CVSS: 9.1EPSS: 0%CPEs: 8EXPL: 0CVE-2006-4399
https://notcve.org/view.php?id=CVE-2006-4399
02 Oct 2006 — User interface inconsistency in Workgroup Manager in Apple Mac OS X 10.4 through 10.4.7 appears to allow administrators to change the authentication type from crypt to ShadowHash passwords for accounts in a NetInfo parent, when such an operation is not actually supported, which could result in less secure password management than intended. Inconsistencia de interfaz de usuario en el Administrador de Grupos de Trabajo (Workgroup Manager) en Apple Mac OS X 10.4 hasta 10.4.7 aparece para permitir a los adminis... • http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html •
CVSS: 8.1EPSS: 0%CPEs: 8EXPL: 0CVE-2006-4387
https://notcve.org/view.php?id=CVE-2006-4387
02 Oct 2006 — Apple Mac OS X 10.4 through 10.4.7, when the administrator clears the "Allow user to administer this computer" checkbox in System Preferences for a user, does not remove the user's account from the appserveradm or appserverusr groups, which still allows the user to manage WebObjects applications. Apple Mac OS X 10.4 hasta la 10.4.7, cuando un administrador quita en la caja de selección "Permitir al usuario administrador su ordenador" en System Preferences para un usuario, no mueve la cuenta de usuario desde... • http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2006-4397
https://notcve.org/view.php?id=CVE-2006-4397
02 Oct 2006 — Unchecked error condition in LoginWindow in Apple Mac OS X 10.4 through 10.4.7 prevents Kerberos tickets from being destroyed if a user does not successfully log on to a network account from the login window, which might allow later users to gain access to the original user's Kerberos tickets. Condición de error no comprobada en LoginWindow en Apple Mac OSX 10.4 hasta 10.4.7 evita que las credenciales Kerberos sean destruidas si un usuario no accede con éxito a una cuenta de red desde la ventana de inicio d... • http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html •
CVSS: 9.1EPSS: 0%CPEs: 8EXPL: 0CVE-2006-4394
https://notcve.org/view.php?id=CVE-2006-4394
02 Oct 2006 — A logic error in LoginWindow in Apple Mac OS X 10.4 through 10.4.7, allows network accounts without GUIds to bypass service access controls and log into the system using loginwindow via unknown vectors. Un error lógico en LoginWindow en Apple Mac OS X 10.4 hasta 10.4.7, permite a cuentas de red sin GUIDs (Identificadores Globales Únicos) evitar los controles de acceso a servicios y acceder al sistema usando loginwindow mediante vectores no especificados. • http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html •
CVSS: 8.8EPSS: 4%CPEs: 8EXPL: 0CVE-2006-4391
https://notcve.org/view.php?id=CVE-2006-4391
02 Oct 2006 — Buffer overflow in Apple ImageIO on Apple Mac OS X 10.4 through 10.4.7 allows remote attackers to execute arbitrary code via a malformed JPEG2000 image. Desbordamiento de búfer en Apple ImageIO sobre Apple Mac OS X 10.4 hasta la 10.4.7 permite a un atacante remoto ejecutar código de su elección a través de una imagen JPEG2000 mal formada. • http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2006-4393
https://notcve.org/view.php?id=CVE-2006-4393
02 Oct 2006 — Unspecified vulnerability in LoginWindow in Apple Mac OS X 10.4 through 10.4.7, when Fast User Switching is enabled, allows local users to gain access to Kerberos tickets of other users. Vulnerabilidad no especificada en LoginWindow en Apple Mac OS X 10.4 hasta 10.4.7, cuando el Cambio Rápido de Usuario está habilitado, permite a usuarios locales obtener acceso a las credenciales Kerberos de otros usuarios. • http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2006-4390
https://notcve.org/view.php?id=CVE-2006-4390
02 Oct 2006 — CFNetwork in Apple Mac OS X 10.4 through 10.4.7 and 10.3.9 allows remote SSL sites to appear as trusted sites by using encryption without authentication, which can cause the lock icon in Safari to be displayed even when the site's identity cannot be trusted. CFNetwork en Apple Mac OS X 10.4 hasta la 10.4.7 y 10.3.9, permite a un sitio SSL remoto aparacer como un sitio verdadero a través del uso de codificación sin validación, lo cual puede provocar que el icono de cerradura en Safari se muestre siempre y cu... • http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 2CVE-2006-4392 – Apple Mac OSX 10.4.7 - Mach Exception Handling Local (10.3.x)
https://notcve.org/view.php?id=CVE-2006-4392
02 Oct 2006 — The Mach kernel, as used in operating systems including (1) Mac OS X 10.4 through 10.4.7 and (2) OpenStep before 4.2, allows local users to gain privileges via a parent process that forces an exception in a setuid child and uses Mach exception ports to modify the child's thread context and task address space in a way that causes the child to call a parent-controlled function. El núcleo Mach, usado en sistemas operativos que incluyen (1) Mac OS X 10.4 hata 10.4.7 y (2) OpenStep anterior a 4.2, permite a usua... • https://www.exploit-db.com/exploits/2464 •
CVSS: 9.3EPSS: 86%CPEs: 6EXPL: 4CVE-2006-5051 – unsafe GSSAPI signal handler
https://notcve.org/view.php?id=CVE-2006-5051
27 Sep 2006 — Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free. Condición de carrera en el manejador de señal OpenSSH en versiones anteriores a 4.4 permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario si la autenticación GSSAPI está habilitada, a través de vectores no especif... • https://github.com/bigb0x/CVE-2024-6387 • CWE-415: Double Free •
CVSS: 8.4EPSS: 0%CPEs: 4EXPL: 1CVE-2006-3507 – Apple Mac OSX 10.x - AirPort Wireless Driver Multiple Buffer Overflow Vulnerabilities
https://notcve.org/view.php?id=CVE-2006-3507
21 Sep 2006 — Multiple stack-based buffer overflows in the AirPort wireless driver on Apple Mac OS X 10.3.9 and 10.4.7 allow physically proximate attackers to execute arbitrary code by injecting crafted frames into a wireless network. Múltiples desbordamientos de búfer basados en pila en el controlador wireless AirPort en Apple Mac OS X 10.3.9 y 10.4.7 permiten a atacantes físicamente próximos ejecutar código de su elección inyectando tramas artesanales dentro de la red wireless. • https://www.exploit-db.com/exploits/28643 •