Apple macOS vulnerabilities

CVE-2006-0393 [MEDIUM] CVE-2006-0393: OpenSSH in Apple Mac OS X 10.4.7 allows remote attackers to cause a denial of service or determine a OpenSSH in Apple Mac OS X 10.4.7 allows remote attackers to cause a denial of service or determine account existence by attempting to log in using an invalid user, which causes the server to hang.

CVE-2006-0392 [MEDIUM] CVE-2006-0392: Buffer overflow in Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service Buffer overflow in Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Canon RAW image.

CVE-2006-3501 [MEDIUM] CVE-2006-3501: Integer overflow in ImageIO for Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a deni Integer overflow in ImageIO for Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Radiance image.

CVE-2006-3502 [MEDIUM] CVE-2006-3502: Unspecified vulnerability in ImageIO in Apple Mac OS X 10.4.7 allows user-assisted attackers to caus Unspecified vulnerability in ImageIO in Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted GIF image that triggers a memory allocation failure that is not properly handled.

CVE-2006-3499 [LOW] CVE-2006-3499: The dynamic linker (dyld) in Apple Mac OS X 10.3.9 allows local users to obtain sensitive informatio The dynamic linker (dyld) in Apple Mac OS X 10.3.9 allows local users to obtain sensitive information via unspecified dynamic linker options that affect the use of standard error (stderr) by privileged applications.

CVE-2006-3498 [CRITICAL] CVE-2006-3498: Stack-based buffer overflow in bootpd in the DHCP component for Apple Mac OS X 10.3.9 and 10.4.7 all Stack-based buffer overflow in bootpd in the DHCP component for Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to execute arbitrary code via a crafted BOOTP request.

CVE-2006-3497 [MEDIUM] CVE-2006-3497: Unspecified vulnerability in the "compression state handling" in Bom for Apple Mac OS X 10.3.9 and 1 Unspecified vulnerability in the "compression state handling" in Bom for Apple Mac OS X 10.3.9 and 10.4.7 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Zip archive.

CVE-2006-1472 [MEDIUM] CVE-2006-1472: Unspecified vulnerability in AFP Server in Apple Mac OS X 10.3.9 allows remote attackers to determin Unspecified vulnerability in AFP Server in Apple Mac OS X 10.3.9 allows remote attackers to determine names of unauthorized files and folders via unknown vectors related to the search results.

CVE-2006-3496 [MEDIUM] CVE-2006-3496: AFP Server in Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to cause denial of service (c AFP Server in Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to cause denial of service (crash) via an invalid AFP request that triggers an unchecked error condition.

CVE-2006-1473 [MEDIUM] CVE-2006-1473: Integer overflow in AFP Server for Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to cause Integer overflow in AFP Server for Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors.

CVE-2006-3495 [LOW] CVE-2006-3495: AFP Server in Apple Mac OS X 10.3.9 and 10.4.7 stores reconnect keys in a world-readable file, which AFP Server in Apple Mac OS X 10.3.9 and 10.4.7 stores reconnect keys in a world-readable file, which allows local users to obtain the keys and access files and folders of other users.

CVE-2006-3946 [HIGH] CWE-119 CVE-2006-3946: WebCore in Apple Mac OS X 10.3.9 and 10.4 through 10.4.7 allows remote attackers to cause a denial o WebCore in Apple Mac OS X 10.3.9 and 10.4 through 10.4.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted HTML that triggers a "memory management error" in WebKit, possibly due to a buffer overflow, as originally reported for the KHTMLParser::popOneBlock function in Apple Safari 2.0.4 using Jav

CVE-2006-3356 [LOW] CVE-2006-3356: The TIFFFetchAnyArray function in ImageIO in Apple OS X 10.4.7 and earlier allows remote user-assist The TIFFFetchAnyArray function in ImageIO in Apple OS X 10.4.7 and earlier allows remote user-assisted attackers to cause a denial of service (application crash) via an invalid tag value in a TIFF image, possibly triggering a null dereference. NOTE: This is a different issue than CVE-2006-1469.

CVE-2006-1469 [HIGH] CWE-119 CVE-2006-1469: Stack-based buffer overflow in ImageIO in Apple Mac OS X 10.4 up to 10.4.6 allows attackers to cause Stack-based buffer overflow in ImageIO in Apple Mac OS X 10.4 up to 10.4.6 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image.

CVE-2006-1471 [MEDIUM] CWE-134 CVE-2006-1471: Format string vulnerability in the CF_syslog function launchd in Apple Mac OS X 10.4 up to 10.4.6 al Format string vulnerability in the CF_syslog function launchd in Apple Mac OS X 10.4 up to 10.4.6 allows local users to execute arbitrary code via format string specifiers that are not properly handled in a syslog call in the logging facility, as demonstrated by using a crafted plist file.

CVE-2006-1470 [MEDIUM] CWE-399 CVE-2006-1470: OpenLDAP in Apple Mac OS X 10.4 up to 10.4.6 allows remote attackers to cause a denial of service (c OpenLDAP in Apple Mac OS X 10.4 up to 10.4.6 allows remote attackers to cause a denial of service (crash) via an invalid LDAP request that triggers an assert error.

CVE-2006-1468 [MEDIUM] CVE-2006-1468: Unspecified vulnerability in Apple File Protocol (AFP) server in Apple Mac OS X 10.4 up to 10.4.6 in Unspecified vulnerability in Apple File Protocol (AFP) server in Apple Mac OS X 10.4 up to 10.4.6 includes the names of restricted files and folders within search results, which might allow remote attackers to obtain sensitive information.

CVE-2006-1466 [MEDIUM] CVE-2006-1466: Xcode Tools before 2.3 for Mac OS X 10.4, when running the WebObjects plugin, allows remote attacker Xcode Tools before 2.3 for Mac OS X 10.4, when running the WebObjects plugin, allows remote attackers to access or modify WebObjects projects through a network service.

CVE-2006-1455 [HIGH] CVE-2006-1455: QuickTime Streaming Server in Apple Mac OS X 10.3.9 and 10.4.6 allows remote attackers to cause a de QuickTime Streaming Server in Apple Mac OS X 10.3.9 and 10.4.6 allows remote attackers to cause a denial of service (crash and connection interruption) via a QuickTime movie with a missing track, which triggers a null dereference.

CVE-2006-1451 [HIGH] CVE-2006-1451: MySQL Manager in Apple Mac OS X 10.3.9 and 10.4.6, when setting up a new MySQL database server, does MySQL Manager in Apple Mac OS X 10.3.9 and 10.4.6, when setting up a new MySQL database server, does not use the "New MySQL root password" that is provided, which causes the MySQL root password to be blank and allows local users to gain full privileges to that database.