CVE-2014-4471
https://notcve.org/view.php?id=CVE-2014-4471
WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1. WebKit, utilizado en Apple Safari anterior a 6.2.1, 7.xanterior a 7.1.1, y 8.x anterior a 8.0.1, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria o caída de la aplicación) a través de un sitio web manipulado, una vulnerabilidad diferente a otros CVEs de WebKit listados en APPLE-SA-2014-12-2-1. • http://lists.apple.com/archives/security-announce/2014/Dec/msg00000.html http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html http://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html http://support.apple.com/HT204245 http://support.apple.com/HT204246 http://support.apple.com/kb/HT6596 http://www.securityfocus.com/bid/71438 https://support.apple.com/kb/HT204949 • CWE-399: Resource Management Errors •
CVE-2014-4452
https://notcve.org/view.php?id=CVE-2014-4452
WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4462. WebKit, usado en Apple iOS anterior a 8.1.1 y Apple TV anterior a 7.0.2 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de la memoria y caída de la aplicación) a través de un sito web manipulado, una vulnerabilidad diferente a la CVE-2014-4462. • http://lists.apple.com/archives/security-announce/2014/Dec/msg00000.html http://lists.apple.com/archives/security-announce/2014/Nov/msg00000.html http://lists.apple.com/archives/security-announce/2014/Nov/msg00002.html http://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html http://secunia.com/advisories/62504 http://secunia.com/advisories/62505 http://support.apple.com/kb/HT6596 http://www.securityfocus.com/bid/71137 http://www.securitytracker.com/id/1031231 https: • CWE-399: Resource Management Errors •
CVE-2014-4459
https://notcve.org/view.php?id=CVE-2014-4459
Use-after-free vulnerability in WebKit, as used in Apple OS X before 10.10.1, allows remote attackers to execute arbitrary code via crafted page objects in an HTML document. Una vulnerabilidad de uso después de liberación en WebKit, usado en Apple OS X anterior a 10.10.1, permite a atacantes ejecutar código arbitrario a través de objetos de página en un documento HTML. • http://lists.apple.com/archives/security-announce/2014/Dec/msg00000.html http://lists.apple.com/archives/security-announce/2014/Nov/msg00001.html http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html http://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html http://secunia.com/advisories/62503 http://support.apple.com/HT204245 http://support.apple.com/HT204246 http://support.apple. •
CVE-2014-3192 – chromium: use-after-free in DOM, fixed in Chrome 38.0.2125.101
https://notcve.org/view.php?id=CVE-2014-3192
Use-after-free vulnerability in the ProcessingInstruction::setXSLStyleSheet function in core/dom/ProcessingInstruction.cpp in the DOM implementation in Blink, as used in Google Chrome before 38.0.2125.101, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. Vulnerabilidad de uso después de liberación en la función ProcessingInstruction::setXSLStyleSheet en core/dom/ProcessingInstruction.cpp en la implementación DOM en Blink, utilizado en Google Chrome anterior a 38.0.2125.101, permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado a través de vectores desconocidos. • http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html http://lists.apple.com/archives/security-announce/2015/Jan/msg00002.html http://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html http://rhn.redhat.com/errata/RHSA-2014-1626.html http://support.apple.com/HT204243 http://support.apple.com/HT204245 http:/& • CWE-416: Use After Free •
CVE-2014-1347
https://notcve.org/view.php?id=CVE-2014-1347
Apple iTunes before 11.2.1 on OS X sets world-writable permissions for /Users and /Users/Shared during reboots, which allows local users to modify files, and consequently obtain access to arbitrary user accounts, via standard filesystem operations. Apple iTunes anterior a 11.2.1 en OS X configura permisos de lectura universal para /Users y /Users/Shared durante reinicios, lo que permite a usuarios locales modificar archivos, y como consecuencia obtener acceso a cuentas de usuarios arbitrarios, a través de operaciones estándar de sistemas de archivos. • http://support.apple.com/kb/HT6251 • CWE-264: Permissions, Privileges, and Access Controls •