| Apple Product/Version | CVE # | Date Reported/Disclosed (D) | Date Patched Issued | Days to Patch | Vulnerable System/Software Component | |
| QuickTime 7.0.4 | CVE-2005-2340 | 12/12/2005 | 1/10/2006 | 29 | Heap-based buffer overflow in Apple Quicktime before 7.0.4 | |
| QuickTime 7.0.4 | CVE-2005-3707 | 11/28/2005 | 1/10/2006 | 43 | Buffer overflow in Apple Quicktime before 7.0.4 | |
| QuickTime 7.0.4 | CVE-2005-3708 | 11/28/2005 | 1/10/2006 | 43 | Integer overflow in Apple Quicktime before 7.0.4 | |
| QuickTime 7.0.4 | CVE-2005-3709 | 11/28/2005 | 1/10/2006 | 43 | Integer underflow in Apple Quicktime before 7.0.4 | |
| QuickTime 7.0.4 | CVE-2005-3710 | 11/28/2005 | 1/10/2006 | 43 | Integer overflow in Apple Quicktime before 7.0.4 | |
| QuickTime 7.0.4 | CVE-2005-3711 | 11/28/2005 | 1/10/2006 | 43 | Integer overflow in Apple Quicktime before 7.0.4 | |
| QuickTime 7.0.4 | CVE-2005-3713 | 10/31/2005 | 1/10/2006 | 71 | Heap-based buffer overflow in Apple Quicktime before 7.0.4 | |
| QuickTime 7.0.4 | CVE-2005-4092 | 11/17/2005 | 1/10/2006 | 54 | Multiple heap-based buffer overflows QuickTime Player 7.0.3 & iTunes 6.0.1 (3) | 8 |
| Security Update 2006-001 | CVE-2006-0384 | 2/19/2006(D) | 3/1/2006 | 10 | automount in Mac OS X 10.4.5 | |
| Security Update 2006-001 | CVE-2005-3706 | Withheld by researcher | 3/1/2006 | Heap-based buffer overflow in LibSystem in Mac OS X 10.4 through 10.4.5 | ||
| Security Update 2006-001 | CVE-2006-0395 | Internal/Not Credited | 3/1/2006 | Download Validation in Mail in Mac OS X 10.4 | ||
| Security Update 2006-001 | CVE-2005-4504 | Internal/Not Credited | 3/1/2006 | KHTMLParser in Apple Mac OS X 10.4.3 and earlier, as used by Safari | ||
| Security Update 2006-001 | CVE-2006-0387 | Internal/Not Credited | 3/1/2006 | Stack-based buffer overflow in Safari | ||
| Security Update 2006-001 | CVE-2006-0388 | Internal/Not Credited | 3/1/2006 | Safari in Mac OS X 10.3 before 10.3.9 and 10.4 before 10.4.5 | ||
| Security Update 2006-001 | CVE-2006-0848 | 2/22/2006(D) | 3/1/2006 | 9 | "Open 'safe' files after downloading" option in Safari on Apple Mac OS X | |
| Security Update 2006-001 | CVE-2006-0389 | Internal/Not Credited | 3/1/2006 | Cross-site scripting (XSS) vulnerability in Syndication (Safari RSS) | ||
| Security Update 2006-001 | N/A | 2/13/2006(D) | 3/1/2006 | 16 | Patch to fix iChat weakness exploited by OS X/Leap Worm | |
| Security Update 2006-002 | CVE-2006-0396 | 3/4/2006 | 3/13/2006 | 9 | Buffer overflow in Mail in Apple Mac OS X 10.4 up to 10.4.5 | |
| Security Update 2006-002 | CVE-2006-0397 | 3/2/2006 | 3/13/2006 | 11 | Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 | |
| Security Update 2006-002 | CVE-2006-0398 | 3/2/2006 | 3/13/2006 | 11 | Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 | |
| Security Update 2006-002 | CVE-2006-0399 | 3/2/2006 | 3/13/2006 | 11 | Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 | |
| QuickTime 7.1 | CVE-2006-1458 | Internal/Not Credited | 5/11/2006 | Integer overflow in Apple QuickTime Player before 7.1 | ||
| QuickTime 7.1 | CVE-2006-1459 | 2/11/2006 | 5/11/2006 | 89 | Multiple integer overflows in Apple QuickTime before 7.1 | |
| QuickTime 7.1 | CVE-2006-1460 | 2/11/2006 | 5/11/2006 | 89 | Multiple buffer overflows in Apple QuickTime before 7.1 | |
| QuickTime 7.1 | CVE-2006-1461 | 2/11/2006 | 5/11/2006 | 89 | Multiple buffer overflows in Apple QuickTime before 7.1 | |
| QuickTime 7.1 | CVE-2006-1462 | 2/11/2006 | 5/11/2006 | 89 | Multiple integer overflows in Apple QuickTime before 7.1 | |
| QuickTime 7.1 | CVE-2006-1463 | 2/11/2006 | 5/11/2006 | 89 | Heap-based buffer overflow in Apple QuickTime before 7.1 | |
| QuickTime 7.1 | CVE-2006-1464 | 2/11/2006 | 5/11/2006 | 89 | Buffer overflow in Apple QuickTime before 7.1 allows | |
| QuickTime 7.1 | CVE-2006-1249 | 3/7/2006 | 5/11/2006 | 65 | Integer overflow in Apple QuickTime Player 7.0.3 and 7.0.4 and iTunes 6.0.1 and 6.0.2 | |
| QuickTime 7.1 | CVE-2006-1465 | 2/11/2006 | 5/11/2006 | 90 | Buffer overflow in Apple QuickTime before 7.1 | |
| QuickTime 7.1 | CVE-2006-1453 | 2/11/2006 | 5/11/2006 | 90 | Stack-based buffer overflow in Apple QuickTime before 7.1 | |
| QuickTime 7.1 | CVE-2006-1454 | 2/11/2006 | 5/11/2006 | 90 | Heap-based buffer overflow in Apple QuickTime before 7.1 | |
| QuickTime 7.1 | CVE-2006-2238 | Internal/Not Credited | 5/11/2006 | Heap-based buffer overflow in Apple QuickTime before 7.1 | ||
| Security Update 2006-003 | CVE-2006-1982 | 4/3/2006(D) | 5/11/2006 | 37 | Heap-based buffer overflow in the LZWDecodeVector function in Mac OS X before 10.4.6, | |
| Security Update 2006-003 | CVE-2006-1983 | 4/19/2006(D) | 5/11/2006 | 22 | Multiple heap-based buffer overflows in Mac OS X 10.4.6 and earlier | 20 |
| Security Update 2006-003 | CVE-2006-1984 | 4/19/2006(D) | 5/11/2006 | 22 | Unspecified vulnerability in the _cg_TIFFSetField function | |
| Security Update 2006-003 | CVE-2006-1985 | 4/19/2006(D) | 5/11/2006 | 22 | Heap-based buffer overflow in BOM BOMArchiveHelper 10.4 | |
| Security Update 2006-003 | CVE-2006-1440 | Internal/Not Credited | 5/11/2006 | BOM in Apple Mac OS X 10.3.9 and 10.4.6 | ||
| Security Update 2006-003 | CVE-2006-1441 | Internal/Not Credited | 5/11/2006 | Integer overflow in CFNetwork in Apple Mac OS X 10.4.6 | ||
| Security Update 2006-003 | CVE-2006-1614 | 4/6/2006(D) | 5/11/2006 | 34 | Clam AntiVirus | |
| Security Update 2006-003 | CVE-2006-1615 | 4/4/2006 | 5/11/2006 | 36 | Clam AntiVirus | |
| Security Update 2006-003 | CVE-2006-1630 | 4/4/2006 | 5/11/2006 | 36 | Clam AntiVirus | |
| Security Update 2006-003 | CVE-2006-1442 | Internal/Not Credited | 5/11/2006 | CoreFoundation in Apple Mac OS X 10.3.9 and 10.4.6 | ||
| Security Update 2006-003 | CVE-2006-1443 | Internal/Not Credited | 5/11/2006 | Integer underflow in CoreFoundation | ||
| Security Update 2006-003 | CVE-2006-1448 | Internal/Not Credited | 5/11/2006 | Finder in Apple Mac OS X 10.3.9 and 10.4.6 | ||
| Security Update 2006-003 | CVE-2006-1445 | Internal/Not Credited | 5/11/2006 | Buffer overflow in the FTP server (FTPServer) in Apple Mac OS X 10.3.9 and 10.4.6 | ||
| Security Update 2006-003 | CVE-2006-1552 | 3/28/2006(D) | 5/11/2006 | 43 | Integer overflow in ImageIO in Apple Mac OS X 10.4 up to 10.4.5 | |
| Security Update 2006-003 | CVE-2006-1447 | Internal/Not Credited | 5/11/2006 | LaunchServices in Apple Mac OS X 10.4.6 allo | ||
| Security Update 2006-003 | CVE-2005-4077 | 12/7/2005 | 5/11/2006 | 155 | Multiple off-by-one errors in the cURL library | |
| Security Update 2006-003 | CVE-2006-1449 | Internal/Not Credited | 5/11/2006 | Integer overflow in Mail in Apple Mac OS X 10.3.9 and 10.4.6 | ||
| Security Update 2006-003 | CVE-2006-1450 | Internal/Not Credited | 5/11/2006 | Mail in Apple Mac OS X 10.3.9 and 10.4.6 | ||
| Security Update 2006-003 | CVE-2006-1452 | Internal/Not Credited | 5/11/2006 | Stack-based buffer overflow in Preview in Apple Mac OS 10.4 up to 10.4.6 | ||
| Security Update 2006-003 | CVE-2006-1456 | 3/13/2006 | 5/11/2006 | 59 | Buffer overflow in QuickTime Streaming Server in Apple Mac OS X 10.3.9 and 10.4.6 | |
| Security Update 2006-003 | CVE-2006-1457 | Internal/Not Credited | 5/11/2006 | Safari on Apple Mac OS X 10.4.6, when "Open `safe' files after downloading" | ||
| Mac OS X 10.4.7 Update | CVE-2006-1989 | 4/29/2006 | 6/27/2006 | 59 | Freshclam in ClamAV | |
| Mac OS X 10.4.7 Update | CVE-2006-1469 | Internal/Not Credited | 6/27/2006 | Stack-based buffer overflow in ImageIO in Apple Mac OS X 10.4 up to 10.4.6 | ||
| iTunes 6.0.5 | CVE-2006-1467 | 4/7/2006 | 6/29/2006 | 83 | Integer overflow in the AAC file parsing code in Apple iTunes before 6.0.5 | 23 |
| Security Update 2006-004 | CVE-2006-1473 | 7/17/2006 | 8/1/2006 | 15 | Integer overflow in AFP Server for Apple Mac OS X 10.3.9 and 10.4.7 | |
| Security Update 2006-004 | CVE-2006-3459 | 7/17/2006 | 8/1/2006 | 15 | Multiple stack-based buffer overflows in the TIFF library | |
| Security Update 2006-004 | CVE-2006-3461 | 7/17/2006 | 8/1/2006 | 15 | Heap-based buffer overflow in the PixarLog decoder in the TIFF library | |
| Security Update 2006-004 | CVE-2006-3462 | 7/17/2006 | 8/1/2006 | 15 | Heap-based buffer overflow in the NeXT RLE decoder in the TIFF library | |
| Security Update 2006-004 | CVE-2006-3465 | 7/17/2006 | 8/1/2006 | 15 | Unspecified vulnerability in the custom tag support for the TIFF library | |
| Security Update 2006-004 | CVE-2006-3497 | 2/21/2006 | 8/1/2006 | 161 | Unspecified vulnerability in the "compression state handling" in Bom for Apple Mac OS X 10.3.9 and 10.4.7 | |
| Security Update 2006-004 | CVE-2006-3498 | Internal/Not Credited | 8/1/2006 | Stack-based buffer overflow in bootpd in the DHCP component for Apple Mac OS X 10.3.9 and 10.4.7 | ||
| Security Update 2006-004 | CVE-2005-2335 | 7/21/2005 | 8/1/2006 | 376 | Buffer overflow in the POP3 client in Fetchmail before 6.2.5.2 | |
| Security Update 2006-004 | CVE-2005-3088 | 10/21/2005 | 8/1/2006 | 284 | fetchmailconf before 1.49 in fetchmail 6.2.0, 6.2.5 and 6.2.5.2 | |
| Security Update 2006-004 | CVE-2005-4348 | 12/19/2005 | 8/1/2006 | 225 | fetchmail before 6.3.1 and before 6.2.5.5 | |
| Security Update 2006-004 | CVE-2006-0321 | 1/22/2006 | 8/1/2006 | 191 | fetchmail 6.3.0 and other versions before 6.3.2 | |
| Security Update 2006-004 | CVE-2006-0392 | Internal/Not Credited | 8/1/2006 | Buffer overflow in Apple Mac OS X 10.4.7 | ||
| Security Update 2006-004 | CVE-2006-3501 | Internal/Not Credited | 8/1/2006 | Integer overflow in ImageIO for Apple Mac OS X 10.4.7 | ||
| Security Update 2006-004 | CVE-2006-3502 | Internal/Not Credited | 8/1/2006 | Unspecified vulnerability in ImageIO in Apple Mac OS X 10.4.7 | ||
| Security Update 2006-004 | CVE-2006-3503 | 5/9/2006 | 8/1/2006 | 84 | Integer overflow in ImageIO in Apple Mac OS X 10.4.7 | |
| Security Update 2006-004 | CVE-2006-3504 | Internal/Not Credited | 8/1/2006 | The Download Validation in LaunchServices for Apple Mac OS X 10.4.7 | ||
| Security Update 2006-004 | CVE-2006-3505 | 3/27/2006 | 8/1/2006 | 127 | WebKit in Apple Mac OS X 10.3.9 and 10.4.7 | |
| Xsan Filesystem 1.4 | CVE-2006-3506 | Withheld by researcher | 8/17/2006 | Buffer overflow in the Xsan Filesystem driver on Mac OS X 10.4.7 | ||
| QuickTime 7.1.3 | CVE-2006-4381 | 5/6/2006 | 9/12/2006 | 129 | Integer overflow in Apple QuickTime before 7.1.3 | |
| QuickTime 7.1.3 | CVE-2006-4386 | 6/12/2006 | 9/12/2006 | 92 | Integer overflow in Apple QuickTime before 7.1.3 | |
| QuickTime 7.1.3 | CVE-2006-4382 | 6/12/2006 | 9/12/2006 | 92 | Multiple buffer overflows in Apple QuickTime before 7.1.3 | |
| QuickTime 7.1.3 | CVE-2006-4384 | 8/16/2006 | 9/12/2006 | 27 | Heap-based buffer overflow in Apple QuickTime before 7.1.3 | |
| QuickTime 7.1.3 | CVE-2006-4388 | 6/12/2006 | 9/12/2006 | 92 | Integer overflow in Apple QuickTime before 7.1.3 | |
| QuickTime 7.1.3 | CVE-2006-4389 | 6/12/2006 | 9/12/2006 | 92 | Apple QuickTime before 7.1.3 | |
| QuickTime 7.1.3 | CVE-2006-4385 | 6/12/2006 | 9/12/2006 | 92 | Buffer overflow in Apple QuickTime before 7.1.3 | |
| AirPort Update 2006-001 | CVE-2006-3507 | Internal/Not Credited | 9/21/2006 | Multiple stack-based buffer overflows in the AirPort wireless driver on Apple Mac OS X 10.3.9 and 10.4.7 | ||
| AirPort Update 2006-001 | CVE-2006-3508 | Internal/Not Credited | 9/21/2006 | Heap-based buffer overflow in the AirPort wireless driver on Apple Mac OS X 10.4.7 | ||
| AirPort Update 2006-001 | CVE-2006-3509 | Internal/Not Credited | 9/21/2006 | Integer overflow in the API for the AirPort wireless driver on Apple Mac OS X 10.4.7 | ||
| Mac OS X 10.4.8 Update | CVE-2006-4391 | 8/1/2006 | 9/29/2006 | 59 | Buffer overflow in Apple ImageIO on Apple Mac OS X 10.4 through 10.4.7 | |
| Mac OS X 10.4.8 Update | CVE-2006-4395 | Internal/Not Credited | 9/29/2006 | Unspecified vulnerability in QuickDraw Manager in Apple Mac OS X 10.3.9 and 10.4 through 10.4.7 | 30 | |
| Mac OS X 10.4.8 Update | CVE-2006-3946 | 5/9/2006(D) | 9/29/2006 | 143 | WebCore in Apple Mac OS X 10.3.9 and 10.4 through 10.4.7 | |
| Xcode Tools 2.4.1 | CVE-2006-4146 | 8/28/2006 | 10/31/2006 | 64 | Buffer overflow in the (1) DWARF | |
| Security Update 2006-007 | CVE-2006-5710 | 11/11/2006(D) | 11/28/2006 | 17 | The Airport driver for certain Orinoco based Airport cards in Darwin kernel 8.8.0 in Apple Mac OS X 10.4.8, | |
| Security Update 2006-007 | CVE-2006-4400 | Internal/Not Credited | 11/28/2006 | Stack-based buffer overflow in the Apple Type Services (ATS) server in Mac OS 10.4.8 | ||
| Security Update 2006-007 | CVE-2006-4402 | Internal/Not Credited | 11/28/2006 | Heap-based buffer overflow in the Finder in Apple Mac OS X 10.4.8 | ||
| Security Update 2006-007 | CVE-2006-4334 | 8/29/2006 | 11/28/2006 | 91 | Unspecified vulnerability in gzip 1.3.5 | |
| Security Update 2006-007 | CVE-2006-4335 | 8/29/2006 | 11/28/2006 | 91 | Array index error in the make_table function | |
| Security Update 2006-007 | CVE-2006-4336 | 8/29/2006 | 11/28/2006 | 91 | Buffer underflow in the build_tree function in unpack.c in gzip 1.3.5 | |
| Security Update 2006-007 | CVE-2006-4337 | 8/29/2006 | 11/28/2006 | 91 | Buffer overflow in the make_table function in the LHZ component in gzip 1.3.5 | |
| Security Update 2006-007 | CVE-2006-4338 | 8/29/2006 | 11/28/2006 | 91 | unlzh.c in the LHZ component in gzip 1.3.5 | |
| Security Update 2006-007 | CVE-2006-4404 | Internal/Not Credited | 11/28/2006 | Installer application in Apple Mac OS X 10.4.8 and earlier, | ||
| Security Update 2006-007 | CVE-2005-3962 | 12/1/2005 | 11/28/2006 | 362 | Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl) | |
| Security Update 2006-007 | CVE-2006-1490 | 3/28/2006 | 11/28/2006 | 245 | PHP before 5.1.3-RC1 | |
| Security Update 2006-007 | CVE-2006-1990 | 4/24/2006(D) | 11/28/2006 | 218 | PHP before 5.1.3-RC1 | |
| Security Update 2006-007 | CVE-2006-5465 | 11/2/2006 | 11/28/2006 | 26 | Buffer overflow in PHP before 5.2.0 | |
| Security Update 2006-007 | CVE-2006-4406 | 9/14/2006 | 11/28/2006 | 75 | Buffer overflow in PPP on Apple Mac OS X 10.4.x up to 10.4.8 | |
| Security Update 2006-007 | CVE-2006-4412 | 9/5/2006 | 11/28/2006 | 84 | WebKit in Apple Mac OS X 10.3.x through 10.3.9 and 10.4 through 10.4.8 | |
| Average Time to Patch: | 82 days | |||||