CVSS: 8.8EPSS: 1%CPEs: 17EXPL: 0CVE-2014-4477 – (Mobile Pwn2Own) Apple Safari Set Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-4477
27 Jan 2015 — WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4476 and CVE-2014-4479. WebKit, utilizado en Apple iOS anterior a 8.1.3; Apple Safari anterior a 6.2.3, 7.x anterior a 7.1.3, y 8.x anterior a 8.0.3; y Apple TV anterior a 7.0.3, permite a a... • http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2014-4465
https://notcve.org/view.php?id=CVE-2014-4465
04 Dec 2014 — WebKit in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1 allows remote attackers to bypass the Same Origin Policy via crafted Cascading Style Sheets (CSS) token sequences within an SVG file in the SRC attribute of an IMG element. WebKit en Apple Safari anterior a 6.2.1, 7.x anterior a 7.1.1, y 8.x anterior a 8.0.1 permite a atacantes remotos evadir Same Origin Policy a través de secuencias del token CSS (Cascading Style Sheets) dentro de un fichero SVG en el atributo SRC de un elemento IM... • http://lists.apple.com/archives/security-announce/2014/Dec/msg00000.html • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 1%CPEs: 13EXPL: 0CVE-2014-4466
https://notcve.org/view.php?id=CVE-2014-4466
04 Dec 2014 — WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1. WebKit, utilizado en Apple Safari anterior a 6.2.1, 7.x anterior a 7.1.1, y 8.x anterior a 8.0.1, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción... • http://lists.apple.com/archives/security-announce/2014/Dec/msg00000.html • CWE-399: Resource Management Errors •
CVSS: 8.8EPSS: 0%CPEs: 13EXPL: 0CVE-2014-4468
https://notcve.org/view.php?id=CVE-2014-4468
04 Dec 2014 — WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1. WebKit, utilizado en Apple Safari anterior a 6.2.1, 7.x anterior a 7.1.1, y 8.x anterior a 8.0.1, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción... • http://lists.apple.com/archives/security-announce/2014/Dec/msg00000.html • CWE-399: Resource Management Errors •
CVSS: 8.8EPSS: 0%CPEs: 13EXPL: 0CVE-2014-4469
https://notcve.org/view.php?id=CVE-2014-4469
04 Dec 2014 — WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1. WebKit, utilizado en Apple Safari anterior a 6.2.1, 7.x anterior a 7.1.1, y 8.x anterior a 8.0.1, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción... • http://lists.apple.com/archives/security-announce/2014/Dec/msg00000.html • CWE-399: Resource Management Errors •
CVSS: 8.8EPSS: 0%CPEs: 13EXPL: 0CVE-2014-4470
https://notcve.org/view.php?id=CVE-2014-4470
04 Dec 2014 — WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1. WebKit, utilizado en Apple Safari aqnterior a 6.2.1, 7.x anterior a 7.1.1, y 8.x anterior a 8.0.1, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupció... • http://lists.apple.com/archives/security-announce/2014/Dec/msg00000.html • CWE-399: Resource Management Errors •
CVSS: 8.8EPSS: 0%CPEs: 13EXPL: 0CVE-2014-4471
https://notcve.org/view.php?id=CVE-2014-4471
04 Dec 2014 — WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1. WebKit, utilizado en Apple Safari anterior a 6.2.1, 7.xanterior a 7.1.1, y 8.x anterior a 8.0.1, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción ... • http://lists.apple.com/archives/security-announce/2014/Dec/msg00000.html • CWE-399: Resource Management Errors •
CVSS: 8.8EPSS: 0%CPEs: 13EXPL: 0CVE-2014-4472
https://notcve.org/view.php?id=CVE-2014-4472
04 Dec 2014 — WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1. WebKit, utilizado en Apple Safari anterior a 6.2.1, 7.x anterior a 7.1.1, y 8.x anterior a 8.0.1, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción... • http://lists.apple.com/archives/security-announce/2014/Dec/msg00000.html • CWE-399: Resource Management Errors •
CVSS: 8.8EPSS: 0%CPEs: 13EXPL: 0CVE-2014-4473
https://notcve.org/view.php?id=CVE-2014-4473
04 Dec 2014 — WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1. WebKit, utilizado en Apple Safari anterior a 6.2.1, 7.x anterior a 7.1.1, y 8.x anterior a 8.0.1, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción... • http://lists.apple.com/archives/security-announce/2014/Dec/msg00000.html • CWE-399: Resource Management Errors •
CVSS: 8.8EPSS: 0%CPEs: 13EXPL: 0CVE-2014-4474
https://notcve.org/view.php?id=CVE-2014-4474
04 Dec 2014 — WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1. WebKit, utilizado en Apple Safari anterior a 6.2.1, 7.x anterior a 7.1.1, y 8.x anterior a 8.0.1, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción... • http://lists.apple.com/archives/security-announce/2014/Dec/msg00000.html • CWE-399: Resource Management Errors •