CVSS: 4.6EPSS: 2%CPEs: 14EXPL: 0CVE-2006-1471
https://notcve.org/view.php?id=CVE-2006-1471
Format string vulnerability in the CF_syslog function launchd in Apple Mac OS X 10.4 up to 10.4.6 allows local users to execute arbitrary code via format string specifiers that are not properly handled in a syslog call in the logging facility, as demonstrated by using a crafted plist file. Vulnerabilidad de formato de cadena en la función CF_syslog launchd en Apple Mac OS X v10.4 hasta v10.4.6 permite a usuarios locales ejecutar código de su elección a través de especificadores de formato de cadena que no son manejados adecuadamente en una llamada syslog en la facilidad logging, como quedó demostrado usando un fichero plist manipulado. • http://lists.apple.com/archives/security-announce/2006/Jun/msg00000.html http://secunia.com/advisories/20877 http://securitytracker.com/id?1016397 http://www.osvdb.org/26933 http://www.securityfocus.com/archive/1/438699/100/0/threaded http://www.securityfocus.com/bid/18686 http://www.securityfocus.com/bid/18724 http://www.vupen.com/english/advisories/2006/2566 https://exchange.xforce.ibmcloud.com/vulnerabilities/27479 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 5.0EPSS: 1%CPEs: 7EXPL: 0CVE-2006-1468
https://notcve.org/view.php?id=CVE-2006-1468
Unspecified vulnerability in Apple File Protocol (AFP) server in Apple Mac OS X 10.4 up to 10.4.6 includes the names of restricted files and folders within search results, which might allow remote attackers to obtain sensitive information. Vulnerabilidad no especificada en Apple File Protocol (AFP)server en Apple Mac OS X v10.4 actualizado a v10.4.6 incluye el nombre de ficheros con restricción y directorios dentro de resultados de busqueda, lo que puede permitir a atacantes remotos obtener información sensible. • http://lists.apple.com/archives/security-announce/2006/Jun/msg00000.html http://secunia.com/advisories/20877 http://securitytracker.com/id?1016395 http://www.osvdb.org/26930 http://www.securityfocus.com/bid/18686 http://www.securityfocus.com/bid/18733 http://www.vupen.com/english/advisories/2006/2566 https://exchange.xforce.ibmcloud.com/vulnerabilities/27477 •
CVSS: 4.0EPSS: 1%CPEs: 2EXPL: 0CVE-2006-1466
https://notcve.org/view.php?id=CVE-2006-1466
Xcode Tools before 2.3 for Mac OS X 10.4, when running the WebObjects plugin, allows remote attackers to access or modify WebObjects projects through a network service. • http://lists.apple.com/archives/security-announce/2006/May/msg00004.html http://secunia.com/advisories/20267 http://securitytracker.com/id?1016143 http://www.osvdb.org/25889 http://www.securityfocus.com/bid/18091 http://www.vupen.com/english/advisories/2006/1950 https://exchange.xforce.ibmcloud.com/vulnerabilities/26634 •
CVSS: 7.5EPSS: 9%CPEs: 2EXPL: 0CVE-2006-1450
https://notcve.org/view.php?id=CVE-2006-1450
Mail in Apple Mac OS X 10.3.9 and 10.4.6 allows remote attackers to execute arbitrary code via an enriched text e-mail message with "invalid color information" that causes Mail to allocate and initialize arbitrary classes. • http://lists.apple.com/archives/security-announce/2006/May/msg00003.html http://secunia.com/advisories/20077 http://securitytracker.com/id?1016078 http://www.osvdb.org/25594 http://www.securityfocus.com/bid/17951 http://www.us-cert.gov/cas/techalerts/TA06-132A.html http://www.vupen.com/english/advisories/2006/1779 https://exchange.xforce.ibmcloud.com/vulnerabilities/26419 •
CVSS: 7.5EPSS: 14%CPEs: 2EXPL: 0CVE-2006-1449
https://notcve.org/view.php?id=CVE-2006-1449
Integer overflow in Mail in Apple Mac OS X 10.3.9 and 10.4.6 allows remote attackers to execute arbitrary code via a crafted MacMIME encapsulated attachment. • http://lists.apple.com/archives/security-announce/2006/May/msg00003.html http://secunia.com/advisories/20077 http://securitytracker.com/id?1016078 http://www.osvdb.org/25593 http://www.securityfocus.com/bid/17951 http://www.us-cert.gov/cas/techalerts/TA06-132A.html http://www.vupen.com/english/advisories/2006/1779 https://exchange.xforce.ibmcloud.com/vulnerabilities/26417 •