var-201407-0077
Vulnerability from variot
The IOKit implementation in the kernel in Apple iOS before 7.1.2 and Apple TV before 6.1.2, and in IOReporting in Apple OS X before 10.9.4, allows local users to cause a denial of service (NULL pointer dereference and reboot) via crafted API arguments. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2014-003. The update addresses new vulnerabilities that affect Kernel, IOReporting, launchd, Security - Secure Transport components. Attackers can exploit these issues to disclose sensitive information, execute arbitrary code in the context of the system privileges or cause denial-of-service conditions. Apple Mac OS X 10.9 to 10.9.3 are vulnerable. in the United States. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
APPLE-SA-2014-06-30-2 OS X Mavericks 10.9.4 and Security Update 2014-003
OS X Mavericks 10.9.4 and Security Update 2014-003 are now available and address the following:
Certificate Trust Policy Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: Update to the certificate trust policy Description: The certificate trust policy was updated. The complete list of certificates may be viewed at http://support.apple.com/kb/HT6005.
copyfile Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: Opening a maliciously crafted zip file may lead to an unexpected application termination or arbitrary code execution Description: An out of bounds byte swapping issue existed in the handling of AppleDouble files in zip archives. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1370 : Chaitanya (SegFault) working with iDefense VCP
curl Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A remote attacker may be able to gain access to another user's session Description: cURL re-used NTLM connections when more than one authentication method was enabled, which allowed an attacker to gain access to another user's session. CVE-ID CVE-2014-0015
Dock Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A sandboxed application may be able to circumvent sandbox restrictions Description: An unvalidated array index issue existed in the Dock's handling of messages from applications. A maliciously crafted message could cause an invalid function pointer to be dereferenced, which could lead to an unexpected application termination or arbitrary code execution. CVE-ID CVE-2014-1371 : an anonymous researcher working with HP's Zero Day Initiative
Graphics Driver Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A local user can read kernel memory, which can be used to bypass kernel address space layout randomization Description: An out-of-bounds read issue existed in the handling of a system call. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1372 : Ian Beer of Google Project Zero
iBooks Commerce Available for: OS X Mavericks 10.9 to 10.9.3 Impact: An attacker with access to a system may be able to recover Apple ID credentials Description: An issue existed in the handling of iBooks logs. The iBooks process could log Apple ID credentials in the iBooks log where other users of the system could read it. This issue was addressed by disallowing logging of credentials. CVE-ID CVE-2014-1317 : Steve Dunham
Intel Graphics Driver Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A validation issue existed in the handling of an OpenGL API call. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1373 : Ian Beer of Google Project Zero
Intel Graphics Driver Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A local user can read a kernel pointer, which can be used to bypass kernel address space layout randomization Description: A kernel pointer stored in an IOKit object could be retrieved from userland. This issue was addressed by removing the pointer from the object. CVE-ID CVE-2014-1375
Intel Compute Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A validation issue existed in the handling of an OpenCL API call. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1376 : Ian Beer of Google Project Zero
IOAcceleratorFamily Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An array indexing issue existed in IOAcceleratorFamily. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1377 : Ian Beer of Google Project Zero
IOGraphicsFamily Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A local user can read a kernel pointer, which can be used to bypass kernel address space layout randomization Description: A kernel pointer stored in an IOKit object could be retrieved from userland. This issue was addressed by using a unique ID instead of a pointer. This issue was addressed through additional validation of IOKit API arguments. CVE-ID CVE-2014-1355 : cunzhang from Adlab of Venustech
launchd Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer underflow existed in launchd. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1359 : Ian Beer of Google Project Zero
launchd Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in launchd's handling of IPC messages. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1356 : Ian Beer of Google Project Zero
launchd Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in launchd's handling of log messages. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1357 : Ian Beer of Google Project Zero
launchd Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer overflow existed in launchd. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1358 : Ian Beer of Google Project Zero
Graphics Drivers Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: Multiple null dereference issues existed in kernel graphics drivers. A maliciously crafted 32-bit executable may have been able to obtain elevated privileges. CVE-ID CVE-2014-1379 : Ian Beer of Google Project Zero
Security - Keychain Available for: OS X Mavericks 10.9 to 10.9.3 Impact: An attacker may be able to type into windows under the screen lock Description: Under rare circumstances, the screen lock did not intercept keystrokes. This could have allowed an attacker to type into windows under the screen lock. This issue was addressed through improved keystroke observer management. CVE-ID CVE-2014-1380 : Ben Langfeld of Mojo Lingo LLC
Security - Secure Transport Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: Two bytes of memory could be disclosed to a remote attacker Description: An uninitialized memory access issue existing in the handling of DTLS messages in a TLS connection. This issue was addressed by only accepting DTLS messages in a DTLS connection. CVE-ID CVE-2014-1361 : Thijs Alkemade of The Adium Project
Thunderbolt Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An out of bounds memory access issue existed in the handling of IOThunderBoltController API calls. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1381 : Catherine aka winocm
Note: OS X Mavericks 10.9.4 includes the security content of Safari 7.0.5: http://support.apple.com/kb/HT6293
OS X Mavericks v10.9.4 and Security Update 2014-003 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJTsaMSAAoJEBcWfLTuOo7tUdIP/0x0EEGzOcen6JGSpYJ4OEkN 6yGYrYW+HxxSGoPEjQdywVHUAu3axXHLhwOaPqMRy6vfWD+ncgV1CEjBuKotyDPX a569ZB6kaDKjrJe8ulp6brteKGEJ5PsK415GKpylzTVhP1DYG3WLRK7PCo0VrSNM Kx3qwxp2OexiNOOGDM8o5CQvB12Q7CZD7ozZojy5BND9/+ZwWD/2caILFRye7yvb nak6PaciX9Riz0ztTxszlGJR1mDVG4Mo/qmgBI01E5WfOWTd/ykbJ/bOtwZDUBHr Q/Z4yfPRUdrTHHZQNpo4aIYnyEekKE77RWdav38O6dXCNYAfxKGUOrYDTrAajpDR uqAPSkyI5u1gz6zqyrXomDlxpjKXIDBYck3If1cPjFyHOxgA1JgyRaW6RxNV+HXo T/dhKkolC6BkCkNWPjYEXH8btOdqHAVY0t0yE/RD5phoknDIEmVDTFg1uAaY9jFR 1srSoAOur3zbTNzgh6FpAzJb2BgmUqERyF3rOwLDAgStYNkXwIEqGiq3+Ko9JBx4 FiT+Uds2WEIzDK5DQhYtwDZaLfjDtBztIps+SfJmLayCgvYyYrQze7LF0iVp4aka ePNXZkIXA7Llnm3GWPpdFi2msqDfJgZxf0BogBOo6mCXYO7r575NdoJ2AavDeTgr +/tiYIHJ5pUCKf+C8xJC =HkFr -----END PGP SIGNATURE-----
. CVE-ID CVE-2013-2875 : miaubiz CVE-2013-2927 : cloudfuzzer CVE-2014-1323 : banty CVE-2014-1325 : Apple CVE-2014-1326 : Apple CVE-2014-1327 : Google Chrome Security Team, Apple CVE-2014-1329 : Google Chrome Security Team CVE-2014-1330 : Google Chrome Security Team CVE-2014-1331 : cloudfuzzer CVE-2014-1333 : Google Chrome Security Team CVE-2014-1334 : Apple CVE-2014-1335 : Google Chrome Security Team CVE-2014-1336 : Apple CVE-2014-1337 : Apple CVE-2014-1338 : Google Chrome Security Team CVE-2014-1339 : Atte Kettunen of OUSPG CVE-2014-1341 : Google Chrome Security Team CVE-2014-1342 : Apple CVE-2014-1343 : Google Chrome Security Team CVE-2014-1362 : Apple, miaubiz CVE-2014-1363 : Apple CVE-2014-1364 : Apple CVE-2014-1365 : Apple, Google Chrome Security Team CVE-2014-1366 : Apple CVE-2014-1367 : Apple CVE-2014-1368 : Wushi of Keen Team (Research Team of Keen Cloud Tech) CVE-2014-1382 : Renata Hodovan of University of Szeged / Samsung Electronics CVE-2014-1731 : an anonymous member of the Blink development community
Apple TV Available for: Apple TV 2nd generation and later Impact: An iTunes Store transaction may be completed with insufficient authorization Description: A signed-in user was able to complete an iTunes Store transaction without providing a valid password when prompted. CVE-ID CVE-2014-1383
Installation note:
Apple TV will periodically check for software updates. Alternatively, you may manually check for software updates by selecting "Settings -> General -> Update Software".
To check the current version of software, select "Settings -> General -> About"
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201407-0077",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.9.2"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.0.5"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.0.4"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.9.1"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.0.6"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.0.3"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.0.1"
},
{
"model": "tvos",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.0"
},
{
"model": "tvos",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.0.2"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.1"
},
{
"model": "tvos",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.1"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.9.3"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.9"
},
{
"model": "tvos",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.0.1"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.0"
},
{
"model": "iphone os",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "7.1.1"
},
{
"model": "tvos",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "6.1.1"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.9 to 10.9.3"
},
{
"model": "tv",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "6.2"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "7.1.2 (ipad 2 or later )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "7.1.2 (iphone 4 or later )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "7.1.2 (ipod touch first 5 after generation )"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "2.1"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "6.0.1"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "6.0"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.2"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.1"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.3"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.2"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.1"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.0"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.8"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.5"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.1"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.2"
},
{
"model": "iphone iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0-"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0"
},
{
"model": "ipad",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.1"
},
{
"model": "ipad",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.2"
},
{
"model": "ipad",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.4"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0"
}
],
"sources": [
{
"db": "BID",
"id": "68274"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003077"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-036"
},
{
"db": "NVD",
"id": "CVE-2014-1355"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:apple:mac_os_x",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:apple:apple_tv",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:iphone_os",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003077"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cunzhang from Adlab of Venustech, Ian Beer of Google Project Zero and Thijs Alkemade of The Adium Project",
"sources": [
{
"db": "BID",
"id": "68274"
}
],
"trust": 0.3
},
"cve": "CVE-2014-1355",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2014-1355",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "VHN-69294",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-1355",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-1355",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201407-036",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-69294",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-69294"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003077"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-036"
},
{
"db": "NVD",
"id": "CVE-2014-1355"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The IOKit implementation in the kernel in Apple iOS before 7.1.2 and Apple TV before 6.1.2, and in IOReporting in Apple OS X before 10.9.4, allows local users to cause a denial of service (NULL pointer dereference and reboot) via crafted API arguments. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2014-003. \nThe update addresses new vulnerabilities that affect Kernel, IOReporting, launchd, Security - Secure Transport components. \nAttackers can exploit these issues to disclose sensitive information, execute arbitrary code in the context of the system privileges or cause denial-of-service conditions. \nApple Mac OS X 10.9 to 10.9.3 are vulnerable. in the United States. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2014-06-30-2 OS X Mavericks 10.9.4 and Security Update\n2014-003\n\nOS X Mavericks 10.9.4 and Security Update 2014-003 are now available\nand address the following:\n\nCertificate Trust Policy\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3\nImpact: Update to the certificate trust policy\nDescription: The certificate trust policy was updated. The complete\nlist of certificates may be viewed at\nhttp://support.apple.com/kb/HT6005. \n\ncopyfile\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3\nImpact: Opening a maliciously crafted zip file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: An out of bounds byte swapping issue existed in the\nhandling of AppleDouble files in zip archives. This issue was\naddressed through improved bounds checking. \nCVE-ID\nCVE-2014-1370 : Chaitanya (SegFault) working with iDefense VCP\n\ncurl\nAvailable for: OS X Mavericks 10.9 to 10.9.3\nImpact: A remote attacker may be able to gain access to another\nuser\u0027s session\nDescription: cURL re-used NTLM connections when more than one\nauthentication method was enabled, which allowed an attacker to gain\naccess to another user\u0027s session. \nCVE-ID\nCVE-2014-0015\n\nDock\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3\nImpact: A sandboxed application may be able to circumvent sandbox\nrestrictions\nDescription: An unvalidated array index issue existed in the\nDock\u0027s handling of messages from applications. A maliciously\ncrafted message could cause an invalid function pointer to be\ndereferenced, which could lead to an unexpected application\ntermination or arbitrary code execution. \nCVE-ID\nCVE-2014-1371 : an anonymous researcher working with HP\u0027s Zero Day\nInitiative\n\nGraphics Driver\nAvailable for: OS X Mountain Lion v10.8.5,\nOS X Mavericks 10.9 to 10.9.3\nImpact: A local user can read kernel memory, which can be used to\nbypass kernel address space layout randomization\nDescription: An out-of-bounds read issue existed in the handling of\na system call. This issue was addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2014-1372 : Ian Beer of Google Project Zero\n\niBooks Commerce\nAvailable for: OS X Mavericks 10.9 to 10.9.3\nImpact: An attacker with access to a system may be able to recover\nApple ID credentials\nDescription: An issue existed in the handling of iBooks logs. The\niBooks process could log Apple ID credentials in the iBooks log where\nother users of the system could read it. This issue was addressed by\ndisallowing logging of credentials. \nCVE-ID\nCVE-2014-1317 : Steve Dunham\n\nIntel Graphics Driver\nAvailable for: OS X Mountain Lion v10.8.5,\nOS X Mavericks 10.9 to 10.9.3\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: A validation issue existed in the handling of an OpenGL\nAPI call. This issue was addressed through improved bounds checking. \nCVE-ID\nCVE-2014-1373 : Ian Beer of Google Project Zero\n\nIntel Graphics Driver\nAvailable for: OS X Mavericks 10.9 to 10.9.3\nImpact: A local user can read a kernel pointer, which can be used to\nbypass kernel address space layout randomization\nDescription: A kernel pointer stored in an IOKit object could be\nretrieved from userland. This issue was addressed by removing the\npointer from the object. \nCVE-ID\nCVE-2014-1375\n\nIntel Compute\nAvailable for: OS X Mountain Lion v10.8.5,\nOS X Mavericks 10.9 to 10.9.3\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: A validation issue existed in the handling of an OpenCL\nAPI call. This issue was addressed through improved bounds checking. \nCVE-ID\nCVE-2014-1376 : Ian Beer of Google Project Zero\n\nIOAcceleratorFamily\nAvailable for: OS X Mountain Lion v10.8.5,\nOS X Mavericks 10.9 to 10.9.3\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: An array indexing issue existed in IOAcceleratorFamily. \nThis issue was addressed through improved bounds checking. \nCVE-ID\nCVE-2014-1377 : Ian Beer of Google Project Zero\n\nIOGraphicsFamily\nAvailable for: OS X Mavericks 10.9 to 10.9.3\nImpact: A local user can read a kernel pointer, which can be used to\nbypass kernel address space layout randomization\nDescription: A kernel pointer stored in an IOKit object could be\nretrieved from userland. This issue was addressed by using a unique\nID instead of a pointer. This issue was addressed through additional\nvalidation of IOKit API arguments. \nCVE-ID\nCVE-2014-1355 : cunzhang from Adlab of Venustech\n\nlaunchd\nAvailable for: OS X Mavericks 10.9 to 10.9.3\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: An integer underflow existed in launchd. This issue was\naddressed through improved bounds checking. \nCVE-ID\nCVE-2014-1359 : Ian Beer of Google Project Zero\n\nlaunchd\nAvailable for: OS X Mavericks 10.9 to 10.9.3\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: A heap buffer overflow existed in launchd\u0027s handling of\nIPC messages. This issue was addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2014-1356 : Ian Beer of Google Project Zero\n\nlaunchd\nAvailable for: OS X Mavericks 10.9 to 10.9.3\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: A heap buffer overflow existed in launchd\u0027s handling of\nlog messages. This issue was addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2014-1357 : Ian Beer of Google Project Zero\n\nlaunchd\nAvailable for: OS X Mavericks 10.9 to 10.9.3\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: An integer overflow existed in launchd. This issue was\naddressed through improved bounds checking. \nCVE-ID\nCVE-2014-1358 : Ian Beer of Google Project Zero\n\nGraphics Drivers\nAvailable for: OS X Mountain Lion v10.8.5,\nOS X Mavericks 10.9 to 10.9.3\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: Multiple null dereference issues existed in kernel\ngraphics drivers. A maliciously crafted 32-bit executable may have\nbeen able to obtain elevated privileges. \nCVE-ID\nCVE-2014-1379 : Ian Beer of Google Project Zero\n\nSecurity - Keychain\nAvailable for: OS X Mavericks 10.9 to 10.9.3\nImpact: An attacker may be able to type into windows under the\nscreen lock\nDescription: Under rare circumstances, the screen lock did not\nintercept keystrokes. This could have allowed an attacker to type\ninto windows under the screen lock. This issue was addressed through\nimproved keystroke observer management. \nCVE-ID\nCVE-2014-1380 : Ben Langfeld of Mojo Lingo LLC\n\nSecurity - Secure Transport\nAvailable for: OS X Mountain Lion v10.8.5,\nOS X Mavericks 10.9 to 10.9.3\nImpact: Two bytes of memory could be disclosed to a remote attacker\nDescription: An uninitialized memory access issue existing in the\nhandling of DTLS messages in a TLS connection. This issue was\naddressed by only accepting DTLS messages in a DTLS connection. \nCVE-ID\nCVE-2014-1361 : Thijs Alkemade of The Adium Project\n\nThunderbolt\nAvailable for: OS X Mavericks 10.9 to 10.9.3\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: An out of bounds memory access issue existed in the\nhandling of IOThunderBoltController API calls. This issue was\naddressed through improved bounds checking. \nCVE-ID\nCVE-2014-1381 : Catherine aka winocm\n\nNote: OS X Mavericks 10.9.4 includes the security content of\nSafari 7.0.5: http://support.apple.com/kb/HT6293\n\nOS X Mavericks v10.9.4 and Security Update 2014-003 may be obtained\nfrom the Mac App Store or Apple\u0027s Software Downloads web site:\nhttp://www.apple.com/support/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2.0.22 (Darwin)\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBAgAGBQJTsaMSAAoJEBcWfLTuOo7tUdIP/0x0EEGzOcen6JGSpYJ4OEkN\n6yGYrYW+HxxSGoPEjQdywVHUAu3axXHLhwOaPqMRy6vfWD+ncgV1CEjBuKotyDPX\na569ZB6kaDKjrJe8ulp6brteKGEJ5PsK415GKpylzTVhP1DYG3WLRK7PCo0VrSNM\nKx3qwxp2OexiNOOGDM8o5CQvB12Q7CZD7ozZojy5BND9/+ZwWD/2caILFRye7yvb\nnak6PaciX9Riz0ztTxszlGJR1mDVG4Mo/qmgBI01E5WfOWTd/ykbJ/bOtwZDUBHr\nQ/Z4yfPRUdrTHHZQNpo4aIYnyEekKE77RWdav38O6dXCNYAfxKGUOrYDTrAajpDR\nuqAPSkyI5u1gz6zqyrXomDlxpjKXIDBYck3If1cPjFyHOxgA1JgyRaW6RxNV+HXo\nT/dhKkolC6BkCkNWPjYEXH8btOdqHAVY0t0yE/RD5phoknDIEmVDTFg1uAaY9jFR\n1srSoAOur3zbTNzgh6FpAzJb2BgmUqERyF3rOwLDAgStYNkXwIEqGiq3+Ko9JBx4\nFiT+Uds2WEIzDK5DQhYtwDZaLfjDtBztIps+SfJmLayCgvYyYrQze7LF0iVp4aka\nePNXZkIXA7Llnm3GWPpdFi2msqDfJgZxf0BogBOo6mCXYO7r575NdoJ2AavDeTgr\n+/tiYIHJ5pUCKf+C8xJC\n=HkFr\n-----END PGP SIGNATURE-----\n\n. \nCVE-ID\nCVE-2013-2875 : miaubiz\nCVE-2013-2927 : cloudfuzzer\nCVE-2014-1323 : banty\nCVE-2014-1325 : Apple\nCVE-2014-1326 : Apple\nCVE-2014-1327 : Google Chrome Security Team, Apple\nCVE-2014-1329 : Google Chrome Security Team\nCVE-2014-1330 : Google Chrome Security Team\nCVE-2014-1331 : cloudfuzzer\nCVE-2014-1333 : Google Chrome Security Team\nCVE-2014-1334 : Apple\nCVE-2014-1335 : Google Chrome Security Team\nCVE-2014-1336 : Apple\nCVE-2014-1337 : Apple\nCVE-2014-1338 : Google Chrome Security Team\nCVE-2014-1339 : Atte Kettunen of OUSPG\nCVE-2014-1341 : Google Chrome Security Team\nCVE-2014-1342 : Apple\nCVE-2014-1343 : Google Chrome Security Team\nCVE-2014-1362 : Apple, miaubiz\nCVE-2014-1363 : Apple\nCVE-2014-1364 : Apple\nCVE-2014-1365 : Apple, Google Chrome Security Team\nCVE-2014-1366 : Apple\nCVE-2014-1367 : Apple\nCVE-2014-1368 : Wushi of Keen Team (Research Team of Keen Cloud Tech)\nCVE-2014-1382 : Renata Hodovan of University of Szeged / Samsung\nElectronics\nCVE-2014-1731 : an anonymous member of the Blink development\ncommunity\n\nApple TV\nAvailable for: Apple TV 2nd generation and later\nImpact: An iTunes Store transaction may be completed with\ninsufficient authorization\nDescription: A signed-in user was able to complete an iTunes Store\ntransaction without providing a valid password when prompted. \nCVE-ID\nCVE-2014-1383\n\n\nInstallation note:\n\nApple TV will periodically check for software updates. Alternatively,\nyou may manually check for software updates by selecting\n\"Settings -\u003e General -\u003e Update Software\". \n\nTo check the current version of software, select\n\"Settings -\u003e General -\u003e About\"",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-1355"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003077"
},
{
"db": "BID",
"id": "68274"
},
{
"db": "VULHUB",
"id": "VHN-69294"
},
{
"db": "PACKETSTORM",
"id": "127306"
},
{
"db": "PACKETSTORM",
"id": "127308"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-1355",
"trust": 3.0
},
{
"db": "SECUNIA",
"id": "59475",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1030500",
"trust": 1.7
},
{
"db": "JVN",
"id": "JVNVU99696049",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003077",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201407-036",
"trust": 0.7
},
{
"db": "BID",
"id": "68274",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-69294",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "127306",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "127308",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-69294"
},
{
"db": "BID",
"id": "68274"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003077"
},
{
"db": "PACKETSTORM",
"id": "127306"
},
{
"db": "PACKETSTORM",
"id": "127308"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-036"
},
{
"db": "NVD",
"id": "CVE-2014-1355"
}
]
},
"id": "VAR-201407-0077",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-69294"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T19:52:02.838000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT6297",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT6297"
},
{
"title": "HT6298",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT6298"
},
{
"title": "HT6296",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT6296"
},
{
"title": "HT6296",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT6296?viewlocale=ja_JP"
},
{
"title": "HT6297",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT6297?viewlocale=ja_JP"
},
{
"title": "HT6298",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT6298?viewlocale=ja_JP"
},
{
"title": "iPod4,1_6.1.5_10B400_Restore",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=50809"
},
{
"title": "iPhone6,1_7.1.2_11D257_Restore",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=50808"
},
{
"title": "iPhone6,2_7.1.2_11D257_Restore",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=50807"
},
{
"title": "OSXUpd10.9.4",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=50806"
},
{
"title": "iPhone6,2_7.0.5_11B601_Restore",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=50810"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003077"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-036"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003077"
},
{
"db": "NVD",
"id": "CVE-2014-1355"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0172.html"
},
{
"trust": 2.5,
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html"
},
{
"trust": 2.5,
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0175.html"
},
{
"trust": 1.7,
"url": "http://support.apple.com/kb/ht6296"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1030500"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/59475"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-1355"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu99696049/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-1355"
},
{
"trust": 0.3,
"url": "http://www.apple.com/macosx/"
},
{
"trust": 0.2,
"url": "http://support.apple.com/kb/ht1222"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1357"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1356"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1358"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1355"
},
{
"trust": 0.2,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1361"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1359"
},
{
"trust": 0.2,
"url": "http://gpgtools.org"
},
{
"trust": 0.1,
"url": "http://support.apple.com/kb/ht6293"
},
{
"trust": 0.1,
"url": "http://support.apple.com/kb/ht6005."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0015"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1377"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1372"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1380"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1375"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1379"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1371"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1317"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1370"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1378"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1381"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1373"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1376"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1334"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1337"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1336"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1326"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1343"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1363"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1331"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1338"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1325"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1335"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1323"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1364"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1342"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1333"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1339"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1327"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1329"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1362"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1341"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1330"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-69294"
},
{
"db": "BID",
"id": "68274"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003077"
},
{
"db": "PACKETSTORM",
"id": "127306"
},
{
"db": "PACKETSTORM",
"id": "127308"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-036"
},
{
"db": "NVD",
"id": "CVE-2014-1355"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-69294"
},
{
"db": "BID",
"id": "68274"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003077"
},
{
"db": "PACKETSTORM",
"id": "127306"
},
{
"db": "PACKETSTORM",
"id": "127308"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-036"
},
{
"db": "NVD",
"id": "CVE-2014-1355"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-07-01T00:00:00",
"db": "VULHUB",
"id": "VHN-69294"
},
{
"date": "2014-06-30T00:00:00",
"db": "BID",
"id": "68274"
},
{
"date": "2014-07-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003077"
},
{
"date": "2014-07-01T01:03:32",
"db": "PACKETSTORM",
"id": "127306"
},
{
"date": "2014-07-01T01:07:19",
"db": "PACKETSTORM",
"id": "127308"
},
{
"date": "2014-07-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201407-036"
},
{
"date": "2014-07-01T10:17:26.470000",
"db": "NVD",
"id": "CVE-2014-1355"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-08T00:00:00",
"db": "VULHUB",
"id": "VHN-69294"
},
{
"date": "2014-06-30T00:00:00",
"db": "BID",
"id": "68274"
},
{
"date": "2014-07-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003077"
},
{
"date": "2019-03-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201407-036"
},
{
"date": "2024-11-21T02:04:08.137000",
"db": "NVD",
"id": "CVE-2014-1355"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201407-036"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Apple Product kernel IOKit Service disruption in implementations (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003077"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201407-036"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.