CVE-2014-8146 – ICU library 52 < 54 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-8146
The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 does not properly track directionally isolated pieces of text, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via crafted text. La función resolveImplicitLevels en common/ubidi.c en la implementación Unicode Bidirectional Algorithm en ICU4C en International Components for Unicode (ICU) anterior a 55.1 no rastrea correctamente trozos de texto aislados direccionalmente, lo que permite a atacantes remotos causar una denegación de servicio (desbordamiento de buffer basado en memoria dinámica) o posiblemente ejecutar código arbitrario a través de texto manipulado. • https://www.exploit-db.com/exploits/43887 http://bugs.icu-project.org/trac/changeset/37162 http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html http://openwall.com/lists/oss-security/2015/05/05/6 http://seclists.org/fulldisclosure/2015/May/14 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2015-1122
https://notcve.org/view.php?id=CVE-2015-1122
WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4. WebKit, utilizado en Apple iOS anterior a 8.3, Apple TV anterior a 7.2, y Apple Safari anterior a 6.2.5, 7.x anterior a 7.1.5, y 8.x anterior a 8.0.5, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y caída de aplicación) a través de un sitio web manipulado, una vulnerabilidad diferente a otros CVEs de WebKit listados en APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, y APPLE-SA-2015-04-08-4. • http://lists.apple.com/archives/security-announce/2015/Apr/msg00000.html http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html http://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html http://lists.opensuse.org/opensuse-updates/2016-03/msg00054.html http://lists.opensuse.org/opensuse-updates/2016-03/msg00132.html http://www.securityfocus.com/bid/73972 http://www.securitytracker.com/id& •
CVE-2015-1124
https://notcve.org/view.php?id=CVE-2015-1124
WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4. WebKit, utilizado en Apple iOS anterior a 8.3, Apple TV anterior a 7.2, y Apple Safari anterior a 6.2.5, 7.x anterior a 7.1.5, y 8.x anterior a 8.0.5, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y caída de aplicación) a través de un sitio web manipulado, una vulnerabilidad diferente a otros CVEs de WebKit listados en APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, y APPLE-SA-2015-04-08-4. • http://lists.apple.com/archives/security-announce/2015/Apr/msg00000.html http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html http://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html http://www.securityfocus.com/bid/73972 http://www.securitytracker.com/id/1032047 https://support.apple.com/HT204658 https://support.apple.com/HT204661 https://support.apple.com/HT204662 https:// •
CVE-2015-1119
https://notcve.org/view.php?id=CVE-2015-1119
WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4. WebKit, utilizado en Apple iOS anterior a 8.3, Apple TV anterior a 7.2, y Apple Safari anterior a 6.2.5, 7.x anterior a 7.1.5, y 8.x anterior a 8.0.5, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y caída de aplicación) a través de un sitio web manipulado, una vulnerabilidad diferente a otros CVEs de WebKit listados en APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, y APPLE-SA-2015-04-08-4. • http://lists.apple.com/archives/security-announce/2015/Apr/msg00000.html http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html http://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html http://www.securityfocus.com/bid/73972 http://www.securitytracker.com/id/1032047 https://support.apple.com/HT204658 https://support.apple.com/HT204661 https://support.apple.com/HT204662 https:// •
CVE-2015-1121
https://notcve.org/view.php?id=CVE-2015-1121
WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4. WebKit, utilizado en Apple iOS anterior a 8.3, Apple TV anterior a 7.2, y Apple Safari anterior a 6.2.5, 7.x anterior a 7.1.5, y 8.x anterior a 8.0.5, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio corrupción de memoria y caída de aplicación) a través de un sitio web manipulado, una vulnerabilidad diferente a otros CVEs de WebKit listados en APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, y APPLE-SA-2015-04-08-4. • http://lists.apple.com/archives/security-announce/2015/Apr/msg00000.html http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html http://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html http://www.securityfocus.com/bid/73972 http://www.securitytracker.com/id/1032047 https://support.apple.com/HT204658 https://support.apple.com/HT204661 https://support.apple.com/HT204662 https:// •