVI-548",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-11-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De nombreuses vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le syst\u00e8me\nd\u0027exploitation \u003cspan class=\"textit\"\u003eMac OS X\u003c/span\u003e. Leur exploitation\npermet, entre autres, l\u0027ex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Mac OS X",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple 2010-007 du 11 novembre 2010",
      "url": "http://support.apple.com/kb/HT4435"
    }
  ]
}

CERTA-2009-AVI-179

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités présentes dans la bibliothèque de fonctions FreeType permet à un utilisateur distant d'exécuter du code arbitraire.

Description

Solution

Se référer au bulletin de sécurité des éditeurs pour l'obtention des correctifs (cf. section Documentation).

FreeType versions 2.3.9 et antérieures.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité FreeType du 16 avril 2009	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-767-1 du 27 avril 2009 :	-	other
Bulletin de sécurité Debian DSA 1784 du 01 mai 2009 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eFreeType versions 2.3.9 et ant\u00e9rieures.\u003c/p\u003e",
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s sont pr\u00e9sentes dans la biblioth\u00e8que de\nfonctions FreeType. Une personne malintentionn\u00e9e peut exploiter ces\nfailles par le biais de polices de caract\u00e8res construites de fa\u00e7on\nparticuli\u00e8re afin d\u0027ex\u00e9cuter du code arbitraire sur le syst\u00e8me\nvuln\u00e9rable.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 des \u00e9diteurs pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-0946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0946"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-767-1 du 27 avril 2009 :",
      "url": "http://www.ubuntulinux.org/usn/usn-767-1"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Debian DSA 1784 du 01 mai 2009 :",
      "url": "http://www.debian.org/security/2009/dsa-1784"
    }
  ],
  "reference": "CERTA-2009-AVI-179",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-05-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans la biblioth\u00e8que de fonctions\nFreeType permet \u00e0 un utilisateur distant d\u0027ex\u00e9cuter du code arbitraire.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans FreeType",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FreeType du 16 avril 2009",
      "url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/ChangeLog"
    }
  ]
}

CERTA-2009-AVI-186

Vulnerability from certfr_avis - Published: - Updated:

Description

L'exploitation de certaines de ces vulnérabilités peut conduire à l'exécution de code arbitraire à distance sur le système vulnérable.

Solution

Se référer au bulletin de sécurité 2009-002 de Apple pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	Mac OS X Server version 10.4.11 ainsi que celles antérieures.
Apple	N/A	Mac OS X Server version 10.5.6 ainsi que celles antérieures ;
Apple	N/A	Mac OS X version 10.5.6 ainsi que celles antérieures ;
Apple	N/A	Mac OS X version 10.4.11 ainsi que celles antérieures ;

References

Title

Publication Time

Tags

Bulletin de sécurité 2009-002 Apple du 12 mai 2009	None	vendor-advisory
Détails concernant la mise à jour de sécurité 2009-002 du 12 mai 2009 :	-	other
Bulletin de sécurité Apple 61798 du 12 mai 2009 :	-	other
Détails concernant la mise à jour de sécurité 2009-002 du 12 mai 2009 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Mac OS X Server version 10.4.11 ainsi que celles ant\u00e9rieures.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X Server version 10.5.6 ainsi que celles ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X version 10.5.6 ainsi que celles ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X version 10.4.11 ainsi que celles ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans le syst\u00e8me\nd\u0027exploitation Apple Mac OS X. Elles touchent divers composants et\nservices install\u00e9s comme CFNetworks (manipulation des \u00e9changes HTTP),\nCoreGraphics (manipulation de fichiers PDF), Help Viewer (manipulation\nde l\u0027URI help:), QuickDraw Manager (manipulation d\u0027images PICT), Safari\n(manipulation de l\u0027URI feed:), OpenSSL, PHP, WebKit, X11, etc.\n\nL\u0027exploitation de certaines de ces vuln\u00e9rabilit\u00e9s peut conduire \u00e0\nl\u0027ex\u00e9cution de code arbitraire \u00e0 distance sur le syst\u00e8me vuln\u00e9rable.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 2009-002 de Apple pour l\u0027obtention\ndes correctifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-0160",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0160"
    },
    {
      "name": "CVE-2009-0147",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0147"
    },
    {
      "name": "CVE-2008-3652",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3652"
    },
    {
      "name": "CVE-2009-0846",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0846"
    },
    {
      "name": "CVE-2008-5557",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5557"
    },
    {
      "name": "CVE-2009-0847",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0847"
    },
    {
      "name": "CVE-2009-0155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0155"
    },
    {
      "name": "CVE-2008-3657",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3657"
    },
    {
      "name": "CVE-2009-0153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0153"
    },
    {
      "name": "CVE-2008-1517",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1517"
    },
    {
      "name": "CVE-2008-3660",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3660"
    },
    {
      "name": "CVE-2008-3529",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3529"
    },
    {
      "name": "CVE-2008-0456",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0456"
    },
    {
      "name": "CVE-2009-0943",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0943"
    },
    {
      "name": "CVE-2009-0157",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0157"
    },
    {
      "name": "CVE-2008-3651",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3651"
    },
    {
      "name": "CVE-2009-0010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0010"
    },
    {
      "name": "CVE-2009-0040",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0040"
    },
    {
      "name": "CVE-2008-1382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1382"
    },
    {
      "name": "CVE-2004-1185",
      "url": "https://www.cve.org/CVERecord?id=CVE-2004-1185"
    },
    {
      "name": "CVE-2009-0148",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0148"
    },
    {
      "name": "CVE-2008-2371",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2371"
    },
    {
      "name": "CVE-2008-3658",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3658"
    },
    {
      "name": "CVE-2008-3443",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3443"
    },
    {
      "name": "CVE-2008-3659",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3659"
    },
    {
      "name": "CVE-2009-0025",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0025"
    },
    {
      "name": "CVE-2008-3863",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3863"
    },
    {
      "name": "CVE-2008-2383",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2383"
    },
    {
      "name": "CVE-2008-3530",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3530"
    },
    {
      "name": "CVE-2009-0149",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0149"
    },
    {
      "name": "CVE-2009-0154",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0154"
    },
    {
      "name": "CVE-2008-3790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3790"
    },
    {
      "name": "CVE-2009-0159",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0159"
    },
    {
      "name": "CVE-2008-2829",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2829"
    },
    {
      "name": "CVE-2009-0165",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0165"
    },
    {
      "name": "CVE-2009-0144",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0144"
    },
    {
      "name": "CVE-2009-0162",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0162"
    },
    {
      "name": "CVE-2008-3655",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3655"
    },
    {
      "name": "CVE-2004-1186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2004-1186"
    },
    {
      "name": "CVE-2008-2665",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2665"
    },
    {
      "name": "CVE-2009-0114",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0114"
    },
    {
      "name": "CVE-2008-2666",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2666"
    },
    {
      "name": "CVE-2009-0021",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0021"
    },
    {
      "name": "CVE-2009-0519",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0519"
    },
    {
      "name": "CVE-2009-0145",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0145"
    },
    {
      "name": "CVE-2008-3656",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3656"
    },
    {
      "name": "CVE-2009-0146",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0146"
    },
    {
      "name": "CVE-2009-0844",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0844"
    },
    {
      "name": "CVE-2009-0942",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0942"
    },
    {
      "name": "CVE-2009-0152",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0152"
    },
    {
      "name": "CVE-2009-0156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0156"
    },
    {
      "name": "CVE-2009-0946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0946"
    },
    {
      "name": "CVE-2009-0150",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0150"
    },
    {
      "name": "CVE-2008-4309",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4309"
    },
    {
      "name": "CVE-2007-2754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2754"
    },
    {
      "name": "CVE-2009-0845",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0845"
    },
    {
      "name": "CVE-2009-0944",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0944"
    },
    {
      "name": "CVE-2009-0164",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0164"
    },
    {
      "name": "CVE-2009-0520",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0520"
    },
    {
      "name": "CVE-2008-2939",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2939"
    },
    {
      "name": "CVE-2009-0161",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0161"
    },
    {
      "name": "CVE-2008-0158",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0158"
    },
    {
      "name": "CVE-2004-1184",
      "url": "https://www.cve.org/CVERecord?id=CVE-2004-1184"
    },
    {
      "name": "CVE-2008-5077",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5077"
    },
    {
      "name": "CVE-2006-0747",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-0747"
    },
    {
      "name": "CVE-2009-0945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0945"
    }
  ],
  "links": [
    {
      "title": "D\u00e9tails concernant la mise \u00e0 jour de s\u00e9curit\u00e9 2009-002 du    12 mai 2009\u00a0:",
      "url": "http://support.apple.com/kb/HT3397"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple 61798 du 12 mai 2009 :",
      "url": "http://docs.info.apple.com/article.html?artnum=61798"
    },
    {
      "title": "D\u00e9tails concernant la mise \u00e0 jour de s\u00e9curit\u00e9 2009-002 du    12 mai 2009\u00a0:",
      "url": "http://support.apple.com/kb/HT3549"
    }
  ],
  "reference": "CERTA-2009-AVI-186",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-05-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans le syst\u00e8me\nd\u0027exploitation Apple Mac OS X. L\u0027exploitation de certaines d\u0027entre elles\npeut conduire \u00e0 l\u0027ex\u00e9cution de code arbitraire \u00e0 distance sur le syst\u00e8me\nvuln\u00e9rable.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple Mac OS X",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 2009-002 Apple du 12 mai 2009",
      "url": null
    }
  ]
}

CERTA-2009-AVI-223

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités dans Apple Safari permettant, entre autre, l'exécution de code arbitraire à distance ont été corrigées.

Description

De multiples vulnérabilités dans Apple Safari ont été corrigées dont :

Des images identifiées comme des fichiers HTML permettent l'exécution automatique de Javascript ;
plusieurs corruptions mémoire affectant le composant CoreGraphics permettent l'exécution de code arbitraire (Microsoft Windows) à distance ;
plusieurs vulnérabilités affectent le composant WebKit et permettent, entre autre, des attaques en XSS ou l'exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Les versions de Safari antérieures à 4.0 pour les systèmes d'exploitation suivants :

Mac OS X 10.4.x ;
Mac OS X 10.5.x ;
Mac OS X Server 10.4.x ;
Mac OS X Server 10.5.x ;
Windows XP ;
Windows Vista.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT3613 du 8 juin 2009	None	vendor-advisory
Bulletin de sécurité Apple HT3613 du 08 juin 2009 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eLes versions de Safari ant\u00e9rieures \u00e0  4.0 pour les syst\u00e8mes d\u0027exploitation suivants :  \u003cUL\u003e    \u003cLI\u003eMac OS X 10.4.x ;\u003c/LI\u003e    \u003cLI\u003eMac OS X 10.5.x ;\u003c/LI\u003e    \u003cLI\u003eMac OS X Server 10.4.x ;\u003c/LI\u003e    \u003cLI\u003eMac OS X Server 10.5.x ;\u003c/LI\u003e    \u003cLI\u003eWindows XP ;\u003c/LI\u003e    \u003cLI\u003eWindows Vista.\u003c/LI\u003e  \u003c/UL\u003e\u003c/p\u003e",
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s dans Apple Safari ont \u00e9t\u00e9 corrig\u00e9es dont :\n\n-   Des images identifi\u00e9es comme des fichiers HTML permettent\n    l\u0027ex\u00e9cution automatique de Javascript ;\n-   plusieurs corruptions m\u00e9moire affectant le composant CoreGraphics\n    permettent l\u0027ex\u00e9cution de code arbitraire (Microsoft Windows) \u00e0\n    distance ;\n-   plusieurs vuln\u00e9rabilit\u00e9s affectent le composant WebKit et\n    permettent, entre autre, des attaques en XSS ou l\u0027ex\u00e9cution de code\n    arbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2006-2783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-2783"
    },
    {
      "name": "CVE-2009-1702",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1702"
    },
    {
      "name": "CVE-2008-4226",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4226"
    },
    {
      "name": "CVE-2009-1697",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1697"
    },
    {
      "name": "CVE-2008-4225",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4225"
    },
    {
      "name": "CVE-2009-1710",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1710"
    },
    {
      "name": "CVE-2009-1694",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1694"
    },
    {
      "name": "CVE-2009-0153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0153"
    },
    {
      "name": "CVE-2009-1686",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1686"
    },
    {
      "name": "CVE-2009-1688",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1688"
    },
    {
      "name": "CVE-2008-3529",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3529"
    },
    {
      "name": "CVE-2009-1685",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1685"
    },
    {
      "name": "CVE-2009-1696",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1696"
    },
    {
      "name": "CVE-2009-0040",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0040"
    },
    {
      "name": "CVE-2009-1707",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1707"
    },
    {
      "name": "CVE-2009-1709",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1709"
    },
    {
      "name": "CVE-2009-1708",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1708"
    },
    {
      "name": "CVE-2009-1704",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1704"
    },
    {
      "name": "CVE-2009-1698",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1698"
    },
    {
      "name": "CVE-2009-1701",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1701"
    },
    {
      "name": "CVE-2009-1682",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1682"
    },
    {
      "name": "CVE-2009-1693",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1693"
    },
    {
      "name": "CVE-2009-1684",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1684"
    },
    {
      "name": "CVE-2009-1705",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1705"
    },
    {
      "name": "CVE-2009-1703",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1703"
    },
    {
      "name": "CVE-2008-2320",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2320"
    },
    {
      "name": "CVE-2009-1712",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1712"
    },
    {
      "name": "CVE-2009-1714",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1714"
    },
    {
      "name": "CVE-2008-3281",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3281"
    },
    {
      "name": "CVE-2009-1695",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1695"
    },
    {
      "name": "CVE-2008-3632",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3632"
    },
    {
      "name": "CVE-2009-1681",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1681"
    },
    {
      "name": "CVE-2009-1718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1718"
    },
    {
      "name": "CVE-2008-1588",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1588"
    },
    {
      "name": "CVE-2008-4409",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4409"
    },
    {
      "name": "CVE-2009-1691",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1691"
    },
    {
      "name": "CVE-2009-0145",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0145"
    },
    {
      "name": "CVE-2009-1179",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1179"
    },
    {
      "name": "CVE-2009-1689",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1689"
    },
    {
      "name": "CVE-2009-1687",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1687"
    },
    {
      "name": "CVE-2009-1713",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1713"
    },
    {
      "name": "CVE-2009-1699",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1699"
    },
    {
      "name": "CVE-2009-0946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0946"
    },
    {
      "name": "CVE-2009-1716",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1716"
    },
    {
      "name": "CVE-2009-1706",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1706"
    },
    {
      "name": "CVE-2009-1700",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1700"
    },
    {
      "name": "CVE-2009-1690",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1690"
    },
    {
      "name": "CVE-2008-2321",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2321"
    },
    {
      "name": "CVE-2009-1711",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1711"
    },
    {
      "name": "CVE-2008-4231",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4231"
    },
    {
      "name": "CVE-2009-1715",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1715"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT3613 du 08 juin 2009 :",
      "url": "http://support.apple.com/kb/HT3613"
    }
  ],
  "reference": "CERTA-2009-AVI-223",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-06-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s dans Apple Safari permettant, entre autre,\nl\u0027ex\u00e9cution de code arbitraire \u00e0 distance ont \u00e9t\u00e9 corrig\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple Safari",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT3613 du 8 juin 2009",
      "url": null
    }
  ]
}

CERTA-2009-AVI-243

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulérabilités permettant de réaliser un grand nombre d'actions malveillantes ont été découvertes dans le système d'exploitation des iPhones et des iPods Touch.

Description

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Apple	N/A	Apple iPod Touch Os versions antérieures à la version 3.0.
	Apple	N/A	Apple iPhone Os versions antérieures à la version 3.0 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT3639 du 17 juin 2009

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Apple iPod Touch Os versions ant\u00e9rieures \u00e0 la version 3.0.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple iPhone Os versions ant\u00e9rieures \u00e0 la version 3.0 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le syst\u00e8me\nd\u0027exploitation des iPhones et des iPods Touch. L\u0027exploitation de ces\nvuln\u00e9rabilit\u00e9s permet \u00e0 une personne malveillante de r\u00e9aliser un grand\nnombre d\u0027actions, dont l\u0027execution de code arbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-0147",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0147"
    },
    {
      "name": "CVE-2009-1702",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1702"
    },
    {
      "name": "CVE-2008-3652",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3652"
    },
    {
      "name": "CVE-2008-4226",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4226"
    },
    {
      "name": "CVE-2009-1697",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1697"
    },
    {
      "name": "CVE-2009-0155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0155"
    },
    {
      "name": "CVE-2008-4225",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4225"
    },
    {
      "name": "CVE-2009-1694",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1694"
    },
    {
      "name": "CVE-2009-0153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0153"
    },
    {
      "name": "CVE-2009-1686",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1686"
    },
    {
      "name": "CVE-2009-1688",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1688"
    },
    {
      "name": "CVE-2008-3529",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3529"
    },
    {
      "name": "CVE-2009-1685",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1685"
    },
    {
      "name": "CVE-2008-3651",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3651"
    },
    {
      "name": "CVE-2009-0040",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0040"
    },
    {
      "name": "CVE-2009-1683",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1683"
    },
    {
      "name": "CVE-2009-1698",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1698"
    },
    {
      "name": "CVE-2009-1701",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1701"
    },
    {
      "name": "CVE-2009-1693",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1693"
    },
    {
      "name": "CVE-2009-1684",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1684"
    },
    {
      "name": "CVE-2008-2320",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2320"
    },
    {
      "name": "CVE-2009-0165",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0165"
    },
    {
      "name": "CVE-2008-3281",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3281"
    },
    {
      "name": "CVE-2009-1695",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1695"
    },
    {
      "name": "CVE-2008-3623",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3623"
    },
    {
      "name": "CVE-2008-4409",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4409"
    },
    {
      "name": "CVE-2009-1679",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1679"
    },
    {
      "name": "CVE-2009-1692",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1692"
    },
    {
      "name": "CVE-2009-1691",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1691"
    },
    {
      "name": "CVE-2009-0145",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0145"
    },
    {
      "name": "CVE-2009-0146",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0146"
    },
    {
      "name": "CVE-2009-1179",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1179"
    },
    {
      "name": "CVE-2009-1689",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1689"
    },
    {
      "name": "CVE-2009-1687",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1687"
    },
    {
      "name": "CVE-2009-1699",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1699"
    },
    {
      "name": "CVE-2009-0946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0946"
    },
    {
      "name": "CVE-2009-1680",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1680"
    },
    {
      "name": "CVE-2009-0958",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0958"
    },
    {
      "name": "CVE-2009-0959",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0959"
    },
    {
      "name": "CVE-2009-1700",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1700"
    },
    {
      "name": "CVE-2009-1690",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1690"
    },
    {
      "name": "CVE-2009-0961",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0961"
    },
    {
      "name": "CVE-2009-0945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0945"
    }
  ],
  "links": [],
  "reference": "CERTA-2009-AVI-243",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-06-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vul\u00e9rabilit\u00e9s permettant de r\u00e9aliser un grand nombre\nd\u0027actions malveillantes ont \u00e9t\u00e9 d\u00e9couvertes dans le syst\u00e8me\nd\u0027exploitation des iPhones et des iPods Touch.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s de l\u0027OS iPhone et iPod Touch d\u0027Apple",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT3639 du 17 juin 2009",
      "url": "http://support.apple.com/kb/HT3639"
    }
  ]
}

CERTA-2010-AVI-548

Vulnerability from certfr_avis - Published: - Updated:

De nombreuses vulnérabilités ont été découvertes dans le système d'exploitation Mac OS X. Leur exploitation permet, entre autres, l'exécution de code arbitraire à distance.

Description

De multiples vulnérabilités ont été corrigées dans différents composants du système d'exploitation Mac OS X. Notamment :

AFP Server ;
AppKit ;
ATS ;
CFNetwork ;
CoreGraphics ;
CoreText ;
Directory Services ;
diskdev_cmds ;
Disk Images ;
Image Capture ;
ImageIO ;
Image RAW ;
Kernel ;
Networking ;
Password Server ;
Printing ;
QuickLook ;
QuickTime ;
Safari ;
Time Machine ;
Wiki Server ;
xar.

Parmi les failles corrigées, certaines permettent l'exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	Mac OS X Server 10.6.0 à 10.6.4.
N/A	N/A	Mac OS X 10.5.8 ;
N/A	N/A	Mac OS X 10.6.0 à 10.6.4 ;
N/A	N/A	Mac OS X Server 10.5.8 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Apple 2010-007 du 11 novembre 2010

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Mac OS X Server 10.6.0 \u00e0 10.6.4.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X 10.5.8 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X 10.6.0 \u00e0 10.6.4 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X Server 10.5.8 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans diff\u00e9rents composants\ndu syst\u00e8me d\u0027exploitation Mac OS X. Notamment :\n\n-   AFP Server ;\n-   AppKit ;\n-   ATS ;\n-   CFNetwork ;\n-   CoreGraphics ;\n-   CoreText ;\n-   Directory Services ;\n-   diskdev_cmds ;\n-   Disk Images ;\n-   Image Capture ;\n-   ImageIO ;\n-   Image RAW ;\n-   Kernel ;\n-   Networking ;\n-   Password Server ;\n-   Printing ;\n-   QuickLook ;\n-   QuickTime ;\n-   Safari ;\n-   Time Machine ;\n-   Wiki Server ;\n-   xar.\n\nCette mise \u00e0 jour corrige \u00e9galement un grand nombre de vuln\u00e9rabilit\u00e9s\ndans des logiciels inclus au syst\u00e8me d\u0027exploitation comme Apache, CUPS,\nFlash Player, gzip, MySQL, OpenLDAP, OpenSSL, PHP, python, X11.\n\nParmi les failles corrig\u00e9es, certaines permettent l\u0027ex\u00e9cution de code\narbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-3793",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3793"
    },
    {
      "name": "CVE-2010-2167",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2167"
    },
    {
      "name": "CVE-2010-2173",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2173"
    },
    {
      "name": "CVE-2010-3783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3783"
    },
    {
      "name": "CVE-2010-2163",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2163"
    },
    {
      "name": "CVE-2010-3642",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3642"
    },
    {
      "name": "CVE-2009-4134",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-4134"
    },
    {
      "name": "CVE-2010-1803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1803"
    },
    {
      "name": "CVE-2010-3788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3788"
    },
    {
      "name": "CVE-2010-3638",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3638"
    },
    {
      "name": "CVE-2010-1846",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1846"
    },
    {
      "name": "CVE-2010-2484",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2484"
    },
    {
      "name": "CVE-2010-3640",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3640"
    },
    {
      "name": "CVE-2010-0434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0434"
    },
    {
      "name": "CVE-2010-1834",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1834"
    },
    {
      "name": "CVE-2010-2499",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2499"
    },
    {
      "name": "CVE-2010-2519",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2519"
    },
    {
      "name": "CVE-2010-3646",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3646"
    },
    {
      "name": "CVE-2010-0211",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0211"
    },
    {
      "name": "CVE-2010-2531",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2531"
    },
    {
      "name": "CVE-2010-2170",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2170"
    },
    {
      "name": "CVE-2010-3784",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3784"
    },
    {
      "name": "CVE-2010-1840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1840"
    },
    {
      "name": "CVE-2010-1845",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1845"
    },
    {
      "name": "CVE-2010-3639",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3639"
    },
    {
      "name": "CVE-2010-3654",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3654"
    },
    {
      "name": "CVE-2010-0205",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0205"
    },
    {
      "name": "CVE-2010-1752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1752"
    },
    {
      "name": "CVE-2010-2249",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2249"
    },
    {
      "name": "CVE-2010-3643",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3643"
    },
    {
      "name": "CVE-2010-1849",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1849"
    },
    {
      "name": "CVE-2010-1842",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1842"
    },
    {
      "name": "CVE-2010-2176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2176"
    },
    {
      "name": "CVE-2010-3650",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3650"
    },
    {
      "name": "CVE-2010-1378",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1378"
    },
    {
      "name": "CVE-2010-2497",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2497"
    },
    {
      "name": "CVE-2010-3798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3798"
    },
    {
      "name": "CVE-2010-2162",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2162"
    },
    {
      "name": "CVE-2009-2474",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2474"
    },
    {
      "name": "CVE-2010-1205",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1205"
    },
    {
      "name": "CVE-2010-2172",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2172"
    },
    {
      "name": "CVE-2010-2181",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2181"
    },
    {
      "name": "CVE-2010-3796",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3796"
    },
    {
      "name": "CVE-2010-1850",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1850"
    },
    {
      "name": "CVE-2010-3795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3795"
    },
    {
      "name": "CVE-2010-2160",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2160"
    },
    {
      "name": "CVE-2010-3786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3786"
    },
    {
      "name": "CVE-2010-3644",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3644"
    },
    {
      "name": "CVE-2010-2179",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2179"
    },
    {
      "name": "CVE-2010-1831",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1831"
    },
    {
      "name": "CVE-2010-3647",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3647"
    },
    {
      "name": "CVE-2010-3790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3790"
    },
    {
      "name": "CVE-2010-2214",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2214"
    },
    {
      "name": "CVE-2010-1450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1450"
    },
    {
      "name": "CVE-2010-0408",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0408"
    },
    {
      "name": "CVE-2010-2165",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2165"
    },
    {
      "name": "CVE-2010-2171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2171"
    },
    {
      "name": "CVE-2010-1844",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1844"
    },
    {
      "name": "CVE-2010-2498",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2498"
    },
    {
      "name": "CVE-2010-4010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4010"
    },
    {
      "name": "CVE-2010-3793",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3793"
    },
    {
      "name": "CVE-2010-0209",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0209"
    },
    {
      "name": "CVE-2010-2182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2182"
    },
    {
      "name": "CVE-2010-3649",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3649"
    },
    {
      "name": "CVE-2010-1847",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1847"
    },
    {
      "name": "CVE-2010-1841",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1841"
    },
    {
      "name": "CVE-2010-2175",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2175"
    },
    {
      "name": "CVE-2010-2180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2180"
    },
    {
      "name": "CVE-2010-1828",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1828"
    },
    {
      "name": "CVE-2010-0397",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0397"
    },
    {
      "name": "CVE-2010-2520",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2520"
    },
    {
      "name": "CVE-2008-4546",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4546"
    },
    {
      "name": "CVE-2010-1297",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1297"
    },
    {
      "name": "CVE-2010-2941",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2941"
    },
    {
      "name": "CVE-2010-2187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2187"
    },
    {
      "name": "CVE-2010-2164",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2164"
    },
    {
      "name": "CVE-2010-2884",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2884"
    },
    {
      "name": "CVE-2010-3636",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3636"
    },
    {
      "name": "CVE-2010-1836",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1836"
    },
    {
      "name": "CVE-2010-3794",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3794"
    },
    {
      "name": "CVE-2010-2161",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2161"
    },
    {
      "name": "CVE-2010-1843",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1843"
    },
    {
      "name": "CVE-2010-2808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2808"
    },
    {
      "name": "CVE-2010-2215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2215"
    },
    {
      "name": "CVE-2010-2805",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2805"
    },
    {
      "name": "CVE-2010-2178",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2178"
    },
    {
      "name": "CVE-2010-3787",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3787"
    },
    {
      "name": "CVE-2010-1832",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1832"
    },
    {
      "name": "CVE-2009-0946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0946"
    },
    {
      "name": "CVE-2010-2177",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2177"
    },
    {
      "name": "CVE-2009-2473",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2473"
    },
    {
      "name": "CVE-2010-3053",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3053"
    },
    {
      "name": "CVE-2010-3789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3789"
    },
    {
      "name": "CVE-2010-1829",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1829"
    },
    {
      "name": "CVE-2010-2166",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2166"
    },
    {
      "name": "CVE-2010-1848",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1848"
    },
    {
      "name": "CVE-2010-3645",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3645"
    },
    {
      "name": "CVE-2010-0212",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0212"
    },
    {
      "name": "CVE-2010-3054",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3054"
    },
    {
      "name": "CVE-2010-2184",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2184"
    },
    {
      "name": "CVE-2010-3648",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3648"
    },
    {
      "name": "CVE-2010-3791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3791"
    },
    {
      "name": "CVE-2010-1449",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1449"
    },
    {
      "name": "CVE-2010-3976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3976"
    },
    {
      "name": "CVE-2010-3797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3797"
    },
    {
      "name": "CVE-2010-1830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1830"
    },
    {
      "name": "CVE-2010-3641",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3641"
    },
    {
      "name": "CVE-2010-2189",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2189"
    },
    {
      "name": "CVE-2010-3792",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3792"
    },
    {
      "name": "CVE-2010-2216",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2216"
    },
    {
      "name": "CVE-2010-2174",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2174"
    },
    {
      "name": "CVE-2010-2169",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2169"
    },
    {
      "name": "CVE-2010-1837",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1837"
    },
    {
      "name": "CVE-2010-2806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2806"
    },
    {
      "name": "CVE-2009-2624",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2624"
    },
    {
      "name": "CVE-2010-2188",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2188"
    },
    {
      "name": "CVE-2010-2185",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2185"
    },
    {
      "name": "CVE-2010-1833",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1833"
    },
    {
      "name": "CVE-2010-1811",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1811"
    },
    {
      "name": "CVE-2010-2500",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2500"
    },
    {
      "name": "CVE-2010-2213",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2213"
    },
    {
      "name": "CVE-2009-0796",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0796"
    },
    {
      "name": "CVE-2010-2186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2186"
    },
    {
      "name": "CVE-2010-1838",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1838"
    },
    {
      "name": "CVE-2010-2807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2807"
    },
    {
      "name": "CVE-2010-3785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3785"
    },
    {
      "name": "CVE-2010-2183",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2183"
    },
    {
      "name": "CVE-2010-0105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0105"
    },
    {
      "name": "CVE-2010-0001",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0001"
    },
    {
      "name": "CVE-2010-3652",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3652"
    }
  ],
  "links": [],
  "reference": "CERTA-2010-AVI-548",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-11-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De nombreuses vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le syst\u00e8me\nd\u0027exploitation \u003cspan class=\"textit\"\u003eMac OS X\u003c/span\u003e. Leur exploitation\npermet, entre autres, l\u0027ex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Mac OS X",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple 2010-007 du 11 novembre 2010",
      "url": "http://support.apple.com/kb/HT4435"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2009-0946 (GCVE-0-2009-0946)

Description

Solution

Description

Solution

Description

Solution

Description

Solution

Description

Solution

Description

Solution

Description

Solution

Description

Solution

Description

Solution

Description

Solution

Tags

Sightings

Nomenclature