CVSS: 5.0EPSS: 1%CPEs: 9EXPL: 0CVE-2006-4407
https://notcve.org/view.php?id=CVE-2006-4407
The Security Framework in Apple Mac OS X 10.3.x up to 10.3.9 does not properly prioritize encryption ciphers when negotiating the strongest shared cipher, which causes Secure Transport to user a weaker cipher that makes it easier for remote attackers to decrypt traffic. El subsistema de seguridad de Apple Mac OS X 10.3.x hasta 10.3.9 no prioriza adecuadamente el cifrado de encriptación cuando negocia cifrado compartido fuerte, lo cual provoca Transporte Seguro al usuario, un cifrado más débil que facilita a atacantes remotos desencriptar el tráfico. • http://docs.info.apple.com/article.html?artnum=304829 http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html http://secunia.com/advisories/23155 http://securitytracker.com/id?1017298 http://www.kb.cert.org/vuls/id/734032 http://www.osvdb.org/30731 http://www.securityfocus.com/bid/21335 http://www.us-cert.gov/cas/techalerts/TA06-333A.html http://www.vupen.com/english/advisories/2006/4750 •
CVSS: 5.0EPSS: 2%CPEs: 9EXPL: 0CVE-2006-4409
https://notcve.org/view.php?id=CVE-2006-4409
The Online Certificate Status Protocol (OCSP) service in the Security Framework in Apple Mac OS X 10.4 through 10.4.8 retrieve certificate revocation lists (CRL) when an HTTP proxy is in use, which could cause the system to accept certificates that have been revoked. El servicio Online Certificate Status Protocol (OCSP) en el Security Framework en Apple Mac OS X 10.4 hasta 10.4.8 recupera listas de revocación de certificados (CRL) cuando un proxy HTTP está en uso, lo cual podría causar que el sistema acepte certificados que han sido revocados. • http://docs.info.apple.com/article.html?artnum=304829 http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html http://secunia.com/advisories/23155 http://securitytracker.com/id?1017298 http://www.kb.cert.org/vuls/id/811384 http://www.osvdb.org/30729 http://www.securityfocus.com/bid/21335 http://www.us-cert.gov/cas/techalerts/TA06-333A.html http://www.vupen.com/english/advisories/2006/4750 •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2006-4404
https://notcve.org/view.php?id=CVE-2006-4404
The Installer application in Apple Mac OS X 10.4.8 and earlier, when used by a user with Admin credentials, does not authenticate the user before installing certain software requiring system privileges. El instalador de aplicaciones en Apple Mac OS X 10.4.8 y anteriores, al ser usado por un usuario con credenciales de administrador, no verifica el usuario antes de instalar cierto software que requiere privilegios de sistema. • http://docs.info.apple.com/article.html?artnum=304829 http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html http://secunia.com/advisories/23155 http://securitytracker.com/id?1017304 http://www.osvdb.org/30733 http://www.securityfocus.com/bid/21335 http://www.us-cert.gov/cas/techalerts/TA06-333A.html http://www.vupen.com/english/advisories/2006/4750 •
CVSS: 5.0EPSS: 2%CPEs: 1EXPL: 2CVE-2006-6015 – Apple Safari 2.0.4 - JavaScript Regular Expression Match Remote Denial of Service
https://notcve.org/view.php?id=CVE-2006-6015
Buffer overflow in the JavaScript implementation in Safari on Apple Mac OS X 10.4 allows remote attackers to cause a denial of service (application crash) via a long argument to the exec method of a regular expression. Desbordamiento de búfer en la implementación de JavaScript en Safari de Apple Mac OS X 10.4 permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) mediante un argumento grande del método exec de una expresión regular. • https://www.exploit-db.com/exploits/29007 http://www.securityfocus.com/archive/1/451542/100/0/threaded http://www.securityfocus.com/archive/1/451823/100/0/threaded http://www.securityfocus.com/bid/21053 •
CVSS: 2.1EPSS: 0%CPEs: 8EXPL: 0CVE-2006-4399
https://notcve.org/view.php?id=CVE-2006-4399
User interface inconsistency in Workgroup Manager in Apple Mac OS X 10.4 through 10.4.7 appears to allow administrators to change the authentication type from crypt to ShadowHash passwords for accounts in a NetInfo parent, when such an operation is not actually supported, which could result in less secure password management than intended. Inconsistencia de interfaz de usuario en el Administrador de Grupos de Trabajo (Workgroup Manager) en Apple Mac OS X 10.4 hasta 10.4.7 aparece para permitir a los administradores cambiar el tipo de autenticación de contraseñas crypt a ShadowHash para cuentas en un servidor NetInfo padre, cuando dicha operación no está realmente soportada, lo cual podría resultar en una gestión de contraseñas menos segura de lo que se pretendía. • http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html http://secunia.com/advisories/22187 http://securitytracker.com/id?1016958 http://www.kb.cert.org/vuls/id/847468 http://www.osvdb.org/29276 http://www.securityfocus.com/bid/20271 http://www.us-cert.gov/cas/techalerts/TA06-275A.html http://www.vupen.com/english/advisories/2006/3852 https://exchange.xforce.ibmcloud.com/vulnerabilities/29302 •