CVSS: 7.8EPSS: 22%CPEs: 38EXPL: 1CVE-2006-1985 – Apple Mac OSX 10.x - '.zip' 'BOMStackPop()' Overflow
https://notcve.org/view.php?id=CVE-2006-1985
21 Apr 2006 — Heap-based buffer overflow in BOM BOMArchiveHelper 10.4 (6.3) Build 312, as used in Mac OS X 10.4.6 and earlier, allows user-assisted attackers to execute arbitrary code via a crafted archive (such as ZIP) that contains long path names, which triggers an error in the BOMStackPop function. • https://www.exploit-db.com/exploits/27715 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 3%CPEs: 25EXPL: 0CVE-2006-1552
https://notcve.org/view.php?id=CVE-2006-1552
31 Mar 2006 — Integer overflow in ImageIO in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers to cause a denial of service (crash) via a crafted JPEG image with malformed JPEG metadata, as demonstrated using Safari, aka "Deja-Doom". • http://drunkenblog.com/drunkenblog-archives/000760.html • CWE-189: Numeric Errors •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2005-4678
https://notcve.org/view.php?id=CVE-2005-4678
31 Dec 2005 — Apple Safari 2.0.2 (aka 416.12) allows remote attackers to spoof the URL in the status bar via the title in an image in a link to a trusted site within a form to the malicious site. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. • http://secunia.com/advisories/17618 •
CVSS: 7.8EPSS: 21%CPEs: 75EXPL: 3CVE-2005-4504 – Apple Mac OSX - KHTMLParser Remote Denial of Service
https://notcve.org/view.php?id=CVE-2005-4504
22 Dec 2005 — The khtml::RenderTableSection::ensureRows function in KHTMLParser in Apple Mac OS X 10.4.3 and earlier, as used by Safari and TextEdit, allows remote attackers to cause a denial of service (memory consumption and application crash) via HTML files with a large ROWSPAN attribute in a TD tag. A new update has been released for Mac OS X that addresses vulnerabilities in apache_mod_php, automount, COM, Directory Services, FileVault, IPSec, LibSystem, Mail, perl, rsync, Safari, LaunchServices, and Syndication. • https://www.exploit-db.com/exploits/26971 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2005-3897
https://notcve.org/view.php?id=CVE-2005-3897
29 Nov 2005 — Apple Safari 2.0.2 allows remote attackers to cause a denial of service (system slowdown) via a Javascript BODY onload event that calls the window function. • http://marc.info/?l=bugtraq&m=113278010907401&w=2 •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2005-2524
https://notcve.org/view.php?id=CVE-2005-2524
25 Oct 2005 — Safari after 2.0 in Apple Mac OS X 10.3.9 allows remote attackers to bypass domain restrictions via crafted web archives that cause Safari to render them as if they came from a different site. • http://lists.apple.com/archives/security-announce/2005/Sep/msg00002.html •
CVSS: 6.5EPSS: 4%CPEs: 9EXPL: 4CVE-2005-3018 – Apple Safari 1.x/2.0.1 - Data URI Memory Corruption
https://notcve.org/view.php?id=CVE-2005-3018
21 Sep 2005 — Apple Safari allows remote attackers to cause a denial of service (application crash) via a crafted data:// URL. • https://www.exploit-db.com/exploits/26271 •
CVSS: 7.5EPSS: 4%CPEs: 1EXPL: 3CVE-2005-2594 – Apple Safari 1.3 Web Browser - JavaScript Invalid Address Denial of Service
https://notcve.org/view.php?id=CVE-2005-2594
17 Aug 2005 — Apple Safari 1.3 (132) on Mac OS X 1.3.9 allows remote attackers to cause a denial of service (crash) via certain Javascript, possibly involving a function that defines a handler for itself within the function body. • https://www.exploit-db.com/exploits/26128 •
CVSS: 4.3EPSS: 1%CPEs: 1EXPL: 2CVE-2005-2272
https://notcve.org/view.php?id=CVE-2005-2272
13 Jul 2005 — Safari version 2.0 (412) does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability." • http://docs.info.apple.com/article.html?artnum=302847 •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1CVE-2005-1385
https://notcve.org/view.php?id=CVE-2005-1385
02 May 2005 — Safari 1.3 allows remote attackers to cause a denial of service (application crash) via a long https URL that triggers a NULL pointer dereference. • http://marc.info/?l=bugtraq&m=111473570624498&w=2 •