CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2014-4363
https://notcve.org/view.php?id=CVE-2014-4363
Safari in Apple iOS before 8 does not properly restrict the autofilling of passwords in forms, which allows remote attackers to obtain sensitive information via (1) an http web site, (2) an https web site with an unacceptable X.509 certificate, or (3) an IFRAME element. Safari en Apple iOS anterior a 8 no restringe debidamente el autocompletado de la contraseñas en formularios, lo que permite a atacantes remotos obtener información sensible a través de (1) un sitio web http, (2) un sitio web https con ceritificado X.509 inaceptable, o (3) elemento IFRAME. • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html http://secunia.com/advisories/61306 http://support.apple.com/kb/HT6440 http://support.apple.com/kb/HT6441 http://www.securityfocus.com/bid/69882 http://www.securityfocus.com/bid/69909 http://www.securitytracker.com/id/1030866 https://exchange.xforce.ibmcloud.com/vulnerabilities/96075 • CWE-255: Credentials Management Errors •
CVSS: 6.8EPSS: 0%CPEs: 18EXPL: 0CVE-2014-1385
https://notcve.org/view.php?id=CVE-2014-1385
WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in HT6367. WebKit, utilizado en Apple Safari anterior a 6.1.6 y 7.x anterior a 7.0.6, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de un sitio web manipulado, una vulnerabilidad diferente a otros CVEs de WebKit listados en HT6367. • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html http://archives.neohapsis.com/archives/bugtraq/2014-09/0107.html http://secunia.com/advisories/60705 http://secunia.com/advisories/61318 http://support.apple.com/kb/HT6367 http://support.apple.com/kb/HT6441 http://support.apple.com/kb/HT6442 http://www.securityfocus.com/bid/69223 http://www.securitytracker.com/id/1030731 https://exchange.xforce.ibmcloud.com/vulnerabilities/95268 https://security.gentoo.org/glsa&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 0%CPEs: 18EXPL: 0CVE-2014-1388
https://notcve.org/view.php?id=CVE-2014-1388
WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in HT6367. WebKit, utilizado en Apple Safari anterior a 6.1.6 y 7.x anterior a 7.0.6, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de un sitio web manipulado, una vulnerabilidad diferente a otros CVEs de WebKit listados en HT6367. • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html http://archives.neohapsis.com/archives/bugtraq/2014-09/0107.html http://secunia.com/advisories/60705 http://secunia.com/advisories/61318 http://support.apple.com/kb/HT6367 http://support.apple.com/kb/HT6441 http://support.apple.com/kb/HT6442 http://www.securityfocus.com/bid/69223 http://www.securitytracker.com/id/1030731 https://exchange.xforce.ibmcloud.com/vulnerabilities/95271 https://security.gentoo.org/glsa&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 0%CPEs: 18EXPL: 0CVE-2014-1390
https://notcve.org/view.php?id=CVE-2014-1390
WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in HT6367. WebKit, utilizado en Apple Safari anterior a 6.1.6 y 7.x anterior a 7.0.6, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de un sitio web manipulado, una vulnerabilidad diferente a otros CVEs de WebKit listados en HT6367. • http://secunia.com/advisories/60705 http://support.apple.com/kb/HT6367 http://www.securityfocus.com/bid/69223 http://www.securitytracker.com/id/1030731 https://exchange.xforce.ibmcloud.com/vulnerabilities/95273 https://security.gentoo.org/glsa/201601-02 https://support.apple.com/kb/HT6537 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 0%CPEs: 18EXPL: 0CVE-2014-1386
https://notcve.org/view.php?id=CVE-2014-1386
WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in HT6367. WebKit, utilizado en Apple Safari anterior a 6.1.6 y 7.x anterior a 7.0.6, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de un sitio web manipulado, una vulnerabilidad diferente a otros CVEs de WebKit listados en HT6367. • http://secunia.com/advisories/60705 http://support.apple.com/kb/HT6367 http://www.securityfocus.com/bid/69223 http://www.securitytracker.com/id/1030731 https://exchange.xforce.ibmcloud.com/vulnerabilities/95269 https://security.gentoo.org/glsa/201601-02 https://support.apple.com/kb/HT6537 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •