var-201403-0252
Vulnerability from variot
Unspecified vulnerability in Apple Safari 7.0.2 on OS X allows remote attackers to execute arbitrary code with root privileges via unknown vectors, as demonstrated by Google during a Pwn4Fun competition at CanSecWest 2014. OS X Run on Apple Safari Used in etc. This vulnerability CanSecWest 2014 of Pwn4Fun Proven in competition.By a third party root An arbitrary code may be executed with privileges. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of string objects. The issue lies in the joining of strings in an array. An attacker can leverage this vulnerability to execute code under the context of the current process. WebKit is prone to an unspecified memory-corruption vulnerability. Failed exploit attempts will likely result in denial-of-service conditions. CVE-ID CVE-2014-1297 : Ian Beer of Google Project Zero
For OS X Mavericks and OS X Mountain Lion systems, Safari 7.0.3 and Safari 6.1.3 may be obtained from Mac App Store. ------------------------------------------------------------------------ WebKitGTK+ Security Advisory WSA-2015-0001
Date reported : January 26, 2015 Advisory ID : WSA-2015-0001 Advisory URL : http://webkitgtk.org/security/WSA-2015-0001.html Affected versions : 2.4 series before 2.4.1, 2.4.2 and 2.4.8. CVE identifiers : CVE-2013-2871, CVE-2014-1292, CVE-2014-1298, CVE-2014-1299, CVE-2014-1300, CVE-2014-1303, CVE-2014-1304, CVE-2014-1305, CVE-2014-1307, CVE-2014-1308, CVE-2014-1309, CVE-2014-1311, CVE-2014-1313, CVE-2014-1713, CVE-2014-1297, CVE-2013-2875, CVE-2013-2927, CVE-2014-1323, CVE-2014-1326, CVE-2014-1329, CVE-2014-1330, CVE-2014-1331, CVE-2014-1333, CVE-2014-1334, CVE-2014-1335, CVE-2014-1336, CVE-2014-1337, CVE-2014-1338, CVE-2014-1339, CVE-2014-1341, CVE-2014-1342, CVE-2014-1343, CVE-2014-1731, CVE-2014-1346, CVE-2014-1344, CVE-2014-1384, CVE-2014-1385, CVE-2014-1387, CVE-2014-1388, CVE-2014-1389, CVE-2014-1390.
Several vulnerabilities were discovered on the 2.4 stable series of WebKitGTK+.
CVE-2013-2871 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to miaubiz.
CVE-2014-1292 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team.
CVE-2014-1298 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team.
CVE-2014-1299 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team, Apple, Renata Hodovan of University of Szeged / Samsung Electronics.
CVE-2014-1300 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Ian Beer of Google Project Zero working with HP's Zero Day Initiative.
CVE-2014-1303 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to KeenTeam working with HP's Zero Day Initiative.
CVE-2014-1304 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Apple.
CVE-2014-1305 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Apple.
CVE-2014-1307 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team.
CVE-2014-1308 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team.
CVE-2014-1309 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to cloudfuzzer.
CVE-2014-1311 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team.
CVE-2014-1313 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team.
CVE-2014-1713 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to VUPEN working with HP's Zero Day Initiative.
CVE-2014-1297 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Ian Beer of Google Project Zero.
CVE-2013-2875 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to miaubiz.
CVE-2013-2927 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to cloudfuzzer.
CVE-2014-1323 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to banty.
CVE-2014-1326 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Apple.
CVE-2014-1329 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team.
CVE-2014-1330 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team.
CVE-2014-1331 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to cloudfuzzer.
CVE-2014-1333 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team.
CVE-2014-1334 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Apple.
CVE-2014-1335 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team.
CVE-2014-1336 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Apple.
CVE-2014-1337 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Apple.
CVE-2014-1338 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team.
CVE-2014-1339 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Atte Kettunen of OUSPG.
CVE-2014-1341 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team.
CVE-2014-1342 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Apple.
CVE-2014-1343 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team.
CVE-2014-1731 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to an anonymous member of the Blink development community. core/html/HTMLSelectElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly check renderer state upon a focus event, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion" for SELECT elements.
CVE-2014-1346 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Erling Ellingsen of Facebook. WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, does not properly interpret Unicode encoding, which allows remote attackers to spoof a postMessage origin, and bypass intended restrictions on sending a message to a connected frame or window, via crafted characters in a URL.
CVE-2014-1344 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. Credit to Ian Beer of Google Project Zero.
CVE-2014-1384 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. Credit to Apple.
CVE-2014-1385 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. Credit to Apple.
CVE-2014-1387 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. Credit to Google Chrome Security Team.
CVE-2014-1388 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. Credit to Apple.
CVE-2014-1389 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. Credit to Apple.
CVE-2014-1390 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. Credit to Apple.
For the 2.4 series, these problems have been fixed in release 2.4.8.
Further information about WebKitGTK+ Security Advisories can be found at: http://webkitgtk.org/security.html
The WebKitGTK+ team, January 26, 2015
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
APPLE-SA-2014-04-22-2 iOS 7.1.1
iOS 7.1.1 is now available and addresses the following:
CFNetwork HTTPProtocol Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker in a privileged network position can obtain web site credentials Description: Set-Cookie HTTP headers would be processed even if the connection closed before the header line was complete. An attacker could strip security settings from the cookie by forcing the connection to close before the security settings were sent, and then obtain the value of the unprotected cookie. This issue was addressed by ignoring incomplete HTTP header lines. CVE-ID CVE-2014-1296 : Antoine Delignat-Lavaud of Prosecco at Inria Paris
IOKit Kernel Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user can read kernel pointers, which can be used to bypass kernel address space layout randomization Description: A set of kernel pointers stored in an IOKit object could be retrieved from userland. This issue was addressed through removing the pointers from the object. CVE-ID CVE-2014-1320 : Ian Beer of Google Project Zero working with HP's Zero Day Initiative
Security - Secure Transport Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker with a privileged network position may capture data or change the operations performed in sessions protected by SSL Description: In a 'triple handshake' attack, it was possible for an attacker to establish two connections which had the same encryption keys and handshake, insert the attacker's data in one connection, and renegotiate so that the connections may be forwarded to each other. To prevent attacks based on this scenario, Secure Transport was changed so that, by default, a renegotiation must present the same server certificate as was presented in the original connection. CVE-ID CVE-2014-1295 : Antoine Delignat-Lavaud, Karthikeyan Bhargavan and Alfredo Pironti of Prosecco at Inria Paris
WebKit Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
- Navigate to Settings
- Select General
- Select About. The version after applying this update will be "7.1.1".
Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJTVet5AAoJEPefwLHPlZEwx3YP/iL/NwYn7T1q1ezvAVHQ6T3F 9X+ylJYZ+Ago+ij0wdzlDNJfVLPPbWde3biss6p10zDtLHHJK1jOQJLcZOBHtABG 7+OjIxFw5ZZCmWfOkF/GkfL/kBZllN0GuDCb7v4DVUf6GQPtWBsszQ9pre9Peotx TZOHxpPd2TBdz1GkLoFSd4I2yXIT5uIkRfvv9vgDXeNihDMlrJdq8ZBSlfKt+eXT kQ3+hGW2knT7np3BdWPQgqo9+YIfcAXN4Rnj0rPXVzzeKwpUrVjLwJgivecwhB7w mF+AWfH5oajw+ANzMeFm/DirlAADcM5LgdxtHnXH2Xh1NV5tOCSnaYWyFK4Nadex rVEWTOW4VxSb881dOikwY182kBlpaMjVgpvb04GA5zMAW+MtS7o4hj/H6ywGe7zm t7ZdyAo7i3QRFwBGEcJw1KjyTWnP1ILuBC9dekek+3DmxRAeQuBsrbPz2cxXPf9V jlvnxwiRzc/VqgAIyhCtgj0S3sEAMxnVXYSrbZpTpi1ZifiTriyyX291mS8xZBcF LZaNUzusQnEkyE+iGODKi+OPvgUnACIK8gWjMIDbwX99Fmd3LXU1fTpvdlkeuDBS LKBvZQs0JyYqOxkhU7PsRI6WN1F2nQHuMnb0mlFruejTrRbgyHxvMK6lpVP0nMoK Av6eIuVxA8q9Lm6TCh+h =ilSw -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201403-0252",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "safari",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "itunes",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "(windows)"
},
{
"model": "tv",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "(apple tv first 2 after generation )"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "6.1.1"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "(ipad 2 or later )"
},
{
"model": "safari",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "(os x mountain lion v10.8.5)"
},
{
"model": "safari",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "(os x mavericks v10.9.2)"
},
{
"model": "safari",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "7.x (os x lion v10.7.5)"
},
{
"model": "safari",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "7.x (os x mountain lion v10.8.5)"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "7.0.3"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "(ipod touch first 5 after generation )"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "7.1.1"
},
{
"model": "safari",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "7.x (os x lion server v10.7.5)"
},
{
"model": "safari",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "(os x lion server v10.7.5)"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "(iphone 4 or later )"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "6.1.3"
},
{
"model": "safari",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "(os x lion v10.7.5)"
},
{
"model": "safari",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "7.x (os x mavericks v10.9.2)"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "12.0.1"
},
{
"model": "webkit",
"scope": null,
"trust": 0.7,
"vendor": "apple",
"version": null
},
{
"model": "esignal",
"scope": "eq",
"trust": 0.3,
"vendor": "esignal",
"version": "6.0.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.5.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.2.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0.1.8"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.3.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.3.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.7"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.5"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.72"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.0.2.20"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.4"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.6"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.5"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.2.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-090"
},
{
"db": "BID",
"id": "66583"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001801"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-461"
},
{
"db": "NVD",
"id": "CVE-2014-1300"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:apple:apple_tv",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:iphone_os",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:apple:itunes",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:apple:safari",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001801"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ian Beer of Google Project Zero",
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-090"
}
],
"trust": 0.7
},
"cve": "CVE-2014-1300",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2014-1300",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2014-1300",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-69239",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-1300",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2014-1300",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2014-1300",
"trust": 0.7,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201403-461",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-69239",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-090"
},
{
"db": "VULHUB",
"id": "VHN-69239"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001801"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-461"
},
{
"db": "NVD",
"id": "CVE-2014-1300"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in Apple Safari 7.0.2 on OS X allows remote attackers to execute arbitrary code with root privileges via unknown vectors, as demonstrated by Google during a Pwn4Fun competition at CanSecWest 2014. OS X Run on Apple Safari Used in etc. This vulnerability CanSecWest 2014 of Pwn4Fun Proven in competition.By a third party root An arbitrary code may be executed with privileges. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of string objects. The issue lies in the joining of strings in an array. An attacker can leverage this vulnerability to execute code under the context of the current process. WebKit is prone to an unspecified memory-corruption vulnerability. Failed exploit attempts will likely result in denial-of-service conditions. \nCVE-ID\nCVE-2014-1297 : Ian Beer of Google Project Zero\n\nFor OS X Mavericks and OS X Mountain Lion systems, Safari 7.0.3\nand Safari 6.1.3 may be obtained from Mac App Store. ------------------------------------------------------------------------\nWebKitGTK+ Security Advisory WSA-2015-0001\n------------------------------------------------------------------------\n\nDate reported : January 26, 2015\nAdvisory ID : WSA-2015-0001\nAdvisory URL : http://webkitgtk.org/security/WSA-2015-0001.html\nAffected versions : 2.4 series before 2.4.1, 2.4.2 and 2.4.8. \nCVE identifiers : CVE-2013-2871, CVE-2014-1292, CVE-2014-1298,\n CVE-2014-1299, CVE-2014-1300, CVE-2014-1303,\n CVE-2014-1304, CVE-2014-1305, CVE-2014-1307,\n CVE-2014-1308, CVE-2014-1309, CVE-2014-1311,\n CVE-2014-1313, CVE-2014-1713, CVE-2014-1297,\n CVE-2013-2875, CVE-2013-2927, CVE-2014-1323,\n CVE-2014-1326, CVE-2014-1329, CVE-2014-1330,\n CVE-2014-1331, CVE-2014-1333, CVE-2014-1334,\n CVE-2014-1335, CVE-2014-1336, CVE-2014-1337,\n CVE-2014-1338, CVE-2014-1339, CVE-2014-1341,\n CVE-2014-1342, CVE-2014-1343, CVE-2014-1731,\n CVE-2014-1346, CVE-2014-1344, CVE-2014-1384,\n CVE-2014-1385, CVE-2014-1387, CVE-2014-1388,\n CVE-2014-1389, CVE-2014-1390. \n\nSeveral vulnerabilities were discovered on the 2.4 stable series of\nWebKitGTK+. \n\nCVE-2013-2871\n Versions affected: WebKitGTK+ 2.4.X before 2.4.1. \n Credit to miaubiz. \n\nCVE-2014-1292\n Versions affected: WebKitGTK+ 2.4.X before 2.4.1. \n Credit to Google Chrome Security Team. \n\nCVE-2014-1298\n Versions affected: WebKitGTK+ 2.4.X before 2.4.1. \n Credit to Google Chrome Security Team. \n\nCVE-2014-1299\n Versions affected: WebKitGTK+ 2.4.X before 2.4.1. \n Credit to Google Chrome Security Team, Apple, Renata Hodovan of\n University of Szeged / Samsung Electronics. \n\nCVE-2014-1300\n Versions affected: WebKitGTK+ 2.4.X before 2.4.1. \n Credit to Ian Beer of Google Project Zero working with HP\u0027s Zero Day\n Initiative. \n\nCVE-2014-1303\n Versions affected: WebKitGTK+ 2.4.X before 2.4.1. \n Credit to KeenTeam working with HP\u0027s Zero Day Initiative. \n\nCVE-2014-1304\n Versions affected: WebKitGTK+ 2.4.X before 2.4.1. \n Credit to Apple. \n\nCVE-2014-1305\n Versions affected: WebKitGTK+ 2.4.X before 2.4.1. \n Credit to Apple. \n\nCVE-2014-1307\n Versions affected: WebKitGTK+ 2.4.X before 2.4.1. \n Credit to Google Chrome Security Team. \n\nCVE-2014-1308\n Versions affected: WebKitGTK+ 2.4.X before 2.4.1. \n Credit to Google Chrome Security Team. \n\nCVE-2014-1309\n Versions affected: WebKitGTK+ 2.4.X before 2.4.1. \n Credit to cloudfuzzer. \n\nCVE-2014-1311\n Versions affected: WebKitGTK+ 2.4.X before 2.4.1. \n Credit to Google Chrome Security Team. \n\nCVE-2014-1313\n Versions affected: WebKitGTK+ 2.4.X before 2.4.1. \n Credit to Google Chrome Security Team. \n\nCVE-2014-1713\n Versions affected: WebKitGTK+ 2.4.X before 2.4.1. \n Credit to VUPEN working with HP\u0027s Zero Day Initiative. \n\nCVE-2014-1297\n Versions affected: WebKitGTK+ 2.4.X before 2.4.1. \n Credit to Ian Beer of Google Project Zero. \n\nCVE-2013-2875\n Versions affected: WebKitGTK+ 2.4.X before 2.4.2. \n Credit to miaubiz. \n\nCVE-2013-2927\n Versions affected: WebKitGTK+ 2.4.X before 2.4.2. \n Credit to cloudfuzzer. \n\nCVE-2014-1323\n Versions affected: WebKitGTK+ 2.4.X before 2.4.2. \n Credit to banty. \n\nCVE-2014-1326\n Versions affected: WebKitGTK+ 2.4.X before 2.4.2. \n Credit to Apple. \n\nCVE-2014-1329\n Versions affected: WebKitGTK+ 2.4.X before 2.4.2. \n Credit to Google Chrome Security Team. \n\nCVE-2014-1330\n Versions affected: WebKitGTK+ 2.4.X before 2.4.2. \n Credit to Google Chrome Security Team. \n\nCVE-2014-1331\n Versions affected: WebKitGTK+ 2.4.X before 2.4.2. \n Credit to cloudfuzzer. \n\nCVE-2014-1333\n Versions affected: WebKitGTK+ 2.4.X before 2.4.2. \n Credit to Google Chrome Security Team. \n\nCVE-2014-1334\n Versions affected: WebKitGTK+ 2.4.X before 2.4.2. \n Credit to Apple. \n\nCVE-2014-1335\n Versions affected: WebKitGTK+ 2.4.X before 2.4.2. \n Credit to Google Chrome Security Team. \n\nCVE-2014-1336\n Versions affected: WebKitGTK+ 2.4.X before 2.4.2. \n Credit to Apple. \n\nCVE-2014-1337\n Versions affected: WebKitGTK+ 2.4.X before 2.4.2. \n Credit to Apple. \n\nCVE-2014-1338\n Versions affected: WebKitGTK+ 2.4.X before 2.4.2. \n Credit to Google Chrome Security Team. \n\nCVE-2014-1339\n Versions affected: WebKitGTK+ 2.4.X before 2.4.2. \n Credit to Atte Kettunen of OUSPG. \n\nCVE-2014-1341\n Versions affected: WebKitGTK+ 2.4.X before 2.4.2. \n Credit to Google Chrome Security Team. \n\nCVE-2014-1342\n Versions affected: WebKitGTK+ 2.4.X before 2.4.2. \n Credit to Apple. \n\nCVE-2014-1343\n Versions affected: WebKitGTK+ 2.4.X before 2.4.2. \n Credit to Google Chrome Security Team. \n\nCVE-2014-1731\n Versions affected: WebKitGTK+ 2.4.X before 2.4.2. \n Credit to an anonymous member of the Blink development community. \n core/html/HTMLSelectElement.cpp in the DOM implementation in Blink,\n as used in Google Chrome before 34.0.1847.131 on Windows and OS X\n and before 34.0.1847.132 on Linux, does not properly check renderer\n state upon a focus event, which allows remote attackers to cause a\n denial of service or possibly have unspecified other impact via\n vectors that leverage \"type confusion\" for SELECT elements. \n\nCVE-2014-1346\n Versions affected: WebKitGTK+ 2.4.X before 2.4.2. \n Credit to Erling Ellingsen of Facebook. \n WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4,\n does not properly interpret Unicode encoding, which allows remote\n attackers to spoof a postMessage origin, and bypass intended\n restrictions on sending a message to a connected frame or window,\n via crafted characters in a URL. \n\nCVE-2014-1344\n Versions affected: WebKitGTK+ 2.4.X before 2.4.8. \n Credit to Ian Beer of Google Project Zero. \n\nCVE-2014-1384\n Versions affected: WebKitGTK+ 2.4.X before 2.4.8. \n Credit to Apple. \n\nCVE-2014-1385\n Versions affected: WebKitGTK+ 2.4.X before 2.4.8. \n Credit to Apple. \n\nCVE-2014-1387\n Versions affected: WebKitGTK+ 2.4.X before 2.4.8. \n Credit to Google Chrome Security Team. \n\nCVE-2014-1388\n Versions affected: WebKitGTK+ 2.4.X before 2.4.8. \n Credit to Apple. \n\nCVE-2014-1389\n Versions affected: WebKitGTK+ 2.4.X before 2.4.8. \n Credit to Apple. \n\nCVE-2014-1390\n Versions affected: WebKitGTK+ 2.4.X before 2.4.8. \n Credit to Apple. \n\n\nFor the 2.4 series, these problems have been fixed in release 2.4.8. \n\nFurther information about WebKitGTK+ Security Advisories can be found\nat: http://webkitgtk.org/security.html\n\nThe WebKitGTK+ team,\nJanuary 26, 2015\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2014-04-22-2 iOS 7.1.1\n\niOS 7.1.1 is now available and addresses the following:\n\nCFNetwork HTTPProtocol\nAvailable for: iPhone 4 and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: An attacker in a privileged network position can obtain web\nsite credentials\nDescription: Set-Cookie HTTP headers would be processed even if the\nconnection closed before the header line was complete. An attacker\ncould strip security settings from the cookie by forcing the\nconnection to close before the security settings were sent, and then\nobtain the value of the unprotected cookie. This issue was addressed\nby ignoring incomplete HTTP header lines. \nCVE-ID\nCVE-2014-1296 : Antoine Delignat-Lavaud of Prosecco at Inria Paris\n\nIOKit Kernel\nAvailable for: iPhone 4 and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A local user can read kernel pointers, which can be used to\nbypass kernel address space layout randomization\nDescription: A set of kernel pointers stored in an IOKit object\ncould be retrieved from userland. This issue was addressed through\nremoving the pointers from the object. \nCVE-ID\nCVE-2014-1320 : Ian Beer of Google Project Zero working with HP\u0027s\nZero Day Initiative\n\nSecurity - Secure Transport\nAvailable for: iPhone 4 and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: An attacker with a privileged network position may capture\ndata or change the operations performed in sessions protected by SSL\nDescription: In a \u0027triple handshake\u0027 attack, it was possible for an\nattacker to establish two connections which had the same encryption\nkeys and handshake, insert the attacker\u0027s data in one connection, and\nrenegotiate so that the connections may be forwarded to each other. \nTo prevent attacks based on this scenario, Secure Transport was\nchanged so that, by default, a renegotiation must present the same\nserver certificate as was presented in the original connection. \nCVE-ID\nCVE-2014-1295 : Antoine Delignat-Lavaud, Karthikeyan Bhargavan and\nAlfredo Pironti of Prosecco at Inria Paris\n\nWebKit\nAvailable for: iPhone 4 and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Visiting a maliciously crafted website may lead to an\nunexpected application termination or arbitrary code execution\nDescription: Multiple memory corruption issues existed in WebKit. \nThese issues were addressed through improved memory handling. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom www.apple.com/itunes/\n\niTunes and Software Update on the device will automatically check\nApple\u0027s update server on its weekly schedule. When an update is\ndetected, it is downloaded and the option to be installed is\npresented to the user when the iOS device is docked. We recommend\napplying the update immediately if possible. Selecting Don\u0027t Install\nwill present the option the next time you connect your iOS device. \n\nThe automatic update process may take up to a week depending on the\nday that iTunes or the device checks for updates. You may manually\nobtain the update via the Check for Updates button within iTunes, or\nthe Software Update on your device. \n\nTo check that the iPhone, iPod touch, or iPad has been updated:\n\n* Navigate to Settings\n* Select General\n* Select About. The version after applying this update\nwill be \"7.1.1\". \n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2.0.22 (Darwin)\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBAgAGBQJTVet5AAoJEPefwLHPlZEwx3YP/iL/NwYn7T1q1ezvAVHQ6T3F\n9X+ylJYZ+Ago+ij0wdzlDNJfVLPPbWde3biss6p10zDtLHHJK1jOQJLcZOBHtABG\n7+OjIxFw5ZZCmWfOkF/GkfL/kBZllN0GuDCb7v4DVUf6GQPtWBsszQ9pre9Peotx\nTZOHxpPd2TBdz1GkLoFSd4I2yXIT5uIkRfvv9vgDXeNihDMlrJdq8ZBSlfKt+eXT\nkQ3+hGW2knT7np3BdWPQgqo9+YIfcAXN4Rnj0rPXVzzeKwpUrVjLwJgivecwhB7w\nmF+AWfH5oajw+ANzMeFm/DirlAADcM5LgdxtHnXH2Xh1NV5tOCSnaYWyFK4Nadex\nrVEWTOW4VxSb881dOikwY182kBlpaMjVgpvb04GA5zMAW+MtS7o4hj/H6ywGe7zm\nt7ZdyAo7i3QRFwBGEcJw1KjyTWnP1ILuBC9dekek+3DmxRAeQuBsrbPz2cxXPf9V\njlvnxwiRzc/VqgAIyhCtgj0S3sEAMxnVXYSrbZpTpi1ZifiTriyyX291mS8xZBcF\nLZaNUzusQnEkyE+iGODKi+OPvgUnACIK8gWjMIDbwX99Fmd3LXU1fTpvdlkeuDBS\nLKBvZQs0JyYqOxkhU7PsRI6WN1F2nQHuMnb0mlFruejTrRbgyHxvMK6lpVP0nMoK\nAv6eIuVxA8q9Lm6TCh+h\n=ilSw\n-----END PGP SIGNATURE-----\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-1300"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001801"
},
{
"db": "ZDI",
"id": "ZDI-14-090"
},
{
"db": "BID",
"id": "66583"
},
{
"db": "VULHUB",
"id": "VHN-69239"
},
{
"db": "PACKETSTORM",
"id": "126271"
},
{
"db": "PACKETSTORM",
"id": "125981"
},
{
"db": "PACKETSTORM",
"id": "130110"
},
{
"db": "PACKETSTORM",
"id": "126270"
}
],
"trust": 2.97
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-1300",
"trust": 4.0
},
{
"db": "JVN",
"id": "JVNVU94409290",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU95860341",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU97537282",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001801",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-2206",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-14-090",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201403-461",
"trust": 0.7
},
{
"db": "BID",
"id": "66583",
"trust": 0.4
},
{
"db": "SEEBUG",
"id": "SSVID-61968",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-69239",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "128734",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "126271",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "125981",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "130110",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "126270",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-090"
},
{
"db": "VULHUB",
"id": "VHN-69239"
},
{
"db": "BID",
"id": "66583"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001801"
},
{
"db": "PACKETSTORM",
"id": "128734"
},
{
"db": "PACKETSTORM",
"id": "126271"
},
{
"db": "PACKETSTORM",
"id": "125981"
},
{
"db": "PACKETSTORM",
"id": "130110"
},
{
"db": "PACKETSTORM",
"id": "126270"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-461"
},
{
"db": "NVD",
"id": "CVE-2014-1300"
}
]
},
"id": "VAR-201403-0252",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-69239"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T20:46:48.355000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT6181",
"trust": 1.5,
"url": "http://support.apple.com/kb/HT6181"
},
{
"title": "Safari",
"trust": 0.8,
"url": "http://www.apple.com/jp/safari/"
},
{
"title": "HT6208",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT6208"
},
{
"title": "HT6209",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT6209"
},
{
"title": "HT6537",
"trust": 0.8,
"url": "http://support.apple.com/en-eu/HT6537"
},
{
"title": "HT6181",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT6181?viewlocale=ja_JP"
},
{
"title": "HT6208",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT6208?viewlocale=ja_JP"
},
{
"title": "HT6209",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT6209?viewlocale=ja_JP"
},
{
"title": "HT6537",
"trust": 0.8,
"url": "http://support.apple.com/ja-jp/HT6537"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-090"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001801"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-1300"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.pwn2own.com/2014/03/pwn2own-results-for-wednesday-day-one/"
},
{
"trust": 1.9,
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html"
},
{
"trust": 1.9,
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html"
},
{
"trust": 1.9,
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html"
},
{
"trust": 1.7,
"url": "http://twitter.com/thezdi/statuses/443796547872903168"
},
{
"trust": 1.1,
"url": "https://support.apple.com/kb/ht6537"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-1300"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu97537282/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu94409290/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu95860341/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-1300"
},
{
"trust": 0.7,
"url": "http://support.apple.com/kb/ht6181"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1300"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1298"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1299"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2871"
},
{
"trust": 0.4,
"url": "http://support.apple.com/kb/ht1222"
},
{
"trust": 0.4,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.4,
"url": "http://gpgtools.org"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1304"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1309"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1308"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1311"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1313"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1305"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1303"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1307"
},
{
"trust": 0.3,
"url": "http://www.webkit.org/"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1292"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1312"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1713"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1310"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1302"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1291"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2928"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2927"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2926"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1293"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1290"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1294"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1289"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2875"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-6625"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1296"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1320"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1295"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1297"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1269"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1270"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-6663"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5228"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5196"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1268"
},
{
"trust": 0.1,
"url": "http://www.apple.com/itunes/download/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5198"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-6635"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5195"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2909"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5225"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5197"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5199"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1301"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1334"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1337"
},
{
"trust": 0.1,
"url": "http://webkitgtk.org/security/wsa-2015-0001.html"
},
{
"trust": 0.1,
"url": "http://webkitgtk.org/security.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1336"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1326"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1331"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1338"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1323"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1335"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1333"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1339"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1329"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1330"
},
{
"trust": 0.1,
"url": "https://www.apple.com/itunes/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-090"
},
{
"db": "VULHUB",
"id": "VHN-69239"
},
{
"db": "BID",
"id": "66583"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001801"
},
{
"db": "PACKETSTORM",
"id": "128734"
},
{
"db": "PACKETSTORM",
"id": "126271"
},
{
"db": "PACKETSTORM",
"id": "125981"
},
{
"db": "PACKETSTORM",
"id": "130110"
},
{
"db": "PACKETSTORM",
"id": "126270"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-461"
},
{
"db": "NVD",
"id": "CVE-2014-1300"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-14-090"
},
{
"db": "VULHUB",
"id": "VHN-69239"
},
{
"db": "BID",
"id": "66583"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001801"
},
{
"db": "PACKETSTORM",
"id": "128734"
},
{
"db": "PACKETSTORM",
"id": "126271"
},
{
"db": "PACKETSTORM",
"id": "125981"
},
{
"db": "PACKETSTORM",
"id": "130110"
},
{
"db": "PACKETSTORM",
"id": "126270"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-461"
},
{
"db": "NVD",
"id": "CVE-2014-1300"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-04-11T00:00:00",
"db": "ZDI",
"id": "ZDI-14-090"
},
{
"date": "2014-03-26T00:00:00",
"db": "VULHUB",
"id": "VHN-69239"
},
{
"date": "2014-04-02T00:00:00",
"db": "BID",
"id": "66583"
},
{
"date": "2014-03-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001801"
},
{
"date": "2014-10-17T15:14:05",
"db": "PACKETSTORM",
"id": "128734"
},
{
"date": "2014-04-23T00:10:03",
"db": "PACKETSTORM",
"id": "126271"
},
{
"date": "2014-04-02T11:02:22",
"db": "PACKETSTORM",
"id": "125981"
},
{
"date": "2015-01-27T19:15:58",
"db": "PACKETSTORM",
"id": "130110"
},
{
"date": "2014-04-23T00:06:50",
"db": "PACKETSTORM",
"id": "126270"
},
{
"date": "2014-03-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201403-461"
},
{
"date": "2014-03-26T14:55:05.740000",
"db": "NVD",
"id": "CVE-2014-1300"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-04-11T00:00:00",
"db": "ZDI",
"id": "ZDI-14-090"
},
{
"date": "2016-12-08T00:00:00",
"db": "VULHUB",
"id": "VHN-69239"
},
{
"date": "2015-03-19T08:15:00",
"db": "BID",
"id": "66583"
},
{
"date": "2014-11-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001801"
},
{
"date": "2014-04-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201403-461"
},
{
"date": "2024-11-21T02:04:01.353000",
"db": "NVD",
"id": "CVE-2014-1300"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201403-461"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OS X Run on Apple Safari Used in etc. Webkit In root Vulnerability to execute arbitrary code with privileges",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001801"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201403-461"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.