CVSS: 8.8EPSS: 23%CPEs: 10EXPL: 3CVE-2006-3946
https://notcve.org/view.php?id=CVE-2006-3946
31 Jul 2006 — WebCore in Apple Mac OS X 10.3.9 and 10.4 through 10.4.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted HTML that triggers a "memory management error" in WebKit, possibly due to a buffer overflow, as originally reported for the KHTMLParser::popOneBlock function in Apple Safari 2.0.4 using Javascript that changes document.body.innerHTML within a DIV tag. WebCore en Apple Mac OS X 10.3.9 y 10.4 hasta 10.4.7 permite a atacantes remotos provocar una ... • http://browserfun.blogspot.com/2006/07/mobb-31-safari-khtmlparserpoponeblock.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 6%CPEs: 1EXPL: 4CVE-2006-3372 – Apple Safari Web Browser 2.0.4 - DHTML SetAttributeNode() Null Dereference Denial of Service
https://notcve.org/view.php?id=CVE-2006-3372
06 Jul 2006 — Apple Safari 2.0.4/419.3 allows remote attackers to cause a denial of service (application crash) via a DHTML setAttributeNode function call with zero arguments, which triggers a null dereference. Apple Safari 2.0.4/419.3 permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) mediante una llamada a la función DHTML setAttributeNode sin argumentos, que desemboca en una referencia nula. • https://www.exploit-db.com/exploits/28165 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2006-3224
https://notcve.org/view.php?id=CVE-2006-3224
26 Jun 2006 — Apple Safari 2.0.3 (417.9.3) on Mac OS X 10.4.6 allows remote attackers to cause a denial of service (CPU consumption) via Javascript with an infinite for loop. NOTE: it could be argued that this is not a vulnerability, unless it interferes with the operation of the system outside of the scope of Safari itself. Apple Safari v2.0.3 (417.9.3) en Mac OS X v10.4.6 permite a atacantes remotos causar una denegación de servicio (consumo CPU) a través de Javascript con un bucle infinito. NOTA: esto podría ser argum... • http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/046150.html •
CVSS: 7.5EPSS: 11%CPEs: 2EXPL: 2CVE-2006-2019 – Apple Mac OSX Safari 2.0.3 (417.9.2) - 'ROWSPAN' Denial of Service (PoC)
https://notcve.org/view.php?id=CVE-2006-2019
25 Apr 2006 — Apple Mac OS X Safari 2.0.3, 1.3.1, and possibly other versions allows remote attackers to cause a denial of service (CPU consumption and crash) via a TD element with a large number in the rowspan attribute. • https://www.exploit-db.com/exploits/1715 •
CVSS: 7.8EPSS: 18%CPEs: 38EXPL: 1CVE-2006-1985 – Apple Mac OSX 10.x - '.zip' 'BOMStackPop()' Overflow
https://notcve.org/view.php?id=CVE-2006-1985
21 Apr 2006 — Heap-based buffer overflow in BOM BOMArchiveHelper 10.4 (6.3) Build 312, as used in Mac OS X 10.4.6 and earlier, allows user-assisted attackers to execute arbitrary code via a crafted archive (such as ZIP) that contains long path names, which triggers an error in the BOMStackPop function. • https://www.exploit-db.com/exploits/27715 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 80%CPEs: 4EXPL: 3CVE-2006-1986
https://notcve.org/view.php?id=CVE-2006-1986
21 Apr 2006 — Apple Safari 2.0.3 allows remote attackers to cause a denial of service and possibly execute code via a large CELLSPACING attribute in a TABLE tag, which triggers an error in KWQListIteratorImpl::KWQListIteratorImpl. • http://secunia.com/advisories/19686 •
CVSS: 7.5EPSS: 7%CPEs: 4EXPL: 2CVE-2006-1988
https://notcve.org/view.php?id=CVE-2006-1988
21 Apr 2006 — The WebTextRenderer(WebInternal) _CG_drawRun:style:geometry: function in Apple Safari 2.0.3 allows remote attackers to cause a denial of service (application crash) via an HTML LI tag with a large VALUE attribute (list item number), which triggers a null dereference in QPainter::drawText, probably due to a failed memory allocation that uses the VALUE. • http://secunia.com/advisories/19686 •
CVSS: 9.8EPSS: 80%CPEs: 4EXPL: 3CVE-2006-1987
https://notcve.org/view.php?id=CVE-2006-1987
21 Apr 2006 — Apple Safari 2.0.3 allows remote attackers to cause a denial of service and possibly execute code via an invalid FRAME tag, possibly due to (1) multiple SCROLLING attributes with no values, or (2) a SRC attribute with no value. NOTE: due to lack of diagnosis by the researcher, it is unclear which vector is responsible. • http://secunia.com/advisories/19686 •
CVSS: 6.5EPSS: 9%CPEs: 25EXPL: 0CVE-2006-1552
https://notcve.org/view.php?id=CVE-2006-1552
31 Mar 2006 — Integer overflow in ImageIO in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers to cause a denial of service (crash) via a crafted JPEG image with malformed JPEG metadata, as demonstrated using Safari, aka "Deja-Doom". • http://drunkenblog.com/drunkenblog-archives/000760.html • CWE-189: Numeric Errors •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2005-4678
https://notcve.org/view.php?id=CVE-2005-4678
31 Dec 2005 — Apple Safari 2.0.2 (aka 416.12) allows remote attackers to spoof the URL in the status bar via the title in an image in a link to a trusted site within a form to the malicious site. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. • http://secunia.com/advisories/17618 •