CVSS: 5.1EPSS: 1%CPEs: 9EXPL: 0CVE-2006-4395
https://notcve.org/view.php?id=CVE-2006-4395
Unspecified vulnerability in QuickDraw Manager in Apple Mac OS X 10.3.9 and 10.4 through 10.4.7 allows context-dependent attackers to cause a denial of service ("memory corruption" and crash) via a crafted PICT image that is not properly handled by a certain "unsupported QuickDraw operation." Vulnerabilidad no especificada en Quickdraw Manager en Apple Mac OS X 10.3.9 y 10.4 hasta 10.4.7 permite a atacantes (locales o remotos dependiendo del contexto) provocar una denegación de servicio ("corrupción de memoria" y caída) mediante una imagen PICT creada artesanalmente que no es manejada adecuadamente por una determinada "operación QuickDraw no soportada". • http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html http://secunia.com/advisories/22187 http://securitytracker.com/id?1016956 http://www.kb.cert.org/vuls/id/346396 http://www.osvdb.org/29274 http://www.securityfocus.com/bid/20271 http://www.us-cert.gov/cas/techalerts/TA06-275A.html http://www.vupen.com/english/advisories/2006/3852 https://exchange.xforce.ibmcloud.com/vulnerabilities/29299 •
CVSS: 4.6EPSS: 0%CPEs: 8EXPL: 0CVE-2006-4387
https://notcve.org/view.php?id=CVE-2006-4387
Apple Mac OS X 10.4 through 10.4.7, when the administrator clears the "Allow user to administer this computer" checkbox in System Preferences for a user, does not remove the user's account from the appserveradm or appserverusr groups, which still allows the user to manage WebObjects applications. Apple Mac OS X 10.4 hasta la 10.4.7, cuando un administrador quita en la caja de selección "Permitir al usuario administrador su ordenador" en System Preferences para un usuario, no mueve la cuenta de usuario desde los grupos appserveradm o appserverusr, lo cual todavia permite al usuario manejar aplicaciones WebObjects. • http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html http://secunia.com/advisories/22187 http://securitytracker.com/id?1016955 http://www.osvdb.org/29273 http://www.securityfocus.com/bid/20271 http://www.vupen.com/english/advisories/2006/3852 https://exchange.xforce.ibmcloud.com/vulnerabilities/29296 •
CVSS: 5.1EPSS: 3%CPEs: 8EXPL: 0CVE-2006-4391
https://notcve.org/view.php?id=CVE-2006-4391
Buffer overflow in Apple ImageIO on Apple Mac OS X 10.4 through 10.4.7 allows remote attackers to execute arbitrary code via a malformed JPEG2000 image. Desbordamiento de búfer en Apple ImageIO sobre Apple Mac OS X 10.4 hasta la 10.4.7 permite a un atacante remoto ejecutar código de su elección a través de una imagen JPEG2000 mal formada. • http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html http://secunia.com/advisories/22187 http://securitytracker.com/id?1016953 http://www.kb.cert.org/vuls/id/546772 http://www.osvdb.org/29268 http://www.securityfocus.com/bid/20271 http://www.us-cert.gov/cas/techalerts/TA06-275A.html http://www.vupen.com/english/advisories/2006/3852 https://exchange.xforce.ibmcloud.com/vulnerabilities/29280 •
CVSS: 3.7EPSS: 0%CPEs: 8EXPL: 0CVE-2006-4393
https://notcve.org/view.php?id=CVE-2006-4393
Unspecified vulnerability in LoginWindow in Apple Mac OS X 10.4 through 10.4.7, when Fast User Switching is enabled, allows local users to gain access to Kerberos tickets of other users. Vulnerabilidad no especificada en LoginWindow en Apple Mac OS X 10.4 hasta 10.4.7, cuando el Cambio Rápido de Usuario está habilitado, permite a usuarios locales obtener acceso a las credenciales Kerberos de otros usuarios. • http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html http://secunia.com/advisories/22187 http://securitytracker.com/id?1016959 http://www.osvdb.org/29271 http://www.securityfocus.com/bid/20271 http://www.vupen.com/english/advisories/2006/3852 https://exchange.xforce.ibmcloud.com/vulnerabilities/29290 •
CVSS: 4.6EPSS: 0%CPEs: 8EXPL: 0CVE-2006-4397
https://notcve.org/view.php?id=CVE-2006-4397
Unchecked error condition in LoginWindow in Apple Mac OS X 10.4 through 10.4.7 prevents Kerberos tickets from being destroyed if a user does not successfully log on to a network account from the login window, which might allow later users to gain access to the original user's Kerberos tickets. Condición de error no comprobada en LoginWindow en Apple Mac OSX 10.4 hasta 10.4.7 evita que las credenciales Kerberos sean destruidas si un usuario no accede con éxito a una cuenta de red desde la ventana de inicio de sesión, lo que puede permitir a usuarios posteriores obtener acceso a las credenciales Kerberos del usuario original. • http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html http://secunia.com/advisories/22187 http://securitytracker.com/id?1016959 http://www.osvdb.org/29270 http://www.securityfocus.com/bid/20271 http://www.vupen.com/english/advisories/2006/3852 •