CVSS: 5.0EPSS: 2%CPEs: 9EXPL: 0CVE-2006-4409
https://notcve.org/view.php?id=CVE-2006-4409
The Online Certificate Status Protocol (OCSP) service in the Security Framework in Apple Mac OS X 10.4 through 10.4.8 retrieve certificate revocation lists (CRL) when an HTTP proxy is in use, which could cause the system to accept certificates that have been revoked. El servicio Online Certificate Status Protocol (OCSP) en el Security Framework en Apple Mac OS X 10.4 hasta 10.4.8 recupera listas de revocación de certificados (CRL) cuando un proxy HTTP está en uso, lo cual podría causar que el sistema acepte certificados que han sido revocados. • http://docs.info.apple.com/article.html?artnum=304829 http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html http://secunia.com/advisories/23155 http://securitytracker.com/id?1017298 http://www.kb.cert.org/vuls/id/811384 http://www.osvdb.org/30729 http://www.securityfocus.com/bid/21335 http://www.us-cert.gov/cas/techalerts/TA06-333A.html http://www.vupen.com/english/advisories/2006/4750 •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2006-6173 – Apple Mac OSX 10.4.x - 'Shared_Region_Make_Private_Np' Kernel Function Local Memory Corruption
https://notcve.org/view.php?id=CVE-2006-6173
Buffer overflow in the shared_region_make_private_np function in vm/vm_unix.c in Mac OS X 10.4.6 and earlier allows local users to execute arbitrary code via (1) a small range count, which causes insufficient memory allocation, or (2) a large number of ranges in the shared_region_make_private_np_args parameter. Desbordamiento de búfer en la función shared_region_make_private_np de vm/vm_unix.c de Mac OS X 10.4.6 y versiones anteriores permite a usuarios locales ejecutar código de su elección mediante (1) un contador de rango pequeño, que provoca insuficiencia de reserva de memoria, ó (2) un gran número de rangos en el parámetro shared_region_make_private_np_args. • https://www.exploit-db.com/exploits/29201 http://docs.info.apple.com/article.html?artnum=305214 http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html http://projects.info-pull.com/mokb/MOKB-28-11-2006.html http://secunia.com/advisories/23120 http://secunia.com/advisories/24479 http://securitytracker.com/id?1017306 http://www.securityfocus.com/bid/21349 http://www.securitytracker.com/id?1017751 http://www.us-cert.gov/cas/techalerts/TA07-072A.html http:& •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2006-4396
https://notcve.org/view.php?id=CVE-2006-4396
The Apple Type Services (ATS) server in Mac OS X 10.4.8 and earlier does not securely create log files, which allows local users to create and modify arbitrary files via unspecified vectors, possibly relating to a symlink attack. El servidor Apple Type Services (ATS) en Mac OS X 10.4.8 y anteriores no crea archivos de registro de forma segura, lo que permite a atacantes remotos crear y modificar archivos de su elección a través de vectores no especificados, posiblemente relacionados con un ataque de enlace simbólico (symlink attack). • http://docs.info.apple.com/article.html?artnum=304829 http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html http://secunia.com/advisories/23155 http://securitytracker.com/id?1017301 http://www.kb.cert.org/vuls/id/323424 http://www.osvdb.org/30739 http://www.securityfocus.com/bid/21335 http://www.us-cert.gov/cas/techalerts/TA06-333A.html http://www.vupen.com/english/advisories/2006/4750 •
CVSS: 6.8EPSS: 6%CPEs: 19EXPL: 0CVE-2006-4412
https://notcve.org/view.php?id=CVE-2006-4412
WebKit in Apple Mac OS X 10.3.x through 10.3.9 and 10.4 through 10.4.8 allows remote attackers to execute arbitrary code via a crafted HTML file, which accesses previously deallocated objects. WebKit de Apple Mac OS X 10.3.x hasta 10.3.9 y 10.4 hasta 10.4.8 permite a atacantes remotos ejecutar código de su elección mediante un archivo HTML manipulado, que accede a objetos previamente liberados (deallocated). • http://docs.info.apple.com/article.html?artnum=304829 http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html http://secunia.com/advisories/23155 http://securitytracker.com/id?1017304 http://www.kb.cert.org/vuls/id/848960 http://www.osvdb.org/30726 http://www.securityfocus.com/bid/21335 http://www.us-cert.gov/cas/techalerts/TA06-333A.html http://www.vupen.com/english/advisories/2006/4750 https://exchange.xforce.ibmcloud.com/vulnerabilities/30645 •
CVSS: 5.1EPSS: 4%CPEs: 1EXPL: 0CVE-2006-4401
https://notcve.org/view.php?id=CVE-2006-4401
Unspecified vulnerability in CFNetwork in Mac OS 10.4.8 and earlier allows user-assisted remote attackers to execute arbitrary FTP commands via a crafted FTP URI. Vulnerabilidad no especificada en CFNetwork en Mac OS 10.4.8 y versiones anteriores permite a atacantes remotos con la intervención del usuario ejecutar comandos FTP de su elección mediante una URI FTP manipulada. • http://docs.info.apple.com/article.html?artnum=304829 http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html http://secunia.com/advisories/23155 http://securitytracker.com/id?1017302 http://www.kb.cert.org/vuls/id/681056 http://www.osvdb.org/30736 http://www.securityfocus.com/bid/21335 http://www.us-cert.gov/cas/techalerts/TA06-333A.html http://www.vupen.com/english/advisories/2006/4750 •