Vulnerabilities > Apple

DATE CVE VULNERABILITY TITLE RISK
2006-04-05 CVE-2006-0401 Local Authentication Bypass vulnerability in Apple Mac OS X Intel-Based
Unspecified vulnerability in Mac OS X before 10.4.6, when running on an Intel-based computer, allows attackers with physical access to bypass the firmware password and log on in Single User Mode via unspecified vectors.
local
low complexity
apple
4.6
2006-03-31 CVE-2006-1552 Numeric Errors vulnerability in Apple products
Integer overflow in ImageIO in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers to cause a denial of service (crash) via a crafted JPEG image with malformed JPEG metadata, as demonstrated using Safari, aka "Deja-Doom".
network
low complexity
apple CWE-189
5.0
2006-03-19 CVE-2006-1249 Numeric Errors vulnerability in Apple Itunes and Quicktime
Integer overflow in Apple QuickTime Player 7.0.3 and 7.0.4 and iTunes 6.0.1 and 6.0.2 allows remote attackers to execute arbitrary code via a FlashPix (FPX) image that contains a field that specifies a large number of blocks.
network
apple CWE-189
6.8
2006-03-14 CVE-2006-0400 Unspecified vulnerability in Apple mac OS X and mac OS X Server
CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers to bypass the same-origin policy and execute Javascript in other domains via unknown vectors involving "crafted archives."
network
low complexity
apple
7.5
2006-03-14 CVE-2006-0399 Code Injection vulnerability in Apple mac OS X and mac OS X Server
Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user into opening an application that appears to be a safe file type.
network
low complexity
apple CWE-94
7.5
2006-03-14 CVE-2006-0398 Code Injection vulnerability in Apple mac OS X and mac OS X Server
Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user into opening an application that appears to be a safe file type.
network
low complexity
apple CWE-94
7.5
2006-03-14 CVE-2006-0397 Code Injection vulnerability in Apple mac OS X and mac OS X Server
Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user into opening an application that appears to be a safe file type.
network
low complexity
apple CWE-94
7.5
2006-03-14 CVE-2006-0396 Remote Buffer Overflow vulnerability in Apple Mac OS X Mail Message Attachment
Buffer overflow in Mail in Apple Mac OS X 10.4 up to 10.4.5, when patched with Security Update 2006-001, allows remote attackers to execute arbitrary code via a long Real Name value in an e-mail attachment sent in AppleDouble format, which triggers the overflow when the user double-clicks on an attachment.
network
high complexity
apple
5.1
2006-03-14 CVE-2006-1220 Local Heap Overflow vulnerability in Apple Mac OS X Kernel MACH_MSG_SEND
Integer overflow in the mach_msg_send function in the kernel for Mac OS X might allow local users to execute arbitrary code via unknown attack vectors related to a large message header size, which leads to a heap-based buffer overflow.
local
low complexity
apple
4.6
2006-03-06 CVE-2006-0387 Multiple vulnerability in Apple Mac OS X Security Update 2006-001
Stack-based buffer overflow in Safari in Mac OS X 10.4.5 and earlier, and 10.3.9 and earlier, allows remote attackers to execute arbitrary code via unspecified vectors involving a web page with crafted JavaScript, a different vulnerability than CVE-2005-4504.
network
low complexity
apple
6.4