CVSS: 7.5EPSS: 79%CPEs: 4EXPL: 3CVE-2006-1987
https://notcve.org/view.php?id=CVE-2006-1987
Apple Safari 2.0.3 allows remote attackers to cause a denial of service and possibly execute code via an invalid FRAME tag, possibly due to (1) multiple SCROLLING attributes with no values, or (2) a SRC attribute with no value. NOTE: due to lack of diagnosis by the researcher, it is unclear which vector is responsible. • http://secunia.com/advisories/19686 http://security-protocols.com/poc/sp-x26-4.html http://www.security-protocols.com/sp-x26-advisory.php http://www.securityfocus.com/bid/17634 http://www.vupen.com/english/advisories/2006/1452 https://exchange.xforce.ibmcloud.com/vulnerabilities/25946 •
CVSS: 5.0EPSS: 3%CPEs: 4EXPL: 2CVE-2006-1988
https://notcve.org/view.php?id=CVE-2006-1988
The WebTextRenderer(WebInternal) _CG_drawRun:style:geometry: function in Apple Safari 2.0.3 allows remote attackers to cause a denial of service (application crash) via an HTML LI tag with a large VALUE attribute (list item number), which triggers a null dereference in QPainter::drawText, probably due to a failed memory allocation that uses the VALUE. • http://secunia.com/advisories/19686 http://security-protocols.com/poc/sp-x26-2.html http://www.osvdb.org/24823 http://www.security-protocols.com/sp-x26-advisory.php http://www.securityfocus.com/bid/17634 http://www.vupen.com/english/advisories/2006/1452 https://exchange.xforce.ibmcloud.com/vulnerabilities/25946 •
CVSS: 5.0EPSS: 5%CPEs: 25EXPL: 0CVE-2006-1552
https://notcve.org/view.php?id=CVE-2006-1552
Integer overflow in ImageIO in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers to cause a denial of service (crash) via a crafted JPEG image with malformed JPEG metadata, as demonstrated using Safari, aka "Deja-Doom". • http://drunkenblog.com/drunkenblog-archives/000760.html http://lists.apple.com/archives/security-announce/2006/May/msg00003.html http://secunia.com/advisories/20077 http://www.osvdb.org/25597 http://www.securityfocus.com/bid/17321 http://www.securityfocus.com/bid/17951 http://www.us-cert.gov/cas/techalerts/TA06-132A.html http://www.vupen.com/english/advisories/2006/1779 https://exchange.xforce.ibmcloud.com/vulnerabilities/26412 • CWE-189: Numeric Errors •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2005-4678
https://notcve.org/view.php?id=CVE-2005-4678
Apple Safari 2.0.2 (aka 416.12) allows remote attackers to spoof the URL in the status bar via the title in an image in a link to a trusted site within a form to the malicious site. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. • http://secunia.com/advisories/17618 •
CVSS: 7.8EPSS: 11%CPEs: 75EXPL: 3CVE-2005-4504 – Apple Mac OSX - KHTMLParser Remote Denial of Service
https://notcve.org/view.php?id=CVE-2005-4504
The khtml::RenderTableSection::ensureRows function in KHTMLParser in Apple Mac OS X 10.4.3 and earlier, as used by Safari and TextEdit, allows remote attackers to cause a denial of service (memory consumption and application crash) via HTML files with a large ROWSPAN attribute in a TD tag. • https://www.exploit-db.com/exploits/26971 http://docs.info.apple.com/article.html?artnum=303382 http://docs.info.apple.com/jarticle.html?artnum=303382-en http://lists.apple.com/archives/security-announce/2006/Mar/msg00000.html http://secunia.com/advisories/18220 http://secunia.com/advisories/19064 http://security-protocols.com/advisory/sp-x22-advisory.txt http://www.kb.cert.org/vuls/id/351217 http://www.securityfocus.com/bid/16045 http://www.securityfocus.com/bid/16907 •