Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2014-1333 (GCVE-0-2014-1333)
Vulnerability from cvelistv5
Published
2014-05-22 19:00
Modified
2024-08-06 09:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:34:41.258Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT6537"
},
{
"name": "APPLE-SA-2014-06-30-4",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0175.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT6254"
},
{
"name": "APPLE-SA-2014-06-30-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html"
},
{
"name": "67553",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/67553"
},
{
"name": "APPLE-SA-2014-05-21-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-05/0128.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-06T18:57:01",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT6537"
},
{
"name": "APPLE-SA-2014-06-30-4",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0175.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT6254"
},
{
"name": "APPLE-SA-2014-06-30-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html"
},
{
"name": "67553",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/67553"
},
{
"name": "APPLE-SA-2014-05-21-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-05/0128.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2014-1333",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/kb/HT6537",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT6537"
},
{
"name": "APPLE-SA-2014-06-30-4",
"refsource": "APPLE",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0175.html"
},
{
"name": "http://support.apple.com/kb/HT6254",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT6254"
},
{
"name": "APPLE-SA-2014-06-30-3",
"refsource": "APPLE",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html"
},
{
"name": "67553",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67553"
},
{
"name": "APPLE-SA-2014-05-21-1",
"refsource": "APPLE",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-05/0128.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2014-1333",
"datePublished": "2014-05-22T19:00:00",
"dateReserved": "2014-01-08T00:00:00",
"dateUpdated": "2024-08-06T09:34:41.258Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2014-1333\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2014-05-22T19:55:07.327\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1.\"},{\"lang\":\"es\",\"value\":\"WebKit, utilizado en Apple Safari anterior a 6.1.4 y 7.x anterior a 7.0.4, permite a atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria y ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de un sitio web manipulado, una vulnerabilidad diferente a otros CVEs de WebKit listados en APPLE-SA-2014-05-21-1.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"6.1.3\",\"matchCriteriaId\":\"DC328FF9-3049-4E2C-9A79-D6038953B101\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9BA4B009-6BF2-4174-A05C-77B75C45377C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:6.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"136A760D-2873-4216-AB60-E3D93DE82BCF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:6.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AFF3DFE0-2587-4E91-ACC2-45E9B51EF4C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:6.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"076B9C00-EFB0-4284-A617-FAEE341F80FB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:6.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8851ED07-715F-4F6A-AE29-FA95D069F972\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:6.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"65EBA204-5E12-429A-9414-400CBAA0BA89\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4A600193-92E3-4A31-824D-94BC87E513B2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:6.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"74543772-8C0C-4055-BC1E-D7EAA8A55B51\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:6.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"77462FFC-4F46-4DE4-BE90-78457B7B4FD7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"88D46FE5-10D2-44A0-ACAE-CEED8BD0C30C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:7.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"391B4255-4434-4EB3-929B-3E593D9CD249\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:7.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"40B87D10-55B3-42E7-8FF6-93EDF003337D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:7.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5D4EBCD8-9DD5-468E-8B5B-49E38FEBCEC2\"}]}]}],\"references\":[{\"url\":\"http://archives.neohapsis.com/archives/bugtraq/2014-05/0128.html\",\"source\":\"product-security@apple.com\"},{\"url\":\"http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html\",\"source\":\"product-security@apple.com\"},{\"url\":\"http://archives.neohapsis.com/archives/bugtraq/2014-06/0175.html\",\"source\":\"product-security@apple.com\"},{\"url\":\"http://support.apple.com/kb/HT6254\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/67553\",\"source\":\"product-security@apple.com\"},{\"url\":\"https://support.apple.com/kb/HT6537\",\"source\":\"product-security@apple.com\"},{\"url\":\"http://archives.neohapsis.com/archives/bugtraq/2014-05/0128.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://archives.neohapsis.com/archives/bugtraq/2014-06/0175.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://support.apple.com/kb/HT6254\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/67553\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.apple.com/kb/HT6537\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
ghsa-3gvm-4fr4-4hf7
Vulnerability from github
Published
2022-05-17 03:22
Modified
2022-05-17 03:22
VLAI Severity ?
Details
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1.
{
"affected": [],
"aliases": [
"CVE-2014-1333"
],
"database_specific": {
"cwe_ids": [
"CWE-119"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2014-05-22T19:55:00Z",
"severity": "MODERATE"
},
"details": "WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1.",
"id": "GHSA-3gvm-4fr4-4hf7",
"modified": "2022-05-17T03:22:59Z",
"published": "2022-05-17T03:22:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-1333"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT6537"
},
{
"type": "WEB",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-05/0128.html"
},
{
"type": "WEB",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html"
},
{
"type": "WEB",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0175.html"
},
{
"type": "WEB",
"url": "http://support.apple.com/kb/HT6254"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/67553"
}
],
"schema_version": "1.4.0",
"severity": []
}
fkie_cve-2014-1333
Vulnerability from fkie_nvd
Published
2014-05-22 19:55
Modified
2025-04-12 10:46
Severity ?
Summary
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1.
References
| URL | Tags | ||
|---|---|---|---|
| product-security@apple.com | http://archives.neohapsis.com/archives/bugtraq/2014-05/0128.html | ||
| product-security@apple.com | http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html | ||
| product-security@apple.com | http://archives.neohapsis.com/archives/bugtraq/2014-06/0175.html | ||
| product-security@apple.com | http://support.apple.com/kb/HT6254 | Vendor Advisory | |
| product-security@apple.com | http://www.securityfocus.com/bid/67553 | ||
| product-security@apple.com | https://support.apple.com/kb/HT6537 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/bugtraq/2014-05/0128.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/bugtraq/2014-06/0175.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://support.apple.com/kb/HT6254 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/67553 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/kb/HT6537 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC328FF9-3049-4E2C-9A79-D6038953B101",
"versionEndIncluding": "6.1.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BA4B009-6BF2-4174-A05C-77B75C45377C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "136A760D-2873-4216-AB60-E3D93DE82BCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AFF3DFE0-2587-4E91-ACC2-45E9B51EF4C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "076B9C00-EFB0-4284-A617-FAEE341F80FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8851ED07-715F-4F6A-AE29-FA95D069F972",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "65EBA204-5E12-429A-9414-400CBAA0BA89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4A600193-92E3-4A31-824D-94BC87E513B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "74543772-8C0C-4055-BC1E-D7EAA8A55B51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "77462FFC-4F46-4DE4-BE90-78457B7B4FD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "88D46FE5-10D2-44A0-ACAE-CEED8BD0C30C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "391B4255-4434-4EB3-929B-3E593D9CD249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "40B87D10-55B3-42E7-8FF6-93EDF003337D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:7.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5D4EBCD8-9DD5-468E-8B5B-49E38FEBCEC2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1."
},
{
"lang": "es",
"value": "WebKit, utilizado en Apple Safari anterior a 6.1.4 y 7.x anterior a 7.0.4, permite a atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria y ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de un sitio web manipulado, una vulnerabilidad diferente a otros CVEs de WebKit listados en APPLE-SA-2014-05-21-1."
}
],
"id": "CVE-2014-1333",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-05-22T19:55:07.327",
"references": [
{
"source": "product-security@apple.com",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-05/0128.html"
},
{
"source": "product-security@apple.com",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html"
},
{
"source": "product-security@apple.com",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0175.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT6254"
},
{
"source": "product-security@apple.com",
"url": "http://www.securityfocus.com/bid/67553"
},
{
"source": "product-security@apple.com",
"url": "https://support.apple.com/kb/HT6537"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-05/0128.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0175.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT6254"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/67553"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.apple.com/kb/HT6537"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CERTFR-2014-AVI-293
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une exécution de code arbitraire et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Apple | N/A | Apple OS X Mavericks v10.9.4 et versions antérieures | ||
| Apple | Safari | Apple Safari 7.0.5 et versions antérieures | ||
| Apple | N/A | Apple TV 6.1.2 et versions antérieures | ||
| Apple | N/A | Apple OS X Mountain Lion v10.8.5 et versions antérieures | ||
| Apple | N/A | Apple OS X Lion v10.7.5 et versions antérieures | ||
| Apple | Safari | Apple Safari 6.1.5 et versions antérieures | ||
| Apple | N/A | Apple iOS 7.1.2 et versions antérieures | ||
| Apple | N/A | Apple OS X Lion Server v10.7.5 et versions antérieures |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Apple OS X Mavericks v10.9.4 et versions ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple Safari 7.0.5 et versions ant\u00e9rieures",
"product": {
"name": "Safari",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple TV 6.1.2 et versions ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple OS X Mountain Lion v10.8.5 et versions ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple OS X Lion v10.7.5 et versions ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple Safari 6.1.5 et versions ant\u00e9rieures",
"product": {
"name": "Safari",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple iOS 7.1.2 et versions ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple OS X Lion Server v10.7.5 et versions ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2014-1341",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1341"
},
{
"name": "CVE-2014-1333",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1333"
},
{
"name": "CVE-2014-1348",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1348"
},
{
"name": "CVE-2013-2875",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2875"
},
{
"name": "CVE-2014-1330",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1330"
},
{
"name": "CVE-2014-1368",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1368"
},
{
"name": "CVE-2014-1349",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1349"
},
{
"name": "CVE-2014-1353",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1353"
},
{
"name": "CVE-2014-1375",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1375"
},
{
"name": "CVE-2014-1334",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1334"
},
{
"name": "CVE-2014-1361",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1361"
},
{
"name": "CVE-2014-1365",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1365"
},
{
"name": "CVE-2014-1338",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1338"
},
{
"name": "CVE-2014-1367",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1367"
},
{
"name": "CVE-2014-1329",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1329"
},
{
"name": "CVE-2014-1359",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1359"
},
{
"name": "CVE-2014-1364",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1364"
},
{
"name": "CVE-2013-2927",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2927"
},
{
"name": "CVE-2014-1363",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1363"
},
{
"name": "CVE-2014-1372",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1372"
},
{
"name": "CVE-2014-1360",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1360"
},
{
"name": "CVE-2014-1731",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1731"
},
{
"name": "CVE-2014-1346",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1346"
},
{
"name": "CVE-2014-1354",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1354"
},
{
"name": "CVE-2014-1358",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1358"
},
{
"name": "CVE-2014-1371",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1371"
},
{
"name": "CVE-2014-1325",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1325"
},
{
"name": "CVE-2014-1351",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1351"
},
{
"name": "CVE-2014-1356",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1356"
},
{
"name": "CVE-2014-1362",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1362"
},
{
"name": "CVE-2014-1370",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1370"
},
{
"name": "CVE-2014-1383",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1383"
},
{
"name": "CVE-2014-1339",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1339"
},
{
"name": "CVE-2014-1337",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1337"
},
{
"name": "CVE-2014-1352",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1352"
},
{
"name": "CVE-2014-1380",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1380"
},
{
"name": "CVE-2014-1366",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1366"
},
{
"name": "CVE-2014-1377",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1377"
},
{
"name": "CVE-2014-1379",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1379"
},
{
"name": "CVE-2014-1323",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1323"
},
{
"name": "CVE-2014-1343",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1343"
},
{
"name": "CVE-2014-1327",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1327"
},
{
"name": "CVE-2014-1350",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1350"
},
{
"name": "CVE-2014-1376",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1376"
},
{
"name": "CVE-2014-1373",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1373"
},
{
"name": "CVE-2014-1355",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1355"
},
{
"name": "CVE-2014-1342",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1342"
},
{
"name": "CVE-2014-1326",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1326"
},
{
"name": "CVE-2014-1381",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1381"
},
{
"name": "CVE-2014-1357",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1357"
},
{
"name": "CVE-2014-1340",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1340"
},
{
"name": "CVE-2014-1378",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1378"
},
{
"name": "CVE-2014-1317",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1317"
},
{
"name": "CVE-2014-1345",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1345"
},
{
"name": "CVE-2014-1336",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1336"
},
{
"name": "CVE-2014-1369",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1369"
},
{
"name": "CVE-2014-0015",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0015"
},
{
"name": "CVE-2014-1331",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1331"
},
{
"name": "CVE-2014-1335",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1335"
},
{
"name": "CVE-2014-1382",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1382"
}
],
"initial_release_date": "2014-07-01T00:00:00",
"last_revision_date": "2014-07-01T00:00:00",
"links": [],
"reference": "CERTFR-2014-AVI-293",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2014-07-01T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eApple\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une\nex\u00e9cution de code arbitraire et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT6297 du 30 juin 2014",
"url": "http://support.apple.com/kb/HT6297"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT6298 du 30 juin 2014",
"url": "http://support.apple.com/kb/HT6298"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT6296 du 30 juin 2014",
"url": "http://support.apple.com/kb/HT6296"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT6293 du 30 juin 2014",
"url": "http://support.apple.com/kb/HT6293"
}
]
}
CERTFR-2014-AVI-237
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans Apple Safari. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Apple Safari versions ant\u00e9rieures \u00e0 6.1.4",
"product": {
"name": "Safari",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple Safari versions ant\u00e9rieures \u00e0 7.0.4",
"product": {
"name": "Safari",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2014-1341",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1341"
},
{
"name": "CVE-2014-1333",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1333"
},
{
"name": "CVE-2013-2875",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2875"
},
{
"name": "CVE-2014-1330",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1330"
},
{
"name": "CVE-2014-1334",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1334"
},
{
"name": "CVE-2014-1338",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1338"
},
{
"name": "CVE-2014-1329",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1329"
},
{
"name": "CVE-2013-2927",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2927"
},
{
"name": "CVE-2014-1731",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1731"
},
{
"name": "CVE-2014-1346",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1346"
},
{
"name": "CVE-2014-1344",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1344"
},
{
"name": "CVE-2014-1339",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1339"
},
{
"name": "CVE-2014-1337",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1337"
},
{
"name": "CVE-2014-1324",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1324"
},
{
"name": "CVE-2014-1323",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1323"
},
{
"name": "CVE-2014-1343",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1343"
},
{
"name": "CVE-2014-1327",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1327"
},
{
"name": "CVE-2014-1342",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1342"
},
{
"name": "CVE-2014-1326",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1326"
},
{
"name": "CVE-2014-1336",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1336"
},
{
"name": "CVE-2014-1331",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1331"
},
{
"name": "CVE-2014-1335",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1335"
}
],
"initial_release_date": "2014-05-22T00:00:00",
"last_revision_date": "2014-05-22T00:00:00",
"links": [],
"reference": "CERTFR-2014-AVI-237",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2014-05-22T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eApple Safari\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple Safari",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT6254 du 21 mai 2014",
"url": "http://support.apple.com/kb/HT6254"
}
]
}
gsd-2014-1333
Vulnerability from gsd
Modified
2023-12-13 01:22
Details
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2014-1333",
"description": "WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1.",
"id": "GSD-2014-1333",
"references": [
"https://www.suse.com/security/cve/CVE-2014-1333.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2014-1333"
],
"details": "WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1.",
"id": "GSD-2014-1333",
"modified": "2023-12-13T01:22:51.726164Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2014-1333",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/kb/HT6537",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT6537"
},
{
"name": "APPLE-SA-2014-06-30-4",
"refsource": "APPLE",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0175.html"
},
{
"name": "http://support.apple.com/kb/HT6254",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT6254"
},
{
"name": "APPLE-SA-2014-06-30-3",
"refsource": "APPLE",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html"
},
{
"name": "67553",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67553"
},
{
"name": "APPLE-SA-2014-05-21-1",
"refsource": "APPLE",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-05/0128.html"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:safari:7.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:safari:7.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:safari:6.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:safari:6.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:safari:6.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:safari:6.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:safari:7.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:safari:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:safari:6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:safari:6.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:safari:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:safari:6.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:safari:6.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.1.3",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2014-1333"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2014-05-21-1",
"refsource": "APPLE",
"tags": [],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-05/0128.html"
},
{
"name": "http://support.apple.com/kb/HT6254",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT6254"
},
{
"name": "APPLE-SA-2014-06-30-4",
"refsource": "APPLE",
"tags": [],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0175.html"
},
{
"name": "APPLE-SA-2014-06-30-3",
"refsource": "APPLE",
"tags": [],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html"
},
{
"name": "67553",
"refsource": "BID",
"tags": [],
"url": "http://www.securityfocus.com/bid/67553"
},
{
"name": "https://support.apple.com/kb/HT6537",
"refsource": "CONFIRM",
"tags": [],
"url": "https://support.apple.com/kb/HT6537"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
}
},
"lastModifiedDate": "2016-12-08T03:04Z",
"publishedDate": "2014-05-22T19:55Z"
}
}
}
var-201405-0228
Vulnerability from variot
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1. Apple Safari Used in etc. WebKit is prone to multiple unspecified memory-corruption vulnerabilities. An attacker may exploit these issues by enticing victims into viewing a malicious webpage. Successful exploits may allow attackers to execute arbitrary code in the context of the affected browser or cause denial-of-service conditions; other attacks may also be possible. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
APPLE-SA-2014-06-30-3 iOS 7.1.2
iOS 7.1.2 is now available and addresses the following:
Certificate Trust Policy Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Update to the certificate trust policy Description: The certificate trust policy was updated. The complete list of certificates may be viewed at http://support.apple.com/kb/HT5012.
CoreGraphics Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Viewing a maliciously crafted XBM file may lead to an unexpected application termination or arbitrary code execution Description: An unbounded stack allocation issue existed in the handling of XBM files. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1354 : Dima Kovalenko of codedigging.com
Kernel Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An application could cause the device to unexpectedly restart Description: A null pointer dereference existed in the handling of IOKit API arguments. This issue was addressed through additional validation of IOKit API arguments. CVE-ID CVE-2014-1355 : cunzhang from Adlab of Venustech
launchd Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in launchd's handling of IPC messages. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1356 : Ian Beer of Google Project Zero
launchd Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in launchd's handling of log messages. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1357 : Ian Beer of Google Project Zero
launchd Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer overflow existed in launchd. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1358 : Ian Beer of Google Project Zero
launchd Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer underflow existed in launchd. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1359 : Ian Beer of Google Project Zero
Lockdown Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker possessing an iOS device could potentially bypass Activation Lock Description: Devices were performing incomplete checks during device activation, which made it possible for malicious individuals to partially bypass Activation Lock. This issue was addressed through additional client-side verification of data received from activation servers. CVE-ID CVE-2014-1360
Lock Screen Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker in possession of a device may exceed the maximum number of failed passcode attempts Description: In some circumstances, the failed passcode attempt limit was not enforced. This issue was addressed through additional enforcement of this limit. CVE-ID CVE-2014-1352 : mblsec
Lock Screen Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to a locked device may be able to access the application that was in the foreground prior to locking Description: A state management issue existed in the handling of the telephony state while in Airplane Mode. This issue was addressed through improved state management while in Airplane Mode. CVE-ID CVE-2014-1353
Mail Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Mail attachments can be extracted from an iPhone 4 Description: Data protection was not enabled for mail attachments, allowing them to be read by an attacker with physical access to the device. This issue was addressed by changing the encryption class of mail attachments. CVE-ID CVE-2014-1348 : Andreas Kurtz of NESO Security Labs
Safari Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A use after free issue existed in Safari's handling of invalid URLs. This issue was addressed through improved memory handling. CVE-ID CVE-2014-1349 : Reno Robert and Dhanesh Kizhakkinan
Settings Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to the device may be able to disable Find My iPhone without entering an iCloud password Description: A state management issue existed in the handling of the Find My iPhone state. This issue was addressed through improved handling of Find My iPhone state. CVE-ID CVE-2014-1350
Secure Transport Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Two bytes of uninitialized memory could be disclosed to a remote attacker Description: An uninitialized memory access issue existed in the handling of DTLS messages in a TLS connection. This issue was addressed by only accepting DTLS messages in a DTLS connection. CVE-ID CVE-2014-1361 : Thijs Alkemade of The Adium Project
Siri Available for: iPhone 4S and later, iPod touch (5th generation) and later, iPad (3rd generation) and later Impact: A person with physical access to the phone may be able to view all contacts Description: If a Siri request might refer to one of several contacts, Siri displays a list of possible choices and the option 'More...' for a complete contact list. When used at the lock screen, Siri did not require the passcode before viewing the complete contact list. This issue was addressed by requiring the passcode. CVE-ID CVE-2014-1351 : Sherif Hashim
WebKit Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. A maliciously crafted URL could have led to sending an incorrect postMessage origin. This issue was addressed through improved encoding/decoding. CVE-ID CVE-2014-1346 : Erling Ellingsen of Facebook
WebKit Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A maliciously crafted website may be able to spoof its domain name in the address bar Description: A spoofing issue existed in the handling of URLs. This issue was addressed through improved encoding of URLs. CVE-ID CVE-2014-1345 : Erling Ellingsen of Facebook
Installation note:
This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
- Navigate to Settings
- Select General
- Select About. The version after applying this update will be "7.1.2".
Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJTsaK7AAoJEBcWfLTuOo7tfX8QAI3gb917qsoyNIRVPy3hRq3v n6JJM2HBMiFuupE3cbaA0Kx0Gmyxdbdl0EFOjU0uTCqS3kutB/9/nTTZaRtWDS2I pvZnvisGW5NeVD6F+WcRuR1ifLG1fihYWbLfsORV4iLl62FLae5kOWG1Z/RNW6xY uAXEkq5mGRuEkYOD+nmvZoZMZkVcEqXassa+PpZVphkNvAPWE799sIfEeQUB8e3d E4ZRAYBbM3peZHJKRafENhrYS4BFl92lQYfh10o/9eC8HIJ5Qo1JBLkzZi8D+z/2 RaUcGhyzgMCuQZBGdwQ8rAF6dn5A7y4TnRs7EpPp7cNe+OofkOO1Ya0rs3IRx/ds V+vmnZrQw38YIfG45tQpO8MYrRivJNjmrQWHeuKyAfXxtAdTdmnOOVYJZvy5cklX IbwBziUHuiNi666Vqf+Abwl2FUx4ksrxtnvojY5SPOxhyJR34Ex15QVojOTD2pqp qyVNpy3l+5G/6kBPzDKhXJ3kOVjlO9MZerOK9hQekn80A5B0dKbNdCwehXGSkL9d WxrA+CPva3pryc75h1x740w8KiP4pr0p1sZKjZCRIR103A2F8/NFK3M7JgJSbDrR PKoWqou+oPP98gdRHwZxdwLaGSj/fJFBysIlUnVG2Q/UnM5g2MZXCL6JSg+PWETH DpRuZyHlmSF53n37vSR/ =JmVc -----END PGP SIGNATURE-----
. CVE-ID CVE-2014-1346 : Erling Ellingsen of Facebook
For OS X Mavericks and OS X Mountain Lion systems, Safari 7.0.4 and Safari 6.1.4 may be obtained from Mac App Store. ------------------------------------------------------------------------ WebKitGTK+ Security Advisory WSA-2015-0001
Date reported : January 26, 2015 Advisory ID : WSA-2015-0001 Advisory URL : http://webkitgtk.org/security/WSA-2015-0001.html Affected versions : 2.4 series before 2.4.1, 2.4.2 and 2.4.8. CVE identifiers : CVE-2013-2871, CVE-2014-1292, CVE-2014-1298, CVE-2014-1299, CVE-2014-1300, CVE-2014-1303, CVE-2014-1304, CVE-2014-1305, CVE-2014-1307, CVE-2014-1308, CVE-2014-1309, CVE-2014-1311, CVE-2014-1313, CVE-2014-1713, CVE-2014-1297, CVE-2013-2875, CVE-2013-2927, CVE-2014-1323, CVE-2014-1326, CVE-2014-1329, CVE-2014-1330, CVE-2014-1331, CVE-2014-1333, CVE-2014-1334, CVE-2014-1335, CVE-2014-1336, CVE-2014-1337, CVE-2014-1338, CVE-2014-1339, CVE-2014-1341, CVE-2014-1342, CVE-2014-1343, CVE-2014-1731, CVE-2014-1346, CVE-2014-1344, CVE-2014-1384, CVE-2014-1385, CVE-2014-1387, CVE-2014-1388, CVE-2014-1389, CVE-2014-1390.
Several vulnerabilities were discovered on the 2.4 stable series of WebKitGTK+.
CVE-2013-2871 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to miaubiz.
CVE-2014-1292 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team.
CVE-2014-1298 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team.
CVE-2014-1299 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team, Apple, Renata Hodovan of University of Szeged / Samsung Electronics.
CVE-2014-1300 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Ian Beer of Google Project Zero working with HP's Zero Day Initiative.
CVE-2014-1303 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to KeenTeam working with HP's Zero Day Initiative.
CVE-2014-1304 Versions affected: WebKitGTK+ 2.4.X before 2.4.1.
CVE-2014-1305 Versions affected: WebKitGTK+ 2.4.X before 2.4.1.
CVE-2014-1307 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team.
CVE-2014-1308 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team.
CVE-2014-1309 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to cloudfuzzer.
CVE-2014-1311 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team.
CVE-2014-1313 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team.
CVE-2014-1713 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to VUPEN working with HP's Zero Day Initiative.
CVE-2014-1297 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Ian Beer of Google Project Zero.
CVE-2013-2875 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to miaubiz. core/rendering/svg/SVGInlineTextBox.cpp in the SVG implementation in Blink, as used in Google Chrome before 28.0.1500.71, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
CVE-2013-2927 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to cloudfuzzer.
CVE-2014-1323 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to banty.
CVE-2014-1326 Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
CVE-2014-1329 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team.
CVE-2014-1330 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team.
CVE-2014-1331 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to cloudfuzzer.
CVE-2014-1333 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team.
CVE-2014-1334 Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
CVE-2014-1335 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team.
CVE-2014-1336 Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
CVE-2014-1337 Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
CVE-2014-1338 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team.
CVE-2014-1339 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Atte Kettunen of OUSPG.
CVE-2014-1341 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team.
CVE-2014-1342 Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
CVE-2014-1343 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team.
CVE-2014-1731 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to an anonymous member of the Blink development community. core/html/HTMLSelectElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly check renderer state upon a focus event, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion" for SELECT elements.
CVE-2014-1346 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Erling Ellingsen of Facebook.
CVE-2014-1344 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. Credit to Ian Beer of Google Project Zero.
CVE-2014-1384 Versions affected: WebKitGTK+ 2.4.X before 2.4.8.
CVE-2014-1385 Versions affected: WebKitGTK+ 2.4.X before 2.4.8.
CVE-2014-1387 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. Credit to Google Chrome Security Team.
CVE-2014-1388 Versions affected: WebKitGTK+ 2.4.X before 2.4.8.
CVE-2014-1389 Versions affected: WebKitGTK+ 2.4.X before 2.4.8.
CVE-2014-1390 Versions affected: WebKitGTK+ 2.4.X before 2.4.8.
For the 2.4 series, these problems have been fixed in release 2.4.8.
Further information about WebKitGTK+ Security Advisories can be found at: http://webkitgtk.org/security.html
The WebKitGTK+ team, January 26, 2015
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201405-0228",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "safari",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.0.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.0.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.0"
},
{
"model": "safari",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "6.0.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "6.0.5"
},
{
"model": "safari",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "6.0"
},
{
"model": "safari",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "6.0.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "6.0.4"
},
{
"model": "safari",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "6.0.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.1"
},
{
"model": "safari",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "6.1.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.1.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.1.2"
},
{
"model": "itunes",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "(windows)"
},
{
"model": "tv",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "(apple tv first 2 after generation )"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "7.0.4"
},
{
"model": "safari",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "7.x (os x mavericks v10.9.3)"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "7.1.2"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "(ipad 2 or later )"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "6.1.4"
},
{
"model": "safari",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "(os x mountain lion v10.8.5)"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "6.2"
},
{
"model": "safari",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "7.x (os x lion v10.7.5)"
},
{
"model": "safari",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "7.x (os x mountain lion v10.8.5)"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "(ipod touch first 5 after generation )"
},
{
"model": "safari",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "(os x mavericks v10.9.3)"
},
{
"model": "safari",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "7.x (os x lion server v10.7.5)"
},
{
"model": "safari",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "(os x lion server v10.7.5)"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "(iphone 4 or later )"
},
{
"model": "safari",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "(os x lion v10.7.5)"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "12.0.1"
},
{
"model": "open source project webkit",
"scope": "eq",
"trust": 0.3,
"vendor": "webkit",
"version": "1.2.5"
},
{
"model": "open source project webkit",
"scope": "eq",
"trust": 0.3,
"vendor": "webkit",
"version": "1.2.3"
},
{
"model": "open source project webkit",
"scope": "eq",
"trust": 0.3,
"vendor": "webkit",
"version": "1.2.2"
},
{
"model": "open source project webkit",
"scope": "eq",
"trust": 0.3,
"vendor": "webkit",
"version": "2"
},
{
"model": "open source project webkit",
"scope": "eq",
"trust": 0.3,
"vendor": "webkit",
"version": "1.2.2-1"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "esignal",
"scope": "eq",
"trust": 0.3,
"vendor": "esignal",
"version": "6.0.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.6"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1.2"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.5"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.5"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.4"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.3"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.1"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.7"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.7"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.5"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.4"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.1"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.6"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.5"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.5"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.4"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.3"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.2"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.1"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1"
},
{
"model": "safari beta",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4"
},
{
"model": "safari beta",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.4"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.3"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.5.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.2.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0.1.8"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.3.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.3.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.5"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.4"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.8"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.7.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.7"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.6"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.5"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.72"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.0.2.20"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.0"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.4"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.6"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.5"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.2.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.1"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.3"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.2"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.1"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.0"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.8"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.5"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.1"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.2"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0"
},
{
"model": "ipad",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.1"
},
{
"model": "ipad",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.2"
},
{
"model": "ipad",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.9"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.8"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.7"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.10"
},
{
"model": "ios beta",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.4"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.1"
}
],
"sources": [
{
"db": "BID",
"id": "67553"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002606"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-440"
},
{
"db": "NVD",
"id": "CVE-2014-1333"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:apple:apple_tv",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:iphone_os",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:apple:itunes",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:apple:safari",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002606"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "banty, Google Chrome Security Team, Apple, cloudfuzzer, Atte Kettunen of OUSPG, and Ian Beer of Google Project Zero",
"sources": [
{
"db": "BID",
"id": "67553"
}
],
"trust": 0.3
},
"cve": "CVE-2014-1333",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2014-1333",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-69272",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-1333",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-1333",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201405-440",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-69272",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-69272"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002606"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-440"
},
{
"db": "NVD",
"id": "CVE-2014-1333"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1. Apple Safari Used in etc. WebKit is prone to multiple unspecified memory-corruption vulnerabilities. \nAn attacker may exploit these issues by enticing victims into viewing a malicious webpage. \nSuccessful exploits may allow attackers to execute arbitrary code in the context of the affected browser or cause denial-of-service conditions; other attacks may also be possible. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2014-06-30-3 iOS 7.1.2\n\niOS 7.1.2 is now available and addresses the following:\n\nCertificate Trust Policy\nAvailable for: iPhone 4 and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Update to the certificate trust policy\nDescription: The certificate trust policy was updated. The complete\nlist of certificates may be viewed at\nhttp://support.apple.com/kb/HT5012. \n\nCoreGraphics\nAvailable for: iPhone 4 and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Viewing a maliciously crafted XBM file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: An unbounded stack allocation issue existed in the\nhandling of XBM files. This issue was addressed through improved\nbounds checking. \nCVE-ID\nCVE-2014-1354 : Dima Kovalenko of codedigging.com\n\nKernel\nAvailable for: iPhone 4 and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: An application could cause the device to unexpectedly\nrestart\nDescription: A null pointer dereference existed in the handling of\nIOKit API arguments. This issue was addressed through additional\nvalidation of IOKit API arguments. \nCVE-ID\nCVE-2014-1355 : cunzhang from Adlab of Venustech\n\nlaunchd\nAvailable for: iPhone 4 and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: A heap buffer overflow existed in launchd\u0027s handling of\nIPC messages. This issue was addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2014-1356 : Ian Beer of Google Project Zero\n\nlaunchd\nAvailable for: iPhone 4 and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: A heap buffer overflow existed in launchd\u0027s handling of\nlog messages. This issue was addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2014-1357 : Ian Beer of Google Project Zero\n\nlaunchd\nAvailable for: iPhone 4 and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: An integer overflow existed in launchd. This issue was\naddressed through improved bounds checking. \nCVE-ID\nCVE-2014-1358 : Ian Beer of Google Project Zero\n\nlaunchd\nAvailable for: iPhone 4 and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: An integer underflow existed in launchd. This issue was\naddressed through improved bounds checking. \nCVE-ID\nCVE-2014-1359 : Ian Beer of Google Project Zero\n\nLockdown\nAvailable for: iPhone 4 and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: An attacker possessing an iOS device could potentially\nbypass Activation Lock\nDescription: Devices were performing incomplete checks during device\nactivation, which made it possible for malicious individuals to\npartially bypass Activation Lock. This issue was addressed through\nadditional client-side verification of data received from activation\nservers. \nCVE-ID\nCVE-2014-1360\n\nLock Screen\nAvailable for: iPhone 4 and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: An attacker in possession of a device may exceed the maximum\nnumber of failed passcode attempts\nDescription: In some circumstances, the failed passcode attempt\nlimit was not enforced. This issue was addressed through additional\nenforcement of this limit. \nCVE-ID\nCVE-2014-1352 : mblsec\n\nLock Screen\nAvailable for: iPhone 4 and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A person with physical access to a locked device may be able\nto access the application that was in the foreground prior to locking\nDescription: A state management issue existed in the handling of the\ntelephony state while in Airplane Mode. This issue was addressed\nthrough improved state management while in Airplane Mode. \nCVE-ID\nCVE-2014-1353\n\nMail\nAvailable for: iPhone 4 and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Mail attachments can be extracted from an iPhone 4\nDescription: Data protection was not enabled for mail attachments,\nallowing them to be read by an attacker with physical access to the\ndevice. This issue was addressed by changing the encryption class of\nmail attachments. \nCVE-ID\nCVE-2014-1348 : Andreas Kurtz of NESO Security Labs\n\nSafari\nAvailable for: iPhone 4 and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Visiting a maliciously crafted website may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A use after free issue existed in Safari\u0027s handling of\ninvalid URLs. This issue was addressed through improved memory\nhandling. \nCVE-ID\nCVE-2014-1349 : Reno Robert and Dhanesh Kizhakkinan\n\nSettings\nAvailable for: iPhone 4 and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A person with physical access to the device may be able to\ndisable Find My iPhone without entering an iCloud password\nDescription: A state management issue existed in the handling of the\nFind My iPhone state. This issue was addressed through improved\nhandling of Find My iPhone state. \nCVE-ID\nCVE-2014-1350\n\nSecure Transport\nAvailable for: iPhone 4 and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Two bytes of uninitialized memory could be disclosed to a\nremote attacker\nDescription: An uninitialized memory access issue existed in the\nhandling of DTLS messages in a TLS connection. This issue was\naddressed by only accepting DTLS messages in a DTLS connection. \nCVE-ID\nCVE-2014-1361 : Thijs Alkemade of The Adium Project\n\nSiri\nAvailable for: iPhone 4S and later,\niPod touch (5th generation) and later,\niPad (3rd generation) and later\nImpact: A person with physical access to the phone may be able to\nview all contacts\nDescription: If a Siri request might refer to one of several\ncontacts, Siri displays a list of possible choices and the option\n\u0027More...\u0027 for a complete contact list. When used at the lock screen,\nSiri did not require the passcode before viewing the complete contact\nlist. This issue was addressed by requiring the passcode. \nCVE-ID\nCVE-2014-1351 : Sherif Hashim\n\nWebKit\nAvailable for: iPhone 4 and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Visiting a maliciously crafted website may lead to an\nunexpected application termination or arbitrary code execution\nDescription: Multiple memory corruption issues existed in WebKit. \nThese issues were addressed through improved memory handling. A maliciously crafted URL could have led to\nsending an incorrect postMessage origin. This issue was addressed\nthrough improved encoding/decoding. \nCVE-ID\nCVE-2014-1346 : Erling Ellingsen of Facebook\n\nWebKit\nAvailable for: iPhone 4 and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A maliciously crafted website may be able to spoof its\ndomain name in the address bar\nDescription: A spoofing issue existed in the handling of URLs. This\nissue was addressed through improved encoding of URLs. \nCVE-ID\nCVE-2014-1345 : Erling Ellingsen of Facebook\n\n\nInstallation note:\n\nThis update is available through iTunes and Software Update on your\niOS device, and will not appear in your computer\u0027s Software Update\napplication, or in the Apple Downloads site. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom www.apple.com/itunes/\n\niTunes and Software Update on the device will automatically check\nApple\u0027s update server on its weekly schedule. When an update is\ndetected, it is downloaded and the option to be installed is\npresented to the user when the iOS device is docked. We recommend\napplying the update immediately if possible. Selecting Don\u0027t Install\nwill present the option the next time you connect your iOS device. \n\nThe automatic update process may take up to a week depending on the\nday that iTunes or the device checks for updates. You may manually\nobtain the update via the Check for Updates button within iTunes, or\nthe Software Update on your device. \n\nTo check that the iPhone, iPod touch, or iPad has been updated:\n\n* Navigate to Settings\n* Select General\n* Select About. The version after applying this update\nwill be \"7.1.2\". \n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2.0.22 (Darwin)\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBAgAGBQJTsaK7AAoJEBcWfLTuOo7tfX8QAI3gb917qsoyNIRVPy3hRq3v\nn6JJM2HBMiFuupE3cbaA0Kx0Gmyxdbdl0EFOjU0uTCqS3kutB/9/nTTZaRtWDS2I\npvZnvisGW5NeVD6F+WcRuR1ifLG1fihYWbLfsORV4iLl62FLae5kOWG1Z/RNW6xY\nuAXEkq5mGRuEkYOD+nmvZoZMZkVcEqXassa+PpZVphkNvAPWE799sIfEeQUB8e3d\nE4ZRAYBbM3peZHJKRafENhrYS4BFl92lQYfh10o/9eC8HIJ5Qo1JBLkzZi8D+z/2\nRaUcGhyzgMCuQZBGdwQ8rAF6dn5A7y4TnRs7EpPp7cNe+OofkOO1Ya0rs3IRx/ds\nV+vmnZrQw38YIfG45tQpO8MYrRivJNjmrQWHeuKyAfXxtAdTdmnOOVYJZvy5cklX\nIbwBziUHuiNi666Vqf+Abwl2FUx4ksrxtnvojY5SPOxhyJR34Ex15QVojOTD2pqp\nqyVNpy3l+5G/6kBPzDKhXJ3kOVjlO9MZerOK9hQekn80A5B0dKbNdCwehXGSkL9d\nWxrA+CPva3pryc75h1x740w8KiP4pr0p1sZKjZCRIR103A2F8/NFK3M7JgJSbDrR\nPKoWqou+oPP98gdRHwZxdwLaGSj/fJFBysIlUnVG2Q/UnM5g2MZXCL6JSg+PWETH\nDpRuZyHlmSF53n37vSR/\n=JmVc\n-----END PGP SIGNATURE-----\n\n. \nCVE-ID\nCVE-2014-1346 : Erling Ellingsen of Facebook\n\n\nFor OS X Mavericks and OS X Mountain Lion systems, Safari 7.0.4\nand Safari 6.1.4 may be obtained from Mac App Store. ------------------------------------------------------------------------\nWebKitGTK+ Security Advisory WSA-2015-0001\n------------------------------------------------------------------------\n\nDate reported : January 26, 2015\nAdvisory ID : WSA-2015-0001\nAdvisory URL : http://webkitgtk.org/security/WSA-2015-0001.html\nAffected versions : 2.4 series before 2.4.1, 2.4.2 and 2.4.8. \nCVE identifiers : CVE-2013-2871, CVE-2014-1292, CVE-2014-1298,\n CVE-2014-1299, CVE-2014-1300, CVE-2014-1303,\n CVE-2014-1304, CVE-2014-1305, CVE-2014-1307,\n CVE-2014-1308, CVE-2014-1309, CVE-2014-1311,\n CVE-2014-1313, CVE-2014-1713, CVE-2014-1297,\n CVE-2013-2875, CVE-2013-2927, CVE-2014-1323,\n CVE-2014-1326, CVE-2014-1329, CVE-2014-1330,\n CVE-2014-1331, CVE-2014-1333, CVE-2014-1334,\n CVE-2014-1335, CVE-2014-1336, CVE-2014-1337,\n CVE-2014-1338, CVE-2014-1339, CVE-2014-1341,\n CVE-2014-1342, CVE-2014-1343, CVE-2014-1731,\n CVE-2014-1346, CVE-2014-1344, CVE-2014-1384,\n CVE-2014-1385, CVE-2014-1387, CVE-2014-1388,\n CVE-2014-1389, CVE-2014-1390. \n\nSeveral vulnerabilities were discovered on the 2.4 stable series of\nWebKitGTK+. \n\nCVE-2013-2871\n Versions affected: WebKitGTK+ 2.4.X before 2.4.1. \n Credit to miaubiz. \n\nCVE-2014-1292\n Versions affected: WebKitGTK+ 2.4.X before 2.4.1. \n Credit to Google Chrome Security Team. \n\nCVE-2014-1298\n Versions affected: WebKitGTK+ 2.4.X before 2.4.1. \n Credit to Google Chrome Security Team. \n\nCVE-2014-1299\n Versions affected: WebKitGTK+ 2.4.X before 2.4.1. \n Credit to Google Chrome Security Team, Apple, Renata Hodovan of\n University of Szeged / Samsung Electronics. \n\nCVE-2014-1300\n Versions affected: WebKitGTK+ 2.4.X before 2.4.1. \n Credit to Ian Beer of Google Project Zero working with HP\u0027s Zero Day\n Initiative. \n\nCVE-2014-1303\n Versions affected: WebKitGTK+ 2.4.X before 2.4.1. \n Credit to KeenTeam working with HP\u0027s Zero Day Initiative. \n\nCVE-2014-1304\n Versions affected: WebKitGTK+ 2.4.X before 2.4.1. \n\nCVE-2014-1305\n Versions affected: WebKitGTK+ 2.4.X before 2.4.1. \n\nCVE-2014-1307\n Versions affected: WebKitGTK+ 2.4.X before 2.4.1. \n Credit to Google Chrome Security Team. \n\nCVE-2014-1308\n Versions affected: WebKitGTK+ 2.4.X before 2.4.1. \n Credit to Google Chrome Security Team. \n\nCVE-2014-1309\n Versions affected: WebKitGTK+ 2.4.X before 2.4.1. \n Credit to cloudfuzzer. \n\nCVE-2014-1311\n Versions affected: WebKitGTK+ 2.4.X before 2.4.1. \n Credit to Google Chrome Security Team. \n\nCVE-2014-1313\n Versions affected: WebKitGTK+ 2.4.X before 2.4.1. \n Credit to Google Chrome Security Team. \n\nCVE-2014-1713\n Versions affected: WebKitGTK+ 2.4.X before 2.4.1. \n Credit to VUPEN working with HP\u0027s Zero Day Initiative. \n\nCVE-2014-1297\n Versions affected: WebKitGTK+ 2.4.X before 2.4.1. \n Credit to Ian Beer of Google Project Zero. \n\nCVE-2013-2875\n Versions affected: WebKitGTK+ 2.4.X before 2.4.2. \n Credit to miaubiz. \n core/rendering/svg/SVGInlineTextBox.cpp in the SVG implementation in\n Blink, as used in Google Chrome before 28.0.1500.71, allows remote\n attackers to cause a denial of service (out-of-bounds read) via\n unspecified vectors. \n\nCVE-2013-2927\n Versions affected: WebKitGTK+ 2.4.X before 2.4.2. \n Credit to cloudfuzzer. \n\nCVE-2014-1323\n Versions affected: WebKitGTK+ 2.4.X before 2.4.2. \n Credit to banty. \n\nCVE-2014-1326\n Versions affected: WebKitGTK+ 2.4.X before 2.4.2. \n\nCVE-2014-1329\n Versions affected: WebKitGTK+ 2.4.X before 2.4.2. \n Credit to Google Chrome Security Team. \n\nCVE-2014-1330\n Versions affected: WebKitGTK+ 2.4.X before 2.4.2. \n Credit to Google Chrome Security Team. \n\nCVE-2014-1331\n Versions affected: WebKitGTK+ 2.4.X before 2.4.2. \n Credit to cloudfuzzer. \n\nCVE-2014-1333\n Versions affected: WebKitGTK+ 2.4.X before 2.4.2. \n Credit to Google Chrome Security Team. \n\nCVE-2014-1334\n Versions affected: WebKitGTK+ 2.4.X before 2.4.2. \n\nCVE-2014-1335\n Versions affected: WebKitGTK+ 2.4.X before 2.4.2. \n Credit to Google Chrome Security Team. \n\nCVE-2014-1336\n Versions affected: WebKitGTK+ 2.4.X before 2.4.2. \n\nCVE-2014-1337\n Versions affected: WebKitGTK+ 2.4.X before 2.4.2. \n\nCVE-2014-1338\n Versions affected: WebKitGTK+ 2.4.X before 2.4.2. \n Credit to Google Chrome Security Team. \n\nCVE-2014-1339\n Versions affected: WebKitGTK+ 2.4.X before 2.4.2. \n Credit to Atte Kettunen of OUSPG. \n\nCVE-2014-1341\n Versions affected: WebKitGTK+ 2.4.X before 2.4.2. \n Credit to Google Chrome Security Team. \n\nCVE-2014-1342\n Versions affected: WebKitGTK+ 2.4.X before 2.4.2. \n\nCVE-2014-1343\n Versions affected: WebKitGTK+ 2.4.X before 2.4.2. \n Credit to Google Chrome Security Team. \n\nCVE-2014-1731\n Versions affected: WebKitGTK+ 2.4.X before 2.4.2. \n Credit to an anonymous member of the Blink development community. \n core/html/HTMLSelectElement.cpp in the DOM implementation in Blink,\n as used in Google Chrome before 34.0.1847.131 on Windows and OS X\n and before 34.0.1847.132 on Linux, does not properly check renderer\n state upon a focus event, which allows remote attackers to cause a\n denial of service or possibly have unspecified other impact via\n vectors that leverage \"type confusion\" for SELECT elements. \n\nCVE-2014-1346\n Versions affected: WebKitGTK+ 2.4.X before 2.4.2. \n Credit to Erling Ellingsen of Facebook. \n\nCVE-2014-1344\n Versions affected: WebKitGTK+ 2.4.X before 2.4.8. \n Credit to Ian Beer of Google Project Zero. \n\nCVE-2014-1384\n Versions affected: WebKitGTK+ 2.4.X before 2.4.8. \n\nCVE-2014-1385\n Versions affected: WebKitGTK+ 2.4.X before 2.4.8. \n\nCVE-2014-1387\n Versions affected: WebKitGTK+ 2.4.X before 2.4.8. \n Credit to Google Chrome Security Team. \n\nCVE-2014-1388\n Versions affected: WebKitGTK+ 2.4.X before 2.4.8. \n\nCVE-2014-1389\n Versions affected: WebKitGTK+ 2.4.X before 2.4.8. \n\nCVE-2014-1390\n Versions affected: WebKitGTK+ 2.4.X before 2.4.8. \n\n\nFor the 2.4 series, these problems have been fixed in release 2.4.8. \n\nFurther information about WebKitGTK+ Security Advisories can be found\nat: http://webkitgtk.org/security.html\n\nThe WebKitGTK+ team,\nJanuary 26, 2015\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-1333"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002606"
},
{
"db": "BID",
"id": "67553"
},
{
"db": "VULHUB",
"id": "VHN-69272"
},
{
"db": "PACKETSTORM",
"id": "127307"
},
{
"db": "PACKETSTORM",
"id": "127308"
},
{
"db": "PACKETSTORM",
"id": "126780"
},
{
"db": "PACKETSTORM",
"id": "130110"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-1333",
"trust": 3.2
},
{
"db": "BID",
"id": "67553",
"trust": 1.4
},
{
"db": "JVN",
"id": "JVNVU98457223",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU97537282",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU99696049",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002606",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201405-440",
"trust": 0.7
},
{
"db": "APPLE",
"id": "APPLE-SA-2014-05-21-1",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-69272",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "127307",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "127308",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "126780",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "130110",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-69272"
},
{
"db": "BID",
"id": "67553"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002606"
},
{
"db": "PACKETSTORM",
"id": "127307"
},
{
"db": "PACKETSTORM",
"id": "127308"
},
{
"db": "PACKETSTORM",
"id": "126780"
},
{
"db": "PACKETSTORM",
"id": "130110"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-440"
},
{
"db": "NVD",
"id": "CVE-2014-1333"
}
]
},
"id": "VAR-201405-0228",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-69272"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T20:53:44.334000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT6297",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT6297"
},
{
"title": "HT6298",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT6298"
},
{
"title": "HT6537",
"trust": 0.8,
"url": "http://support.apple.com/en-eu/HT6537"
},
{
"title": "HT6254",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT6254"
},
{
"title": "HT6254",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT6254?viewlocale=ja_JP"
},
{
"title": "HT6297",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT6297?viewlocale=ja_JP"
},
{
"title": "HT6298",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT6298?viewlocale=ja_JP"
},
{
"title": "HT6537",
"trust": 0.8,
"url": "http://support.apple.com/ja-jp/HT6537"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002606"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-69272"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002606"
},
{
"db": "NVD",
"id": "CVE-2014-1333"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-05/0128.html"
},
{
"trust": 1.9,
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html"
},
{
"trust": 1.9,
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0175.html"
},
{
"trust": 1.7,
"url": "http://support.apple.com/kb/ht6254"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/67553"
},
{
"trust": 1.1,
"url": "https://support.apple.com/kb/ht6537"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-1333"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu98457223/"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu99696049/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu97537282/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-1333"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1334"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1337"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1336"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1326"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1331"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1338"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1335"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1323"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2927"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1333"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1339"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2875"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1329"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1330"
},
{
"trust": 0.3,
"url": "http://www.apple.com/safari/download/"
},
{
"trust": 0.3,
"url": "http://www.webkit.org/"
},
{
"trust": 0.3,
"url": "http://support.apple.com/kb/ht1222"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1343"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1342"
},
{
"trust": 0.3,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.3,
"url": "http://gpgtools.org"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1327"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1341"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1325"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1346"
},
{
"trust": 0.1,
"url": "https://www.apple.com/itunes/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1352"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1354"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1350"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1351"
},
{
"trust": 0.1,
"url": "http://support.apple.com/kb/ht5012."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1353"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1348"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1345"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1349"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1363"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1357"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1364"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1356"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1355"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1358"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1361"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1359"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1362"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1731"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1344"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1324"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1304"
},
{
"trust": 0.1,
"url": "http://webkitgtk.org/security/wsa-2015-0001.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1292"
},
{
"trust": 0.1,
"url": "http://webkitgtk.org/security.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1297"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1309"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1308"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1300"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1311"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1313"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1298"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1305"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1303"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1299"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2871"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1307"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-69272"
},
{
"db": "BID",
"id": "67553"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002606"
},
{
"db": "PACKETSTORM",
"id": "127307"
},
{
"db": "PACKETSTORM",
"id": "127308"
},
{
"db": "PACKETSTORM",
"id": "126780"
},
{
"db": "PACKETSTORM",
"id": "130110"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-440"
},
{
"db": "NVD",
"id": "CVE-2014-1333"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-69272"
},
{
"db": "BID",
"id": "67553"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002606"
},
{
"db": "PACKETSTORM",
"id": "127307"
},
{
"db": "PACKETSTORM",
"id": "127308"
},
{
"db": "PACKETSTORM",
"id": "126780"
},
{
"db": "PACKETSTORM",
"id": "130110"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-440"
},
{
"db": "NVD",
"id": "CVE-2014-1333"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-05-22T00:00:00",
"db": "VULHUB",
"id": "VHN-69272"
},
{
"date": "2014-05-21T00:00:00",
"db": "BID",
"id": "67553"
},
{
"date": "2014-05-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002606"
},
{
"date": "2014-07-01T01:05:32",
"db": "PACKETSTORM",
"id": "127307"
},
{
"date": "2014-07-01T01:07:19",
"db": "PACKETSTORM",
"id": "127308"
},
{
"date": "2014-05-22T20:22:22",
"db": "PACKETSTORM",
"id": "126780"
},
{
"date": "2015-01-27T19:15:58",
"db": "PACKETSTORM",
"id": "130110"
},
{
"date": "2014-05-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201405-440"
},
{
"date": "2014-05-22T19:55:07.327000",
"db": "NVD",
"id": "CVE-2014-1333"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-08T00:00:00",
"db": "VULHUB",
"id": "VHN-69272"
},
{
"date": "2016-02-11T07:46:00",
"db": "BID",
"id": "67553"
},
{
"date": "2014-11-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002606"
},
{
"date": "2014-07-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201405-440"
},
{
"date": "2024-11-21T02:04:05.300000",
"db": "NVD",
"id": "CVE-2014-1333"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201405-440"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple Safari Used in etc. WebKit Vulnerable to arbitrary code execution",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002606"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201405-440"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…