CVSS: 5.1EPSS: 3%CPEs: 8EXPL: 0CVE-2006-4391
https://notcve.org/view.php?id=CVE-2006-4391
Buffer overflow in Apple ImageIO on Apple Mac OS X 10.4 through 10.4.7 allows remote attackers to execute arbitrary code via a malformed JPEG2000 image. Desbordamiento de búfer en Apple ImageIO sobre Apple Mac OS X 10.4 hasta la 10.4.7 permite a un atacante remoto ejecutar código de su elección a través de una imagen JPEG2000 mal formada. • http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html http://secunia.com/advisories/22187 http://securitytracker.com/id?1016953 http://www.kb.cert.org/vuls/id/546772 http://www.osvdb.org/29268 http://www.securityfocus.com/bid/20271 http://www.us-cert.gov/cas/techalerts/TA06-275A.html http://www.vupen.com/english/advisories/2006/3852 https://exchange.xforce.ibmcloud.com/vulnerabilities/29280 •
CVSS: 3.7EPSS: 0%CPEs: 8EXPL: 0CVE-2006-4393
https://notcve.org/view.php?id=CVE-2006-4393
Unspecified vulnerability in LoginWindow in Apple Mac OS X 10.4 through 10.4.7, when Fast User Switching is enabled, allows local users to gain access to Kerberos tickets of other users. Vulnerabilidad no especificada en LoginWindow en Apple Mac OS X 10.4 hasta 10.4.7, cuando el Cambio Rápido de Usuario está habilitado, permite a usuarios locales obtener acceso a las credenciales Kerberos de otros usuarios. • http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html http://secunia.com/advisories/22187 http://securitytracker.com/id?1016959 http://www.osvdb.org/29271 http://www.securityfocus.com/bid/20271 http://www.vupen.com/english/advisories/2006/3852 https://exchange.xforce.ibmcloud.com/vulnerabilities/29290 •
CVSS: 4.6EPSS: 0%CPEs: 8EXPL: 0CVE-2006-4397
https://notcve.org/view.php?id=CVE-2006-4397
Unchecked error condition in LoginWindow in Apple Mac OS X 10.4 through 10.4.7 prevents Kerberos tickets from being destroyed if a user does not successfully log on to a network account from the login window, which might allow later users to gain access to the original user's Kerberos tickets. Condición de error no comprobada en LoginWindow en Apple Mac OSX 10.4 hasta 10.4.7 evita que las credenciales Kerberos sean destruidas si un usuario no accede con éxito a una cuenta de red desde la ventana de inicio de sesión, lo que puede permitir a usuarios posteriores obtener acceso a las credenciales Kerberos del usuario original. • http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html http://secunia.com/advisories/22187 http://securitytracker.com/id?1016959 http://www.osvdb.org/29270 http://www.securityfocus.com/bid/20271 http://www.vupen.com/english/advisories/2006/3852 •
CVSS: 7.5EPSS: 1%CPEs: 8EXPL: 0CVE-2006-4394
https://notcve.org/view.php?id=CVE-2006-4394
A logic error in LoginWindow in Apple Mac OS X 10.4 through 10.4.7, allows network accounts without GUIds to bypass service access controls and log into the system using loginwindow via unknown vectors. Un error lógico en LoginWindow en Apple Mac OS X 10.4 hasta 10.4.7, permite a cuentas de red sin GUIDs (Identificadores Globales Únicos) evitar los controles de acceso a servicios y acceder al sistema usando loginwindow mediante vectores no especificados. • http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html http://secunia.com/advisories/22187 http://securitytracker.com/id?1016959 http://www.kb.cert.org/vuls/id/897628 http://www.osvdb.org/29272 http://www.securityfocus.com/bid/20271 http://www.us-cert.gov/cas/techalerts/TA06-275A.html http://www.vupen.com/english/advisories/2006/3852 https://exchange.xforce.ibmcloud.com/vulnerabilities/29293 •
CVSS: 7.2EPSS: 0%CPEs: 9EXPL: 2CVE-2006-4392 – Apple Mac OSX 10.4.7 - Mach Exception Handling Local (10.3.x)
https://notcve.org/view.php?id=CVE-2006-4392
The Mach kernel, as used in operating systems including (1) Mac OS X 10.4 through 10.4.7 and (2) OpenStep before 4.2, allows local users to gain privileges via a parent process that forces an exception in a setuid child and uses Mach exception ports to modify the child's thread context and task address space in a way that causes the child to call a parent-controlled function. El núcleo Mach, usado en sistemas operativos que incluyen (1) Mac OS X 10.4 hata 10.4.7 y (2) OpenStep anterior a 4.2, permite a usuarios locales escalar privilegios mediante un proceso padre que fuerza una excepción en un hijo con setuid activado y usa puertos de excepción de Mach para modificar el contexto de hilo y el espacio de dierccionamiento de tarea del hijo de forma que provoca que el hijo llame a una función controlada por el padre. • https://www.exploit-db.com/exploits/2464 https://www.exploit-db.com/exploits/2463 http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html http://secunia.com/advisories/22187 http://securityreason.com/securityalert/1663 http://securitytracker.com/id?1016954 http://www.kb.cert.org/vuls/id/838404 http://www.matasano.com/log/530/matasano-advisory-macos-x-mach-exception-server-privilege-escalation http://www.osvdb.org/29269 http://www.securityfocus.com/archive/1/4 •