Vulnerabilities > Apple > MAC OS X > 10.4
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-04-21 | CVE-2006-1982 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server Heap-based buffer overflow in the LZWDecodeVector function in Mac OS X before 10.4.6, as used in applications that use ImageIO or AppKit, allows remote attackers to execute arbitrary code via crafted TIFF images. | 7.5 |
| 2006-03-31 | CVE-2006-1552 | Numeric Errors vulnerability in Apple products Integer overflow in ImageIO in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers to cause a denial of service (crash) via a crafted JPEG image with malformed JPEG metadata, as demonstrated using Safari, aka "Deja-Doom". | 5.0 |
| 2006-03-14 | CVE-2006-0400 | Unspecified vulnerability in Apple mac OS X and mac OS X Server CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers to bypass the same-origin policy and execute Javascript in other domains via unknown vectors involving "crafted archives." | 7.5 |
| 2006-03-14 | CVE-2006-0399 | Code Injection vulnerability in Apple mac OS X and mac OS X Server Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user into opening an application that appears to be a safe file type. | 7.5 |
| 2006-03-14 | CVE-2006-0398 | Code Injection vulnerability in Apple mac OS X and mac OS X Server Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user into opening an application that appears to be a safe file type. | 7.5 |
| 2006-03-14 | CVE-2006-0397 | Code Injection vulnerability in Apple mac OS X and mac OS X Server Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user into opening an application that appears to be a safe file type. | 7.5 |
| 2006-03-14 | CVE-2006-0396 | Remote Buffer Overflow vulnerability in Apple Mac OS X Mail Message Attachment Buffer overflow in Mail in Apple Mac OS X 10.4 up to 10.4.5, when patched with Security Update 2006-001, allows remote attackers to execute arbitrary code via a long Real Name value in an e-mail attachment sent in AppleDouble format, which triggers the overflow when the user double-clicks on an attachment. | 5.1 |
| 2006-03-14 | CVE-2006-1220 | Local Heap Overflow vulnerability in Apple Mac OS X Kernel MACH_MSG_SEND Integer overflow in the mach_msg_send function in the kernel for Mac OS X might allow local users to execute arbitrary code via unknown attack vectors related to a large message header size, which leads to a heap-based buffer overflow. | 4.6 |
| 2006-03-06 | CVE-2006-0387 | Multiple vulnerability in Apple Mac OS X Security Update 2006-001 Stack-based buffer overflow in Safari in Mac OS X 10.4.5 and earlier, and 10.3.9 and earlier, allows remote attackers to execute arbitrary code via unspecified vectors involving a web page with crafted JavaScript, a different vulnerability than CVE-2005-4504. | 6.4 |
| 2006-03-03 | CVE-2006-0391 | Multiple vulnerability in Apple Mac OS X Security Update 2006-001 Directory traversal vulnerability in the BOM framework in Mac OS X 10.x before 10.3.9 and 10.4 before 10.4.5 allows user-assisted attackers to overwrite or create arbitrary files via an archive that is handled by BOMArchiveHelper. | 1.7 |