CVSS: 6.8EPSS: 1%CPEs: 17EXPL: 0CVE-2014-4477 – (Mobile Pwn2Own) Apple Safari Set Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-4477
WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4476 and CVE-2014-4479. WebKit, utilizado en Apple iOS anterior a 8.1.3; Apple Safari anterior a 6.2.3, 7.x anterior a 7.1.3, y 8.x anterior a 8.0.3; y Apple TV anterior a 7.0.3, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y caída de aplicación) a través de un sitio web manipulado, una vulnerabilidad diferente a CVE-2014-4476 y CVE-2014-4479. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Set objects. The issue lies in the usage of an iterator after clearing the object. • http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html http://lists.apple.com/archives/security-announce/2015/Jan/msg00002.html http://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html http://support.apple.com/HT204243 http://support.apple.com/HT204245 http://support.apple.com/HT204246 http://www.securityfocus.com/bid/72331 http://www.securitytracker.com/id/1031647 https://su • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 0%CPEs: 13EXPL: 0CVE-2014-4474
https://notcve.org/view.php?id=CVE-2014-4474
WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1. WebKit, utilizado en Apple Safari anterior a 6.2.1, 7.x anterior a 7.1.1, y 8.x anterior a 8.0.1, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de un sitio web manipulado, una vulnerabilidad diferente a otros CVEs de WebKit listados en APPLE-SA-2014-12-2-1. • http://lists.apple.com/archives/security-announce/2014/Dec/msg00000.html http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html http://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html http://support.apple.com/HT204245 http://support.apple.com/HT204246 http://support.apple.com/kb/HT6596 http://www.securityfocus.com/bid/71449 https://support.apple.com/kb/HT204949 • CWE-399: Resource Management Errors •
CVSS: 5.0EPSS: 0%CPEs: 5EXPL: 0CVE-2014-4465
https://notcve.org/view.php?id=CVE-2014-4465
WebKit in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1 allows remote attackers to bypass the Same Origin Policy via crafted Cascading Style Sheets (CSS) token sequences within an SVG file in the SRC attribute of an IMG element. WebKit en Apple Safari anterior a 6.2.1, 7.x anterior a 7.1.1, y 8.x anterior a 8.0.1 permite a atacantes remotos evadir Same Origin Policy a través de secuencias del token CSS (Cascading Style Sheets) dentro de un fichero SVG en el atributo SRC de un elemento IMG. • http://lists.apple.com/archives/security-announce/2014/Dec/msg00000.html http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html http://support.apple.com/HT204245 http://support.apple.com/HT204246 http://support.apple.com/kb/HT6596 • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 0%CPEs: 13EXPL: 0CVE-2014-4470
https://notcve.org/view.php?id=CVE-2014-4470
WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1. WebKit, utilizado en Apple Safari aqnterior a 6.2.1, 7.x anterior a 7.1.1, y 8.x anterior a 8.0.1, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de un sitio web manipulado, una vulnerabilidad diferente a otros CVEs de WebKit listados en APPLE-SA-2014-12-2-1. • http://lists.apple.com/archives/security-announce/2014/Dec/msg00000.html http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html http://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html http://support.apple.com/HT204245 http://support.apple.com/HT204246 http://support.apple.com/kb/HT6596 http://www.securityfocus.com/bid/71462 https://support.apple.com/kb/HT204949 • CWE-399: Resource Management Errors •
CVSS: 6.8EPSS: 0%CPEs: 13EXPL: 0CVE-2014-4469
https://notcve.org/view.php?id=CVE-2014-4469
WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1. WebKit, utilizado en Apple Safari anterior a 6.2.1, 7.x anterior a 7.1.1, y 8.x anterior a 8.0.1, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de un sitio web manipulado, una vulnerabilidad diferente a otros CVEs de WebKit listados en APPLE-SA-2014-12-2-1. • http://lists.apple.com/archives/security-announce/2014/Dec/msg00000.html http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html http://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html http://support.apple.com/HT204245 http://support.apple.com/HT204246 http://support.apple.com/kb/HT6596 http://www.securityfocus.com/bid/71461 https://support.apple.com/kb/HT204949 • CWE-399: Resource Management Errors •