Apple macOS vulnerabilities

CVE-2006-4395 [MEDIUM] CVE-2006-4395: Unspecified vulnerability in QuickDraw Manager in Apple Mac OS X 10.3.9 and 10.4 through 10.4.7 allo Unspecified vulnerability in QuickDraw Manager in Apple Mac OS X 10.3.9 and 10.4 through 10.4.7 allows context-dependent attackers to cause a denial of service ("memory corruption" and crash) via a crafted PICT image that is not properly handled by a certain "unsupported QuickDraw operation."

CVE-2006-4387 [MEDIUM] CVE-2006-4387: Apple Mac OS X 10.4 through 10.4.7, when the administrator clears the "Allow user to administer this Apple Mac OS X 10.4 through 10.4.7, when the administrator clears the "Allow user to administer this computer" checkbox in System Preferences for a user, does not remove the user's account from the appserveradm or appserverusr groups, which still allows the user to manage WebObjects applications.

CVE-2006-4391 [MEDIUM] CVE-2006-4391: Buffer overflow in Apple ImageIO on Apple Mac OS X 10.4 through 10.4.7 allows remote attackers to ex Buffer overflow in Apple ImageIO on Apple Mac OS X 10.4 through 10.4.7 allows remote attackers to execute arbitrary code via a malformed JPEG2000 image.

CVE-2006-4397 [MEDIUM] CVE-2006-4397: Unchecked error condition in LoginWindow in Apple Mac OS X 10.4 through 10.4.7 prevents Kerberos tic Unchecked error condition in LoginWindow in Apple Mac OS X 10.4 through 10.4.7 prevents Kerberos tickets from being destroyed if a user does not successfully log on to a network account from the login window, which might allow later users to gain access to the original user's Kerberos tickets.

CVE-2006-4399 [LOW] CVE-2006-4399: User interface inconsistency in Workgroup Manager in Apple Mac OS X 10.4 through 10.4.7 appears to a User interface inconsistency in Workgroup Manager in Apple Mac OS X 10.4 through 10.4.7 appears to allow administrators to change the authentication type from crypt to ShadowHash passwords for accounts in a NetInfo parent, when such an operation is not actually supported, which could result in less secure password management than intended.

CVE-2006-4390 [LOW] CVE-2006-4390: CFNetwork in Apple Mac OS X 10.4 through 10.4.7 and 10.3.9 allows remote SSL sites to appear as trus CFNetwork in Apple Mac OS X 10.4 through 10.4.7 and 10.3.9 allows remote SSL sites to appear as trusted sites by using encryption without authentication, which can cause the lock icon in Safari to be displayed even when the site's identity cannot be trusted.

CVE-2006-4393 [LOW] CVE-2006-4393: Unspecified vulnerability in LoginWindow in Apple Mac OS X 10.4 through 10.4.7, when Fast User Switc Unspecified vulnerability in LoginWindow in Apple Mac OS X 10.4 through 10.4.7, when Fast User Switching is enabled, allows local users to gain access to Kerberos tickets of other users.

CVE-2006-5051 [HIGH] CWE-415 CVE-2006-5051: Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of ser Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free.

CVE-2006-3507 [HIGH] CVE-2006-3507: Multiple stack-based buffer overflows in the AirPort wireless driver on Apple Mac OS X 10.3.9 and 10 Multiple stack-based buffer overflows in the AirPort wireless driver on Apple Mac OS X 10.3.9 and 10.4.7 allow physically proximate attackers to execute arbitrary code by injecting crafted frames into a wireless network.

CVE-2006-3508 [HIGH] CVE-2006-3508: Heap-based buffer overflow in the AirPort wireless driver on Apple Mac OS X 10.4.7 allows physically Heap-based buffer overflow in the AirPort wireless driver on Apple Mac OS X 10.4.7 allows physically proximate attackers to cause a denial of service (crash), gain privileges, and execute arbitrary code via a crafted frame that is not properly handled during scan cache updates.

CVE-2006-3509 [HIGH] CVE-2006-3509: Integer overflow in the API for the AirPort wireless driver on Apple Mac OS X 10.4.7 might allow phy Integer overflow in the API for the AirPort wireless driver on Apple Mac OS X 10.4.7 might allow physically proximate attackers to cause a denial of service (crash) or execute arbitrary code in third-party wireless software that uses the API via crafted frames.

CVE-2006-4887 [HIGH] CVE-2006-4887: Apple Remote Desktop (ARD) for Mac OS X 10.2.8 and later does not drop privileges on the remote mach Apple Remote Desktop (ARD) for Mac OS X 10.2.8 and later does not drop privileges on the remote machine while installing certain applications, which allows local users to bypass authentication and gain privileges by selecting the icon during installation. NOTE: it could be argued that the issue is not in Remote Desktop itself, but in applications that are insta

CVE-2006-4866 [MEDIUM] CVE-2006-4866: Buffer overflow in kextload in Apple OS X, as used by TDIXSupport in Roxio Toast Titanium and possib Buffer overflow in kextload in Apple OS X, as used by TDIXSupport in Roxio Toast Titanium and possibly other products, allows local users to execute arbitrary code via a long extension argument.

CVE-2006-4095 [HIGH] CWE-617 CVE-2006-4095: BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to cause a denial of service BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to cause a denial of service (crash) via certain SIG queries, which cause an assertion failure when multiple RRsets are returned.

CVE-2006-3506 [MEDIUM] CVE-2006-3506: Buffer overflow in the Xsan Filesystem driver on Mac OS X 10.4.7 and OS X Server 10.4.7 allows local Buffer overflow in the Xsan Filesystem driver on Mac OS X 10.4.7 and OS X Server 10.4.7 allows local users with Xsan write access, to execute arbitrary code via unspecified vectors related to "processing a path name."

CVE-2006-0395 [MEDIUM] CVE-2006-0395: The Download Validation in Mail in Mac OS X 10.4 does not properly recognize attachment file types t The Download Validation in Mail in Mac OS X 10.4 does not properly recognize attachment file types to warn a user of an unsafe type, which allows user-assisted remote attackers to execute arbitrary code via crafted file types.

CVE-2006-3505 [HIGH] CVE-2006-3505: WebKit in Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to cause a denial of service (cra WebKit in Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTML document that causes WebKit to access an object that has already been deallocated.

CVE-2006-3500 [HIGH] CVE-2006-3500: The dynamic linker (dyld) in Apple Mac OS X 10.4.7 allows local users to execute arbitrary code via The dynamic linker (dyld) in Apple Mac OS X 10.4.7 allows local users to execute arbitrary code via an "improperly handled condition" that leads to use of "dangerous paths," probably related to an untrusted search path vulnerability.

CVE-2006-3503 [MEDIUM] CVE-2006-3503: Integer overflow in ImageIO in Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denia Integer overflow in ImageIO in Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a malformed GIF image.

CVE-2006-3504 [MEDIUM] CVE-2006-3504: The Download Validation in LaunchServices for Apple Mac OS X 10.4.7 can identify certain HTML as "sa The Download Validation in LaunchServices for Apple Mac OS X 10.4.7 can identify certain HTML as "safe", which could allow attackers to execute Javascript code in local context when the "Open 'safe' files after downloading" option is enabled in Safari.