CVSS: 7.5EPSS: 41%CPEs: 32EXPL: 2CVE-2006-1982 – Apple Mac OSX 10.x - LZWDecodeVector '.tiff' Overflow
https://notcve.org/view.php?id=CVE-2006-1982
Heap-based buffer overflow in the LZWDecodeVector function in Mac OS X before 10.4.6, as used in applications that use ImageIO or AppKit, allows remote attackers to execute arbitrary code via crafted TIFF images. Desbodamiento de búfer basado en el montón en la función LZWDecodeVector en Mac OS X anteriores a 10.4.6, como se usa en aplicaciones que utilizan 'ImageIO' o 'AppKit', permite a atacantes remotos ejecutar código de su elección mediante imágenes TIFF artesanales. • https://www.exploit-db.com/exploits/27714 http://docs.info.apple.com/article.html?artnum=303411 http://lists.apple.com/archives/security-announce/2006/May/msg00003.html http://secunia.com/advisories/19686 http://secunia.com/advisories/20077 http://www.osvdb.org/31837 http://www.security-protocols.com/modules.php?name=News&file=article&sid=3233 http://www.security-protocols.com/sp-x24-advisory.php http://www.securityfocus.com/bid/17634 http://www.securityfocus.com/bid/17951 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 10%CPEs: 32EXPL: 1CVE-2006-1984
https://notcve.org/view.php?id=CVE-2006-1984
Unspecified vulnerability in the _cg_TIFFSetField function in Mac OS X 10.4.6 and earlier, as used in applications that use ImageIO or AppKit, allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image that triggers a null dereference. • http://lists.apple.com/archives/security-announce/2006/May/msg00003.html http://secunia.com/advisories/19686 http://secunia.com/advisories/20077 http://www.security-protocols.com/modules.php?name=News&file=article&sid=3233 http://www.security-protocols.com/sp-x29-advisory.php http://www.securityfocus.com/bid/17634 http://www.securityfocus.com/bid/17951 http://www.us-cert.gov/cas/techalerts/TA06-132A.html http://www.vupen.com/english/advisories/2006/1452 http://www.vupen. •
CVSS: 4.6EPSS: 0%CPEs: 68EXPL: 1CVE-2006-1220
https://notcve.org/view.php?id=CVE-2006-1220
Integer overflow in the mach_msg_send function in the kernel for Mac OS X might allow local users to execute arbitrary code via unknown attack vectors related to a large message header size, which leads to a heap-based buffer overflow. • http://www.felinemenace.org/~nemo http://www.osvdb.org/28453 http://www.securityfocus.com/bid/17056 •
CVSS: 1.7EPSS: 0%CPEs: 32EXPL: 0CVE-2006-0386
https://notcve.org/view.php?id=CVE-2006-0386
FileVault in Mac OS X 10.4.5 and earlier does not properly mount user directories when creating a FileVault image, which allows local users to access protected files when FileVault is enabled. • http://docs.info.apple.com/article.html?artnum=303382 http://lists.apple.com/archives/security-announce/2006/Mar/msg00000.html http://secunia.com/advisories/19064 http://www.osvdb.org/23642 http://www.securityfocus.com/bid/16907 http://www.us-cert.gov/cas/techalerts/TA06-062A.html http://www.vupen.com/english/advisories/2006/0791 https://exchange.xforce.ibmcloud.com/vulnerabilities/25024 •
CVSS: 2.6EPSS: 1%CPEs: 32EXPL: 0CVE-2006-0388
https://notcve.org/view.php?id=CVE-2006-0388
Safari in Mac OS X 10.3 before 10.3.9 and 10.4 before 10.4.5 allows remote attackers to redirect users to local files and execute arbitrary JavaScript via unspecified vectors involving HTTP redirection to local resources. • http://docs.info.apple.com/article.html?artnum=303382 http://lists.apple.com/archives/security-announce/2006/Mar/msg00000.html http://secunia.com/advisories/19064 http://securitytracker.com/id?1015713 http://www.securityfocus.com/bid/16907 http://www.us-cert.gov/cas/techalerts/TA06-062A.html http://www.vupen.com/english/advisories/2006/0791 https://exchange.xforce.ibmcloud.com/vulnerabilities/25038 • CWE-94: Improper Control of Generation of Code ('Code Injection') •