CVSS: 9.8EPSS: 67%CPEs: 12EXPL: 3CVE-2006-0396 – Apple Mac OSX 10.4.5 Mail.app - Real Name Buffer Overflow
https://notcve.org/view.php?id=CVE-2006-0396
14 Mar 2006 — Buffer overflow in Mail in Apple Mac OS X 10.4 up to 10.4.5, when patched with Security Update 2006-001, allows remote attackers to execute arbitrary code via a long Real Name value in an e-mail attachment sent in AppleDouble format, which triggers the overflow when the user double-clicks on an attachment. • https://www.exploit-db.com/exploits/1583 •
CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0CVE-2006-0397
https://notcve.org/view.php?id=CVE-2006-0397
14 Mar 2006 — Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user into opening an application that appears to be a safe file type. NOTE: due to the lack of specific information in the vendor advisory, it is not clear how CVE-2006-0397, CVE-2006-0398, and CVE-2006-0399 are different. • http://docs.info.apple.com/article.html?artnum=303453 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0CVE-2006-0398
https://notcve.org/view.php?id=CVE-2006-0398
14 Mar 2006 — Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user into opening an application that appears to be a safe file type. NOTE: due to the lack of specific information in the vendor advisory, it is not clear how CVE-2006-0397, CVE-2006-0398, and CVE-2006-0399 are different. • http://docs.info.apple.com/article.html?artnum=303453 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0CVE-2006-0399
https://notcve.org/view.php?id=CVE-2006-0399
14 Mar 2006 — Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user into opening an application that appears to be a safe file type. NOTE: due to the lack of specific information in the vendor advisory, it is not clear how CVE-2006-0397, CVE-2006-0398, and CVE-2006-0399 are different. • http://docs.info.apple.com/article.html?artnum=303453 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.1EPSS: 0%CPEs: 12EXPL: 0CVE-2006-0400
https://notcve.org/view.php?id=CVE-2006-0400
14 Mar 2006 — CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers to bypass the same-origin policy and execute Javascript in other domains via unknown vectors involving "crafted archives." • http://docs.info.apple.com/article.html?artnum=303453 •
CVSS: 7.8EPSS: 0%CPEs: 68EXPL: 1CVE-2006-1220
https://notcve.org/view.php?id=CVE-2006-1220
14 Mar 2006 — Integer overflow in the mach_msg_send function in the kernel for Mac OS X might allow local users to execute arbitrary code via unknown attack vectors related to a large message header size, which leads to a heap-based buffer overflow. • http://www.felinemenace.org/~nemo •
CVSS: 8.8EPSS: 8%CPEs: 32EXPL: 0CVE-2006-0387
https://notcve.org/view.php?id=CVE-2006-0387
06 Mar 2006 — Stack-based buffer overflow in Safari in Mac OS X 10.4.5 and earlier, and 10.3.9 and earlier, allows remote attackers to execute arbitrary code via unspecified vectors involving a web page with crafted JavaScript, a different vulnerability than CVE-2005-4504. • http://docs.info.apple.com/article.html?artnum=303382 •
CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0CVE-2006-0391
https://notcve.org/view.php?id=CVE-2006-0391
03 Mar 2006 — Directory traversal vulnerability in the BOM framework in Mac OS X 10.x before 10.3.9 and 10.4 before 10.4.5 allows user-assisted attackers to overwrite or create arbitrary files via an archive that is handled by BOMArchiveHelper. • http://docs.info.apple.com/article.html?artnum=303382 •
CVSS: 5.5EPSS: 0%CPEs: 32EXPL: 0CVE-2006-0386
https://notcve.org/view.php?id=CVE-2006-0386
03 Mar 2006 — FileVault in Mac OS X 10.4.5 and earlier does not properly mount user directories when creating a FileVault image, which allows local users to access protected files when FileVault is enabled. • http://docs.info.apple.com/article.html?artnum=303382 •
CVSS: 6.1EPSS: 1%CPEs: 12EXPL: 0CVE-2006-0389
https://notcve.org/view.php?id=CVE-2006-0389
03 Mar 2006 — Cross-site scripting (XSS) vulnerability in Syndication (Safari RSS) in Mac OS X 10.4 through 10.4.5 allows remote attackers to execute arbitrary JavaScript via unspecified vectors involving RSS feeds. • http://docs.info.apple.com/article.html?artnum=303382 •