CVSS: 7.5EPSS: 19%CPEs: 4EXPL: 3CVE-2007-0342 – Apple WebKit build 18794 - WebCore Remote Denial of Service
https://notcve.org/view.php?id=CVE-2007-0342
18 Jan 2007 — WebCore in Apple WebKit build 18794 allows remote attackers to cause a denial of service (null dereference and application crash) via a TD element with a large number in the ROWSPAN attribute, as demonstrated by a crash of OmniWeb 5.5.3 on Mac OS X 10.4.8, a different vulnerability than CVE-2006-2019. WebCore en Apple WebKit construcción 18974 permite a un atacante remoto provocar denegación de servicio de un servicio (referencia null y caida de aplicación) a través del elemento TD con un gran número en el ... • https://www.exploit-db.com/exploits/29461 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 2CVE-2006-6238
https://notcve.org/view.php?id=CVE-2006-6238
03 Dec 2006 — The AutoFill feature in Apple Safari 2.0.4 does not properly verify that all automatically populated form fields are visible to the user, which allows remote attackers to obtain sensitive information, such as usernames and passwords, via input fields of zero width, a variant of CVE-2006-6077. La caraterística AutoFill de Apple Safari 2.0.4 no verifica de forma adecuada que todos los campos poblados del formulario sean visibles al usuario, lo cual permite a un atacante remoto obtener información sensible, co... • http://secunia.com/advisories/23066 •
CVSS: 8.8EPSS: 23%CPEs: 10EXPL: 3CVE-2006-3946
https://notcve.org/view.php?id=CVE-2006-3946
31 Jul 2006 — WebCore in Apple Mac OS X 10.3.9 and 10.4 through 10.4.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted HTML that triggers a "memory management error" in WebKit, possibly due to a buffer overflow, as originally reported for the KHTMLParser::popOneBlock function in Apple Safari 2.0.4 using Javascript that changes document.body.innerHTML within a DIV tag. WebCore en Apple Mac OS X 10.3.9 y 10.4 hasta 10.4.7 permite a atacantes remotos provocar una ... • http://browserfun.blogspot.com/2006/07/mobb-31-safari-khtmlparserpoponeblock.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 6%CPEs: 1EXPL: 4CVE-2006-3372 – Apple Safari Web Browser 2.0.4 - DHTML SetAttributeNode() Null Dereference Denial of Service
https://notcve.org/view.php?id=CVE-2006-3372
06 Jul 2006 — Apple Safari 2.0.4/419.3 allows remote attackers to cause a denial of service (application crash) via a DHTML setAttributeNode function call with zero arguments, which triggers a null dereference. Apple Safari 2.0.4/419.3 permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) mediante una llamada a la función DHTML setAttributeNode sin argumentos, que desemboca en una referencia nula. • https://www.exploit-db.com/exploits/28165 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2006-3224
https://notcve.org/view.php?id=CVE-2006-3224
26 Jun 2006 — Apple Safari 2.0.3 (417.9.3) on Mac OS X 10.4.6 allows remote attackers to cause a denial of service (CPU consumption) via Javascript with an infinite for loop. NOTE: it could be argued that this is not a vulnerability, unless it interferes with the operation of the system outside of the scope of Safari itself. Apple Safari v2.0.3 (417.9.3) en Mac OS X v10.4.6 permite a atacantes remotos causar una denegación de servicio (consumo CPU) a través de Javascript con un bucle infinito. NOTA: esto podría ser argum... • http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/046150.html •
CVSS: 7.5EPSS: 11%CPEs: 2EXPL: 2CVE-2006-2019 – Apple Mac OSX Safari 2.0.3 (417.9.2) - 'ROWSPAN' Denial of Service (PoC)
https://notcve.org/view.php?id=CVE-2006-2019
25 Apr 2006 — Apple Mac OS X Safari 2.0.3, 1.3.1, and possibly other versions allows remote attackers to cause a denial of service (CPU consumption and crash) via a TD element with a large number in the rowspan attribute. • https://www.exploit-db.com/exploits/1715 •
CVSS: 7.8EPSS: 18%CPEs: 38EXPL: 1CVE-2006-1985 – Apple Mac OSX 10.x - '.zip' 'BOMStackPop()' Overflow
https://notcve.org/view.php?id=CVE-2006-1985
21 Apr 2006 — Heap-based buffer overflow in BOM BOMArchiveHelper 10.4 (6.3) Build 312, as used in Mac OS X 10.4.6 and earlier, allows user-assisted attackers to execute arbitrary code via a crafted archive (such as ZIP) that contains long path names, which triggers an error in the BOMStackPop function. • https://www.exploit-db.com/exploits/27715 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 80%CPEs: 4EXPL: 3CVE-2006-1986
https://notcve.org/view.php?id=CVE-2006-1986
21 Apr 2006 — Apple Safari 2.0.3 allows remote attackers to cause a denial of service and possibly execute code via a large CELLSPACING attribute in a TABLE tag, which triggers an error in KWQListIteratorImpl::KWQListIteratorImpl. • http://secunia.com/advisories/19686 •
CVSS: 7.5EPSS: 7%CPEs: 4EXPL: 2CVE-2006-1988
https://notcve.org/view.php?id=CVE-2006-1988
21 Apr 2006 — The WebTextRenderer(WebInternal) _CG_drawRun:style:geometry: function in Apple Safari 2.0.3 allows remote attackers to cause a denial of service (application crash) via an HTML LI tag with a large VALUE attribute (list item number), which triggers a null dereference in QPainter::drawText, probably due to a failed memory allocation that uses the VALUE. • http://secunia.com/advisories/19686 •
CVSS: 9.8EPSS: 80%CPEs: 4EXPL: 3CVE-2006-1987
https://notcve.org/view.php?id=CVE-2006-1987
21 Apr 2006 — Apple Safari 2.0.3 allows remote attackers to cause a denial of service and possibly execute code via an invalid FRAME tag, possibly due to (1) multiple SCROLLING attributes with no values, or (2) a SRC attribute with no value. NOTE: due to lack of diagnosis by the researcher, it is unclear which vector is responsible. • http://secunia.com/advisories/19686 •