Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/o:apple:mac_os_x:10.4.6
There are 2,095 matching records.
Displaying matches 2,081 through 2,095.
Vuln ID Summary CVSS Severity
CVE-2006-1446

Keychain in Apple Mac OS X 10.3.9 and 10.4.6 might allow an application to bypass a locked Keychain by first obtaining a reference to the Keychain when it is unlocked, then reusing that reference after the Keychain has been locked.

Published: May 12, 2006; 5:02:00 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2006-1447

LaunchServices in Apple Mac OS X 10.4.6 allows remote attackers to cause Safari to launch unsafe content via long file name extensions, which prevents Download Validation from determining which application will be used to open the file.

Published: May 12, 2006; 5:02:00 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2006-1448

Finder in Apple Mac OS X 10.3.9 and 10.4.6 allows user-assisted attackers to execute arbitrary code by tricking a user into launching an Internet Location item that appears to use a safe URL scheme, but which actually has a different and more risky scheme.

Published: May 12, 2006; 5:02:00 PM -0400
V3.x:(not available)
V2.0: 6.5 MEDIUM
CVE-2006-1449

Integer overflow in Mail in Apple Mac OS X 10.3.9 and 10.4.6 allows remote attackers to execute arbitrary code via a crafted MacMIME encapsulated attachment.

Published: May 12, 2006; 5:02:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2006-1450

Mail in Apple Mac OS X 10.3.9 and 10.4.6 allows remote attackers to execute arbitrary code via an enriched text e-mail message with "invalid color information" that causes Mail to allocate and initialize arbitrary classes.

Published: May 12, 2006; 5:02:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2006-1451

MySQL Manager in Apple Mac OS X 10.3.9 and 10.4.6, when setting up a new MySQL database server, does not use the "New MySQL root password" that is provided, which causes the MySQL root password to be blank and allows local users to gain full privileges to that database.

Published: May 12, 2006; 5:02:00 PM -0400
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2006-1452

Stack-based buffer overflow in Preview in Apple Mac OS 10.4 up to 10.4.6 allows local users to execute arbitrary code via a deep directory hierarchy.

Published: May 12, 2006; 5:02:00 PM -0400
V3.x:(not available)
V2.0: 4.6 MEDIUM
CVE-2006-1455

QuickTime Streaming Server in Apple Mac OS X 10.3.9 and 10.4.6 allows remote attackers to cause a denial of service (crash and connection interruption) via a QuickTime movie with a missing track, which triggers a null dereference.

Published: May 12, 2006; 5:02:00 PM -0400
V3.x:(not available)
V2.0: 7.8 HIGH
CVE-2006-1456

Buffer overflow in QuickTime Streaming Server in Apple Mac OS X 10.3.9 and 10.4.6 allows remote attackers to execute arbitrary code via a crafted RTSP request, which is not properly handled during message logging.

Published: May 12, 2006; 5:02:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2006-1457

Safari on Apple Mac OS X 10.4.6, when "Open `safe' files after downloading" is enabled, will automatically expand archives, which could allow remote attackers to overwrite arbitrary files via an archive that contains a symlink.

Published: May 12, 2006; 5:02:00 PM -0400
V3.x:(not available)
V2.0: 2.6 LOW
CVE-2006-2277

Multiple Apple Mac OS X 10.4 applications might allow context-dependent attackers to cause a denial of service (application crash) via a crafted OpenEXR (.exr) image file, which triggers the crash when opening a folder using Finder, displaying the image in Safari, or using Preview to open the file.

Published: May 09, 2006; 10:14:00 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2006-1983

Multiple heap-based buffer overflows in Mac OS X 10.4.6 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) PredictorVSetField function for TIFF or (2) CFAllocatorAllocate function for GIF, as used in applications that use ImageIO or AppKit. NOTE: the BMP vector has been re-assigned to CVE-2006-2238 because it affects a separate product family.

Published: April 21, 2006; 6:02:00 PM -0400
V3.x:(not available)
V2.0: 6.4 MEDIUM
CVE-2006-1985

Heap-based buffer overflow in BOM BOMArchiveHelper 10.4 (6.3) Build 312, as used in Mac OS X 10.4.6 and earlier, allows user-assisted attackers to execute arbitrary code via a crafted archive (such as ZIP) that contains long path names, which triggers an error in the BOMStackPop function.

Published: April 21, 2006; 6:02:00 PM -0400
V3.x:(not available)
V2.0: 5.1 MEDIUM
CVE-2005-3782

Mac OS X 10.4.3 up to 10.4.6, when loginwindow uses the "Name and password" setting, and the "Show the Restart, Sleep, and Shut Down buttons" option is disabled, allows users with physical access to bypass login and reboot the system by entering ">restart", ">power", or ">shutdown" sequences after the username.

Published: December 31, 2005; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2005-1260

bzip2 allows remote attackers to cause a denial of service (hard drive consumption) via a crafted bzip2 file that causes an infinite loop (a.k.a "decompression bomb").

Published: May 19, 2005; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM