CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2006-4887
https://notcve.org/view.php?id=CVE-2006-4887
Apple Remote Desktop (ARD) for Mac OS X 10.2.8 and later does not drop privileges on the remote machine while installing certain applications, which allows local users to bypass authentication and gain privileges by selecting the icon during installation. NOTE: it could be argued that the issue is not in Remote Desktop itself, but in applications that are installed while using it. Apple Remote Desktop (ARD) para Mac OS X 10.2.8 y posteriores no quita privilegios en la máquina remota al instalar ciertas aplicaciones, lo cual permite a usuarios locales evitar la autenticación y obtener privilegios seleccionando el icono durante la instalación. NOTA: Se podría discutir que esta vulnerabilidad no se produce en el mismo Remote Desktop, si no en aplicaciones que son instaladas cuando se está usando. • http://www.osvdb.org/32260 http://www.securityfocus.com/archive/1/446371/100/0/threaded http://www.securityfocus.com/archive/1/446751/100/0/threaded http://www.securityfocus.com/archive/1/447043/100/0/threaded http://www.securityfocus.com/bid/20092 https://exchange.xforce.ibmcloud.com/vulnerabilities/29060 •
CVSS: 4.6EPSS: 0%CPEs: 72EXPL: 1CVE-2006-4866 – Apple Mac OSX 10.x - KExtLoad Buffer Overflow
https://notcve.org/view.php?id=CVE-2006-4866
Buffer overflow in kextload in Apple OS X, as used by TDIXSupport in Roxio Toast Titanium and possibly other products, allows local users to execute arbitrary code via a long extension argument. Desbordamiento de buffer en kextload en Apple OS X, como ha sido usado por TDIXSupport en Roxio Toast Titanium y posiblemente otros productos, permite a usuarios locales ejecutar código de su elección vía un argumento con extensión larga. • https://www.exploit-db.com/exploits/28578 http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049452.html http://www.netragard.com/pdfs/research/apple-kext-tools-20060822.txt http://www.securityfocus.com/bid/20034 •
CVSS: 7.5EPSS: 7%CPEs: 9EXPL: 0CVE-2006-4095
https://notcve.org/view.php?id=CVE-2006-4095
BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to cause a denial of service (crash) via certain SIG queries, which cause an assertion failure when multiple RRsets are returned. BIND anterior a 9.2.6-P1 y 9.3.x anterior a 9.3.2-P1 permite a un atacante remoto provocar denegación de servicio (caida) a través de ciertas consultas SIG, lo cual provoca una falta de aserción cuando múltiples RRsets se devuelven. • http://docs.info.apple.com/article.html?artnum=305530 http://lists.apple.com/archives/security-announce/2007/May/msg00004.html http://secunia.com/advisories/21752 http://secunia.com/advisories/21786 http://secunia.com/advisories/21816 http://secunia.com/advisories/21818 http://secunia.com/advisories/21828 http://secunia.com/advisories/21835 http://secunia.com/advisories/21838 http://secunia.com/advisories/21912 http://secunia.com/advisories/21926 http://secunia.com/advisories&#x • CWE-617: Reachable Assertion •
CVSS: 2.1EPSS: 0%CPEs: 2EXPL: 0CVE-2006-3499
https://notcve.org/view.php?id=CVE-2006-3499
The dynamic linker (dyld) in Apple Mac OS X 10.3.9 allows local users to obtain sensitive information via unspecified dynamic linker options that affect the use of standard error (stderr) by privileged applications. El enlazador dinámico (dyld) en Apple Mac OS X 10.3.9 permite a usuarios locales obtener información sensible a través de opciones de enlazadores dinámicos no especificados que afectan al uso del error estandar (stderr) a aplicaciones privilegiadas. • http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html http://secunia.com/advisories/21253 http://www.osvdb.org/27737 http://www.securityfocus.com/bid/19289 http://www.us-cert.gov/cas/techalerts/TA06-214A.html http://www.vupen.com/english/advisories/2006/3101 https://exchange.xforce.ibmcloud.com/vulnerabilities/28140 •
CVSS: 7.5EPSS: 4%CPEs: 4EXPL: 0CVE-2006-3505
https://notcve.org/view.php?id=CVE-2006-3505
WebKit in Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTML document that causes WebKit to access an object that has already been deallocated. WebKit en Apple Mac OS X 10.3.9 y 10.4.7 permite a atacantes remotos provocar denegación de servicio (caida) y posiblemente ejecutar código de su elección a través de documentos HTML manipulados que provocan que WebKit acceda a un objeto que se ha desasignado ya. • http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html http://secunia.com/advisories/21253 http://www.kb.cert.org/vuls/id/566132 http://www.osvdb.org/27744 http://www.securityfocus.com/bid/19289 http://www.us-cert.gov/cas/techalerts/TA06-214A.html http://www.vupen.com/english/advisories/2006/3101 https://exchange.xforce.ibmcloud.com/vulnerabilities/28149 •