CVSS: 4.6EPSS: 0%CPEs: 2EXPL: 0CVE-2006-0401
https://notcve.org/view.php?id=CVE-2006-0401
Unspecified vulnerability in Mac OS X before 10.4.6, when running on an Intel-based computer, allows attackers with physical access to bypass the firmware password and log on in Single User Mode via unspecified vectors. Vulnerabilidad no especificada en Mac OS X anteriores a 10.4.6, cuando se ejecuta en un ordenador basado en Intel, permite a atacantes con acceso físico saltarse la contraseña 'firmware' e iniciar sesión en Modo De Un Usuario mediante vectores no especificados. • http://docs.info.apple.com/article.html?artnum=303567 http://secunia.com/advisories/19462 http://securitytracker.com/id?1015859 http://www.osvdb.org/24399 http://www.securityfocus.com/bid/17364 http://www.vupen.com/english/advisories/2006/1215 https://exchange.xforce.ibmcloud.com/vulnerabilities/25620 •
CVSS: 5.0EPSS: 5%CPEs: 25EXPL: 0CVE-2006-1552
https://notcve.org/view.php?id=CVE-2006-1552
Integer overflow in ImageIO in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers to cause a denial of service (crash) via a crafted JPEG image with malformed JPEG metadata, as demonstrated using Safari, aka "Deja-Doom". • http://drunkenblog.com/drunkenblog-archives/000760.html http://lists.apple.com/archives/security-announce/2006/May/msg00003.html http://secunia.com/advisories/20077 http://www.osvdb.org/25597 http://www.securityfocus.com/bid/17321 http://www.securityfocus.com/bid/17951 http://www.us-cert.gov/cas/techalerts/TA06-132A.html http://www.vupen.com/english/advisories/2006/1779 https://exchange.xforce.ibmcloud.com/vulnerabilities/26412 • CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 1%CPEs: 12EXPL: 0CVE-2006-0397
https://notcve.org/view.php?id=CVE-2006-0397
Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user into opening an application that appears to be a safe file type. NOTE: due to the lack of specific information in the vendor advisory, it is not clear how CVE-2006-0397, CVE-2006-0398, and CVE-2006-0399 are different. • http://docs.info.apple.com/article.html?artnum=303453 http://lists.apple.com/archives/security-announce/2006/Mar/msg00001.html http://secunia.com/advisories/19129 http://securitytracker.com/id?1015760 http://www.osvdb.org/23869 http://www.vupen.com/english/advisories/2006/0949 https://exchange.xforce.ibmcloud.com/vulnerabilities/25269 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0CVE-2006-0400
https://notcve.org/view.php?id=CVE-2006-0400
CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers to bypass the same-origin policy and execute Javascript in other domains via unknown vectors involving "crafted archives." • http://docs.info.apple.com/article.html?artnum=303453 http://lists.apple.com/archives/security-announce/2006/Mar/msg00001.html http://secunia.com/advisories/19129 http://securitytracker.com/id?1015763 http://www.osvdb.org/23873 http://www.securityfocus.com/bid/17082 http://www.vupen.com/english/advisories/2006/0949 https://exchange.xforce.ibmcloud.com/vulnerabilities/25208 •
CVSS: 7.5EPSS: 1%CPEs: 12EXPL: 0CVE-2006-0399
https://notcve.org/view.php?id=CVE-2006-0399
Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user into opening an application that appears to be a safe file type. NOTE: due to the lack of specific information in the vendor advisory, it is not clear how CVE-2006-0397, CVE-2006-0398, and CVE-2006-0399 are different. • http://docs.info.apple.com/article.html?artnum=303453 http://lists.apple.com/archives/security-announce/2006/Mar/msg00001.html http://secunia.com/advisories/19129 http://securitytracker.com/id?1015760 http://www.osvdb.org/23871 http://www.vupen.com/english/advisories/2006/0949 https://exchange.xforce.ibmcloud.com/vulnerabilities/25269 • CWE-94: Improper Control of Generation of Code ('Code Injection') •