CVSS: 5.0EPSS: 0%CPEs: 5EXPL: 0CVE-2014-4465
https://notcve.org/view.php?id=CVE-2014-4465
WebKit in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1 allows remote attackers to bypass the Same Origin Policy via crafted Cascading Style Sheets (CSS) token sequences within an SVG file in the SRC attribute of an IMG element. WebKit en Apple Safari anterior a 6.2.1, 7.x anterior a 7.1.1, y 8.x anterior a 8.0.1 permite a atacantes remotos evadir Same Origin Policy a través de secuencias del token CSS (Cascading Style Sheets) dentro de un fichero SVG en el atributo SRC de un elemento IMG. • http://lists.apple.com/archives/security-announce/2014/Dec/msg00000.html http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html http://support.apple.com/HT204245 http://support.apple.com/HT204246 http://support.apple.com/kb/HT6596 • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 0%CPEs: 13EXPL: 0CVE-2014-4470
https://notcve.org/view.php?id=CVE-2014-4470
WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1. WebKit, utilizado en Apple Safari aqnterior a 6.2.1, 7.x anterior a 7.1.1, y 8.x anterior a 8.0.1, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de un sitio web manipulado, una vulnerabilidad diferente a otros CVEs de WebKit listados en APPLE-SA-2014-12-2-1. • http://lists.apple.com/archives/security-announce/2014/Dec/msg00000.html http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html http://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html http://support.apple.com/HT204245 http://support.apple.com/HT204246 http://support.apple.com/kb/HT6596 http://www.securityfocus.com/bid/71462 https://support.apple.com/kb/HT204949 • CWE-399: Resource Management Errors •
CVSS: 6.8EPSS: 0%CPEs: 13EXPL: 0CVE-2014-4472
https://notcve.org/view.php?id=CVE-2014-4472
WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1. WebKit, utilizado en Apple Safari anterior a 6.2.1, 7.x anterior a 7.1.1, y 8.x anterior a 8.0.1, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de un sitio web manipulado, una vulnerabilidad diferente a otros CVEs de WebKit listados en APPLE-SA-2014-12-2-1. • http://lists.apple.com/archives/security-announce/2014/Dec/msg00000.html http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html http://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html http://support.apple.com/HT204245 http://support.apple.com/HT204246 http://support.apple.com/kb/HT6596 http://www.securityfocus.com/bid/71442 https://support.apple.com/kb/HT204949 • CWE-399: Resource Management Errors •
CVSS: 6.8EPSS: 0%CPEs: 13EXPL: 0CVE-2014-4468
https://notcve.org/view.php?id=CVE-2014-4468
WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1. WebKit, utilizado en Apple Safari anterior a 6.2.1, 7.x anterior a 7.1.1, y 8.x anterior a 8.0.1, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de un sitio web manipulado, una vulnerabilidad diferente a otros CVEs de WebKit listados en APPLE-SA-2014-12-2-1. • http://lists.apple.com/archives/security-announce/2014/Dec/msg00000.html http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html http://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html http://support.apple.com/HT204245 http://support.apple.com/HT204246 http://support.apple.com/kb/HT6596 http://www.securityfocus.com/bid/71459 https://support.apple.com/kb/HT204949 • CWE-399: Resource Management Errors •
CVSS: 6.8EPSS: 0%CPEs: 18EXPL: 0CVE-2014-1385
https://notcve.org/view.php?id=CVE-2014-1385
WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in HT6367. WebKit, utilizado en Apple Safari anterior a 6.1.6 y 7.x anterior a 7.0.6, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de un sitio web manipulado, una vulnerabilidad diferente a otros CVEs de WebKit listados en HT6367. • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html http://archives.neohapsis.com/archives/bugtraq/2014-09/0107.html http://secunia.com/advisories/60705 http://secunia.com/advisories/61318 http://support.apple.com/kb/HT6367 http://support.apple.com/kb/HT6441 http://support.apple.com/kb/HT6442 http://www.securityfocus.com/bid/69223 http://www.securitytracker.com/id/1030731 https://exchange.xforce.ibmcloud.com/vulnerabilities/95268 https://security.gentoo.org/glsa&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •