CVSS: 7.5EPSS: 1%CPEs: 8EXPL: 0CVE-2006-4394
https://notcve.org/view.php?id=CVE-2006-4394
A logic error in LoginWindow in Apple Mac OS X 10.4 through 10.4.7, allows network accounts without GUIds to bypass service access controls and log into the system using loginwindow via unknown vectors. Un error lógico en LoginWindow en Apple Mac OS X 10.4 hasta 10.4.7, permite a cuentas de red sin GUIDs (Identificadores Globales Únicos) evitar los controles de acceso a servicios y acceder al sistema usando loginwindow mediante vectores no especificados. • http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html http://secunia.com/advisories/22187 http://securitytracker.com/id?1016959 http://www.kb.cert.org/vuls/id/897628 http://www.osvdb.org/29272 http://www.securityfocus.com/bid/20271 http://www.us-cert.gov/cas/techalerts/TA06-275A.html http://www.vupen.com/english/advisories/2006/3852 https://exchange.xforce.ibmcloud.com/vulnerabilities/29293 •
CVSS: 5.1EPSS: 3%CPEs: 8EXPL: 0CVE-2006-4391
https://notcve.org/view.php?id=CVE-2006-4391
Buffer overflow in Apple ImageIO on Apple Mac OS X 10.4 through 10.4.7 allows remote attackers to execute arbitrary code via a malformed JPEG2000 image. Desbordamiento de búfer en Apple ImageIO sobre Apple Mac OS X 10.4 hasta la 10.4.7 permite a un atacante remoto ejecutar código de su elección a través de una imagen JPEG2000 mal formada. • http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html http://secunia.com/advisories/22187 http://securitytracker.com/id?1016953 http://www.kb.cert.org/vuls/id/546772 http://www.osvdb.org/29268 http://www.securityfocus.com/bid/20271 http://www.us-cert.gov/cas/techalerts/TA06-275A.html http://www.vupen.com/english/advisories/2006/3852 https://exchange.xforce.ibmcloud.com/vulnerabilities/29280 •
CVSS: 4.6EPSS: 0%CPEs: 8EXPL: 0CVE-2006-4387
https://notcve.org/view.php?id=CVE-2006-4387
Apple Mac OS X 10.4 through 10.4.7, when the administrator clears the "Allow user to administer this computer" checkbox in System Preferences for a user, does not remove the user's account from the appserveradm or appserverusr groups, which still allows the user to manage WebObjects applications. Apple Mac OS X 10.4 hasta la 10.4.7, cuando un administrador quita en la caja de selección "Permitir al usuario administrador su ordenador" en System Preferences para un usuario, no mueve la cuenta de usuario desde los grupos appserveradm o appserverusr, lo cual todavia permite al usuario manejar aplicaciones WebObjects. • http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html http://secunia.com/advisories/22187 http://securitytracker.com/id?1016955 http://www.osvdb.org/29273 http://www.securityfocus.com/bid/20271 http://www.vupen.com/english/advisories/2006/3852 https://exchange.xforce.ibmcloud.com/vulnerabilities/29296 •
CVSS: 2.6EPSS: 0%CPEs: 9EXPL: 0CVE-2006-4390
https://notcve.org/view.php?id=CVE-2006-4390
CFNetwork in Apple Mac OS X 10.4 through 10.4.7 and 10.3.9 allows remote SSL sites to appear as trusted sites by using encryption without authentication, which can cause the lock icon in Safari to be displayed even when the site's identity cannot be trusted. CFNetwork en Apple Mac OS X 10.4 hasta la 10.4.7 y 10.3.9, permite a un sitio SSL remoto aparacer como un sitio verdadero a través del uso de codificación sin validación, lo cual puede provocar que el icono de cerradura en Safari se muestre siempre y cuando la identidad del sitio no pueda ser validada. • http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html http://secunia.com/advisories/22187 http://securitytracker.com/id?1016952 http://www.osvdb.org/29267 http://www.securityfocus.com/bid/20271 http://www.vupen.com/english/advisories/2006/3852 https://exchange.xforce.ibmcloud.com/vulnerabilities/29277 •
CVSS: 7.2EPSS: 0%CPEs: 9EXPL: 2CVE-2006-4392 – Apple Mac OSX 10.4.7 - Mach Exception Handling Local (10.3.x)
https://notcve.org/view.php?id=CVE-2006-4392
The Mach kernel, as used in operating systems including (1) Mac OS X 10.4 through 10.4.7 and (2) OpenStep before 4.2, allows local users to gain privileges via a parent process that forces an exception in a setuid child and uses Mach exception ports to modify the child's thread context and task address space in a way that causes the child to call a parent-controlled function. El núcleo Mach, usado en sistemas operativos que incluyen (1) Mac OS X 10.4 hata 10.4.7 y (2) OpenStep anterior a 4.2, permite a usuarios locales escalar privilegios mediante un proceso padre que fuerza una excepción en un hijo con setuid activado y usa puertos de excepción de Mach para modificar el contexto de hilo y el espacio de dierccionamiento de tarea del hijo de forma que provoca que el hijo llame a una función controlada por el padre. • https://www.exploit-db.com/exploits/2464 https://www.exploit-db.com/exploits/2463 http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html http://secunia.com/advisories/22187 http://securityreason.com/securityalert/1663 http://securitytracker.com/id?1016954 http://www.kb.cert.org/vuls/id/838404 http://www.matasano.com/log/530/matasano-advisory-macos-x-mach-exception-server-privilege-escalation http://www.osvdb.org/29269 http://www.securityfocus.com/archive/1/4 •