Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTA-2006-AVI-108
Vulnerability from certfr_avis - Published: - Updated:None
Description
De multiples vulnérabilités existent dans la version actuelle de Mac 0S X v.10.4.5. Parmi les services impactés, nous notons :
- Mail : Une personne malveillante peut envoyer un courriel particulier avec pièces jointes, afin d'inciter l'utilisateur à ouvrir celles-ci. Cette action peut entraîner un dépassement de tampon permettant l'exécution de code arbitraire sur le système. Le problème n'existe pas pour les versions Mac OS antérieures à 10.4.
- Safari, LaunchServices : Safari ouvre automatiquement des fichiers courants, comme les images ou les vidéos. Une personne malveillante peut alors insérer sur son site un code ayant une telle apparence, afin d'exécuter un code arbitraire à distance. Le problème n'existe pas pour les versions de Mac OS antérieures à 10.4.
- CoreTypes : Une page contenant un code JavaScript malveillant permet d'accéder et modifier des documents d'origine différente (voir la notion sous Mac OS de Same-Origin, une origine étant un triplet constitué par le protocole, le port et le serveur Internet).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Mac OS X version 10.4.5",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Mac OS X Server version 10.4.5",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s existent dans la version actuelle de Mac 0S\nX v.10.4.5. Parmi les services impact\u00e9s, nous notons :\n\n- Mail : Une personne malveillante peut envoyer un courriel\n particulier avec pi\u00e8ces jointes, afin d\u0027inciter l\u0027utilisateur \u00e0\n ouvrir celles-ci. Cette action peut entra\u00eener un d\u00e9passement de\n tampon permettant l\u0027ex\u00e9cution de code arbitraire sur le syst\u00e8me. Le\n probl\u00e8me n\u0027existe pas pour les versions Mac OS ant\u00e9rieures \u00e0 10.4.\n- Safari, LaunchServices : Safari ouvre automatiquement des fichiers\n courants, comme les images ou les vid\u00e9os. Une personne malveillante\n peut alors ins\u00e9rer sur son site un code ayant une telle apparence,\n afin d\u0027ex\u00e9cuter un code arbitraire \u00e0 distance. Le probl\u00e8me n\u0027existe\n pas pour les versions de Mac OS ant\u00e9rieures \u00e0 10.4.\n- CoreTypes : Une page contenant un code JavaScript malveillant permet\n d\u0027acc\u00e9der et modifier des documents d\u0027origine diff\u00e9rente (voir la\n notion sous Mac OS de Same-Origin, une origine \u00e9tant un triplet\n constitu\u00e9 par le protocole, le port et le serveur Internet).\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2006-0397",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-0397"
},
{
"name": "CVE-2006-0398",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-0398"
},
{
"name": "CVE-2006-0399",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-0399"
},
{
"name": "CVE-2006-0396",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-0396"
},
{
"name": "CVE-2006-0400",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-0400"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Apple du 13 mars 2006 :",
"url": "http://docs.info.apple.com/article.html?artnum=303453"
}
],
"reference": "CERTA-2006-AVI-108",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2006-03-14T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": null,
"title": "Multiples vuln\u00e9rabilit\u00e9s dans MacOS",
"vendor_advisories": [
{
"published_at": null,
"title": "Mise \u00e0 jour s\u00e9curit\u00e9 de l\u0027\u00e9diteur Apple",
"url": null
}
]
}
CVE-2006-0400 (GCVE-0-2006-0400)
Vulnerability from cvelistv5 – Published: 2006-03-14 11:00 – Updated: 2024-08-07 16:34
VLAI?
EPSS
Summary
CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers to bypass the same-origin policy and execute Javascript in other domains via unknown vectors involving "crafted archives."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:34:14.668Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1015763",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015763"
},
{
"name": "ADV-2006-0949",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0949"
},
{
"name": "19129",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19129"
},
{
"name": "APPLE-SA-2006-03-13",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2006/Mar/msg00001.html"
},
{
"name": "macosx-sameorigin-policy-bypass(25208)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25208"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=303453"
},
{
"name": "23873",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/23873"
},
{
"name": "17082",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17082"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers to bypass the same-origin policy and execute Javascript in other domains via unknown vectors involving \"crafted archives.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1015763",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015763"
},
{
"name": "ADV-2006-0949",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0949"
},
{
"name": "19129",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19129"
},
{
"name": "APPLE-SA-2006-03-13",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2006/Mar/msg00001.html"
},
{
"name": "macosx-sameorigin-policy-bypass(25208)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25208"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=303453"
},
{
"name": "23873",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/23873"
},
{
"name": "17082",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17082"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0400",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers to bypass the same-origin policy and execute Javascript in other domains via unknown vectors involving \"crafted archives.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1015763",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015763"
},
{
"name": "ADV-2006-0949",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0949"
},
{
"name": "19129",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19129"
},
{
"name": "APPLE-SA-2006-03-13",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2006/Mar/msg00001.html"
},
{
"name": "macosx-sameorigin-policy-bypass(25208)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25208"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=303453",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=303453"
},
{
"name": "23873",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23873"
},
{
"name": "17082",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17082"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0400",
"datePublished": "2006-03-14T11:00:00",
"dateReserved": "2006-01-24T00:00:00",
"dateUpdated": "2024-08-07T16:34:14.668Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0396 (GCVE-0-2006-0396)
Vulnerability from cvelistv5 – Published: 2006-03-14 11:00 – Updated: 2024-08-07 16:34
VLAI?
EPSS
Summary
Buffer overflow in Mail in Apple Mac OS X 10.4 up to 10.4.5, when patched with Security Update 2006-001, allows remote attackers to execute arbitrary code via a long Real Name value in an e-mail attachment sent in AppleDouble format, which triggers the overflow when the user double-clicks on an attachment.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:34:14.558Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "17081",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17081"
},
{
"name": "23872",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/23872"
},
{
"name": "ADV-2006-0949",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0949"
},
{
"name": "1015762",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015762"
},
{
"name": "VU#980084",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/980084"
},
{
"name": "macosx-mail-attachment-bo(25209)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25209"
},
{
"name": "19129",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19129"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.digitalmunition.com/DMA%5B2006-0313a%5D.txt"
},
{
"name": "APPLE-SA-2006-03-13",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2006/Mar/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=303453"
},
{
"name": "20060314 DMA[2006-0313a] - \u0027Apple OSX Mail.app RFC1740 Real Name Buffer Overflow\u0027",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/427601/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Mail in Apple Mac OS X 10.4 up to 10.4.5, when patched with Security Update 2006-001, allows remote attackers to execute arbitrary code via a long Real Name value in an e-mail attachment sent in AppleDouble format, which triggers the overflow when the user double-clicks on an attachment."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "17081",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17081"
},
{
"name": "23872",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/23872"
},
{
"name": "ADV-2006-0949",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0949"
},
{
"name": "1015762",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015762"
},
{
"name": "VU#980084",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/980084"
},
{
"name": "macosx-mail-attachment-bo(25209)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25209"
},
{
"name": "19129",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19129"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.digitalmunition.com/DMA%5B2006-0313a%5D.txt"
},
{
"name": "APPLE-SA-2006-03-13",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2006/Mar/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=303453"
},
{
"name": "20060314 DMA[2006-0313a] - \u0027Apple OSX Mail.app RFC1740 Real Name Buffer Overflow\u0027",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/427601/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0396",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Mail in Apple Mac OS X 10.4 up to 10.4.5, when patched with Security Update 2006-001, allows remote attackers to execute arbitrary code via a long Real Name value in an e-mail attachment sent in AppleDouble format, which triggers the overflow when the user double-clicks on an attachment."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17081",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17081"
},
{
"name": "23872",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23872"
},
{
"name": "ADV-2006-0949",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0949"
},
{
"name": "1015762",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015762"
},
{
"name": "VU#980084",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/980084"
},
{
"name": "macosx-mail-attachment-bo(25209)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25209"
},
{
"name": "19129",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19129"
},
{
"name": "http://www.digitalmunition.com/DMA%5B2006-0313a%5D.txt",
"refsource": "MISC",
"url": "http://www.digitalmunition.com/DMA%5B2006-0313a%5D.txt"
},
{
"name": "APPLE-SA-2006-03-13",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2006/Mar/msg00001.html"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=303453",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=303453"
},
{
"name": "20060314 DMA[2006-0313a] - \u0027Apple OSX Mail.app RFC1740 Real Name Buffer Overflow\u0027",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/427601/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0396",
"datePublished": "2006-03-14T11:00:00",
"dateReserved": "2006-01-24T00:00:00",
"dateUpdated": "2024-08-07T16:34:14.558Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0397 (GCVE-0-2006-0397)
Vulnerability from cvelistv5 – Published: 2006-03-14 11:00 – Updated: 2024-08-07 16:34
VLAI?
EPSS
Summary
Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user into opening an application that appears to be a safe file type. NOTE: due to the lack of specific information in the vendor advisory, it is not clear how CVE-2006-0397, CVE-2006-0398, and CVE-2006-0399 are different.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:34:14.532Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "23869",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/23869"
},
{
"name": "ADV-2006-0949",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0949"
},
{
"name": "1015760",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015760"
},
{
"name": "19129",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19129"
},
{
"name": "APPLE-SA-2006-03-13",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2006/Mar/msg00001.html"
},
{
"name": "macosx-safefiletype-command-execution(25269)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25269"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=303453"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user into opening an application that appears to be a safe file type. NOTE: due to the lack of specific information in the vendor advisory, it is not clear how CVE-2006-0397, CVE-2006-0398, and CVE-2006-0399 are different."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "23869",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/23869"
},
{
"name": "ADV-2006-0949",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0949"
},
{
"name": "1015760",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015760"
},
{
"name": "19129",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19129"
},
{
"name": "APPLE-SA-2006-03-13",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2006/Mar/msg00001.html"
},
{
"name": "macosx-safefiletype-command-execution(25269)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25269"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=303453"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0397",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user into opening an application that appears to be a safe file type. NOTE: due to the lack of specific information in the vendor advisory, it is not clear how CVE-2006-0397, CVE-2006-0398, and CVE-2006-0399 are different."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "23869",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23869"
},
{
"name": "ADV-2006-0949",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0949"
},
{
"name": "1015760",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015760"
},
{
"name": "19129",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19129"
},
{
"name": "APPLE-SA-2006-03-13",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2006/Mar/msg00001.html"
},
{
"name": "macosx-safefiletype-command-execution(25269)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25269"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=303453",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=303453"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0397",
"datePublished": "2006-03-14T11:00:00",
"dateReserved": "2006-01-24T00:00:00",
"dateUpdated": "2024-08-07T16:34:14.532Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0399 (GCVE-0-2006-0399)
Vulnerability from cvelistv5 – Published: 2006-03-14 11:00 – Updated: 2024-08-07 16:34
VLAI?
EPSS
Summary
Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user into opening an application that appears to be a safe file type. NOTE: due to the lack of specific information in the vendor advisory, it is not clear how CVE-2006-0397, CVE-2006-0398, and CVE-2006-0399 are different.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:34:14.403Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-0949",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0949"
},
{
"name": "23871",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/23871"
},
{
"name": "1015760",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015760"
},
{
"name": "19129",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19129"
},
{
"name": "APPLE-SA-2006-03-13",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2006/Mar/msg00001.html"
},
{
"name": "macosx-safefiletype-command-execution(25269)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25269"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=303453"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user into opening an application that appears to be a safe file type. NOTE: due to the lack of specific information in the vendor advisory, it is not clear how CVE-2006-0397, CVE-2006-0398, and CVE-2006-0399 are different."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-0949",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0949"
},
{
"name": "23871",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/23871"
},
{
"name": "1015760",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015760"
},
{
"name": "19129",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19129"
},
{
"name": "APPLE-SA-2006-03-13",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2006/Mar/msg00001.html"
},
{
"name": "macosx-safefiletype-command-execution(25269)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25269"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=303453"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0399",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user into opening an application that appears to be a safe file type. NOTE: due to the lack of specific information in the vendor advisory, it is not clear how CVE-2006-0397, CVE-2006-0398, and CVE-2006-0399 are different."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-0949",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0949"
},
{
"name": "23871",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23871"
},
{
"name": "1015760",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015760"
},
{
"name": "19129",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19129"
},
{
"name": "APPLE-SA-2006-03-13",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2006/Mar/msg00001.html"
},
{
"name": "macosx-safefiletype-command-execution(25269)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25269"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=303453",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=303453"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0399",
"datePublished": "2006-03-14T11:00:00",
"dateReserved": "2006-01-24T00:00:00",
"dateUpdated": "2024-08-07T16:34:14.403Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0398 (GCVE-0-2006-0398)
Vulnerability from cvelistv5 – Published: 2006-03-14 11:00 – Updated: 2024-08-07 16:34
VLAI?
EPSS
Summary
Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user into opening an application that appears to be a safe file type. NOTE: due to the lack of specific information in the vendor advisory, it is not clear how CVE-2006-0397, CVE-2006-0398, and CVE-2006-0399 are different.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:34:14.419Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-0949",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0949"
},
{
"name": "1015760",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015760"
},
{
"name": "19129",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19129"
},
{
"name": "APPLE-SA-2006-03-13",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2006/Mar/msg00001.html"
},
{
"name": "macosx-safefiletype-command-execution(25269)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25269"
},
{
"name": "23870",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/23870"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=303453"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user into opening an application that appears to be a safe file type. NOTE: due to the lack of specific information in the vendor advisory, it is not clear how CVE-2006-0397, CVE-2006-0398, and CVE-2006-0399 are different."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-0949",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0949"
},
{
"name": "1015760",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015760"
},
{
"name": "19129",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19129"
},
{
"name": "APPLE-SA-2006-03-13",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2006/Mar/msg00001.html"
},
{
"name": "macosx-safefiletype-command-execution(25269)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25269"
},
{
"name": "23870",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/23870"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=303453"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0398",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user into opening an application that appears to be a safe file type. NOTE: due to the lack of specific information in the vendor advisory, it is not clear how CVE-2006-0397, CVE-2006-0398, and CVE-2006-0399 are different."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-0949",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0949"
},
{
"name": "1015760",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015760"
},
{
"name": "19129",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19129"
},
{
"name": "APPLE-SA-2006-03-13",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2006/Mar/msg00001.html"
},
{
"name": "macosx-safefiletype-command-execution(25269)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25269"
},
{
"name": "23870",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23870"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=303453",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=303453"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0398",
"datePublished": "2006-03-14T11:00:00",
"dateReserved": "2006-01-24T00:00:00",
"dateUpdated": "2024-08-07T16:34:14.419Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…