CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2006-4404
https://notcve.org/view.php?id=CVE-2006-4404
The Installer application in Apple Mac OS X 10.4.8 and earlier, when used by a user with Admin credentials, does not authenticate the user before installing certain software requiring system privileges. El instalador de aplicaciones en Apple Mac OS X 10.4.8 y anteriores, al ser usado por un usuario con credenciales de administrador, no verifica el usuario antes de instalar cierto software que requiere privilegios de sistema. • http://docs.info.apple.com/article.html?artnum=304829 http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html http://secunia.com/advisories/23155 http://securitytracker.com/id?1017304 http://www.osvdb.org/30733 http://www.securityfocus.com/bid/21335 http://www.us-cert.gov/cas/techalerts/TA06-333A.html http://www.vupen.com/english/advisories/2006/4750 •
CVSS: 7.2EPSS: 0%CPEs: 19EXPL: 0CVE-2006-4411
https://notcve.org/view.php?id=CVE-2006-4411
The VPN service in Apple Mac OS X 10.3.x through 10.3.9 and 10.4.x through 10.4.8 does not properly clean the environment when executing commands, which allows local users to gain privileges via unspecified vectors. El servicio VPN de Apple Mac OS X 10.3.x hasta 10.3.9 y 10.4.x hasta 10.4.8 no limpia adecuadamente el entorno cuando ejecuta comandos, lo cual permite a usuarios locales ganar privilegios mediante vectores no especificados. • http://docs.info.apple.com/article.html?artnum=304829 http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html http://secunia.com/advisories/23155 http://securitytracker.com/id?1017304 http://www.osvdb.org/30727 http://www.securityfocus.com/bid/21335 http://www.us-cert.gov/cas/techalerts/TA06-333A.html http://www.vupen.com/english/advisories/2006/4750 •
CVSS: 4.0EPSS: 4%CPEs: 1EXPL: 0CVE-2006-4403
https://notcve.org/view.php?id=CVE-2006-4403
The FTP server in Apple Mac OS X 10.4.8 and earlier, when FTP Access is enabled, will crash when a login failure occurs with a valid user name, which allows remote attackers to cause a denial of service (crash) and enumerate valid usernames. El servidor FTP en Apple Mac OS X 10.4.8 y anteriores, cuando el acceso FTP está habilitado, sufre una caída cuando ocurre un intento de acceso erróneo con un nombre de usuario válido, lo que permite a atacantes remotos provocar una denegación de servicio (caída) y enumerar nombres de usuario válidos. • http://docs.info.apple.com/article.html?artnum=304829 http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html http://secunia.com/advisories/23155 http://securitytracker.com/id?1017303 http://www.kb.cert.org/vuls/id/371648 http://www.osvdb.org/30734 http://www.securityfocus.com/bid/21335 http://www.us-cert.gov/cas/techalerts/TA06-333A.html http://www.vupen.com/english/advisories/2006/4750 https://exchange.xforce.ibmcloud.com/vulnerabilities/30621 •
CVSS: 5.1EPSS: 6%CPEs: 1EXPL: 0CVE-2006-4402
https://notcve.org/view.php?id=CVE-2006-4402
Heap-based buffer overflow in the Finder in Apple Mac OS X 10.4.8 and earlier allows user-assisted remote attackers to execute arbitrary code by browsing directories containing crafted .DS_Store files. Desbordamiento de búfer basados en pila en el Finder del Apple Mac OS X 10.4.8 y versiones anteriores, permite a atacantes con la intervención del usuario ejecutar código de su elección mirando los directorios que contienen ficheros .DS_Store manipulados. • http://docs.info.apple.com/article.html?artnum=304829 http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html http://secunia.com/advisories/23155 http://securitytracker.com/id?1017304 http://www.kb.cert.org/vuls/id/258744 http://www.osvdb.org/30735 http://www.securityfocus.com/bid/21335 http://www.us-cert.gov/cas/techalerts/TA06-333A.html http://www.vupen.com/english/advisories/2006/4750 https://exchange.xforce.ibmcloud.com/vulnerabilities/30617 •
CVSS: 2.1EPSS: 0%CPEs: 2EXPL: 1CVE-2006-6126
https://notcve.org/view.php?id=CVE-2006-6126
Apple Mac OS X allows local users to cause a denial of service (memory corruption) via a crafted Mach-O binary with a malformed load_command data structure. Apple Mac OS X permite a un usuario local provocar denegación de servicio (memoria corrupta) a través del binario manipulado Mach-O con una estructura de datos mal formada load_command. • http://projects.info-pull.com/mokb/MOKB-23-11-2006.html http://www.osvdb.org/30740 http://www.securityfocus.com/bid/21272 http://www.vupen.com/english/advisories/2006/4714 https://exchange.xforce.ibmcloud.com/vulnerabilities/30549 •