CVSS: 6.8EPSS: 1%CPEs: 12EXPL: 0CVE-2014-1313
https://notcve.org/view.php?id=CVE-2014-1313
WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1. WebKit, utilizado en Apple Safari anterior a 6.1.3 y 7.x anterior a 7.0.3, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y caída de aplicación) a través de un sitio web manipulado, una vulnerabilidad diferente a otros CVEs de WebKit listados en APPLE-SA-2014-04-01-1. • http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html https://support.apple.com/kb/HT6537 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 0%CPEs: 12EXPL: 0CVE-2014-1297
https://notcve.org/view.php?id=CVE-2014-1297
WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, does not properly validate WebProcess IPC messages, which allows remote attackers to bypass a sandbox protection mechanism and read arbitrary files by leveraging WebProcess access. WebKit, utilizado en Apple Safari anterior a 6.1.3 y 7.x anterior a 7.0.3, no valida debidamente mensajes IPC de WebProcess, lo que permite a atacantes remotos evadir un mecanismo de protección sandbox y leer archivos arbitrarios mediante el aprovechamiento de acceso a WebProcess. • http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 1%CPEs: 12EXPL: 0CVE-2014-1307
https://notcve.org/view.php?id=CVE-2014-1307
WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1. WebKit, utilizado en Apple Safari anterior a 6.1.3 y 7.x anterior a 7.0.3, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y caída de aplicación) a través de un sitio web manipulado, una vulnerabilidad diferente a otros CVEs de WebKit CVEs listados en APPLE-SA-2014-04-01-1. • http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html https://support.apple.com/kb/HT6537 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 13%CPEs: 2EXPL: 0CVE-2014-1300 – (Pwn2Own\Pwn4Fun) Apple Webkit JSStringJoiner Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-1300
Unspecified vulnerability in Apple Safari 7.0.2 on OS X allows remote attackers to execute arbitrary code with root privileges via unknown vectors, as demonstrated by Google during a Pwn4Fun competition at CanSecWest 2014. Vulnerabilidad no especificada en Apple Safari 7.0.2 en OS X permite a atacantes remotos ejecutar código arbitrario con privilegios root a través de vectores desconocidos, como fue demostrado por Google durante una competición Pwn4Fun en CanSecWest 2014. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple WebKit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of string objects. The issue lies in the joining of strings in an array. • http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html http://twitter.com/thezdi/statuses/443796547872903168 http://www.pwn2own.com/2014/03/pwn2own-results-for-wednesday-day-one https://support.apple.com/kb/HT6537 •
CVSS: 10.0EPSS: 27%CPEs: 1EXPL: 3CVE-2014-1303 – Apple Safari Heap Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-1303
Heap-based buffer overflow in Apple Safari 7.0.2 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism via unspecified vectors, as demonstrated by Liang Chen during a Pwn2Own competition at CanSecWest 2014. Desbordamiento de buffer basado en memoria dinámica en Apple Safari 7.0.2 permite a atacantes remotos ejecutar código arbitrario y evadir un mecanismo de proyección sandbox a través de vectores no especificados, como fue demostrado por Liang Chen durante una competición Pwn2Own en CanSecWest 2014. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of CSS rules. The issue lies in the improper handling of CSSSelector elements. • https://www.exploit-db.com/exploits/44200 https://www.exploit-db.com/exploits/44204 https://github.com/RKX1209/CVE-2014-1303 http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html http://twitter.com/thezdi/statuses/444157530139136000 http://www.pwn2own.com/2014/03/pwn2own-results-thursday-day-two https://support.apple.com/kb/HT6537 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •