CVE-2014-1346
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2014-1346
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, does not properly interpret Unicode encoding, which allows remote attackers to spoof a postMessage origin, and bypass intended restrictions on sending a message to a connected frame or window, via crafted characters in a URL.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Apple Safari 输入验证漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
WebKit是KDE、苹果(Apple)、谷歌(Google)等公司共同开发的一套开源Web浏览器引擎,目前被Apple Safari及Google Chrome等浏览器使用。 Apple Safari 6.1.3及之前的版本和7.0.4之前的7.x版本中使用的WebKit存在安全漏洞,该漏洞源于处理URL中的Unicode字符时存在编码问题。远程攻击者可借助恶意的URL利用该漏洞发送错误的postMessage源,向连接的框架或窗口发送信息,这可能会规避接收器的来源检查。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | n/a | n/a | - |
II. Public POCs for CVE-2014-1346
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2014-1346
请登录查看更多情报信息。
Same Patch Batch · n/a · 2014-05-22 · 45 CVEs total
| CVE-2014-1339 | Apple Safari WebKit 内存损坏漏洞 | |
| CVE-2014-1343 | Apple Safari WebKit 内存损坏漏洞 | |
| CVE-2014-1342 | Apple Safari WebKit 内存损坏漏洞 | |
| CVE-2014-1344 | Apple Safari WebKit 内存损坏漏洞 | |
| CVE-2014-2948 | Bizagi BPM Suite SQL注入漏洞 | |
| CVE-2012-0943 | Light Display Manager本地任意文件删除漏洞 | |
| CVE-2012-6648 | gdm-guest-session 权限许可和访问控制漏洞 | |
| CVE-2014-3788 | Cogent Real-Time Systems Cogent DataHub 基于堆的缓冲区溢出漏洞 | |
| CVE-2014-3789 | Cogent Real-Time Systems Cogent DataHub 操作系统命令注入漏洞 | |
| CVE-2014-2947 | Bizagi BPM Suite 跨站脚本漏洞 | |
| CVE-2014-1341 | Apple Safari WebKit 内存损坏漏洞 | |
| CVE-2014-1338 | Apple Safari WebKit 内存损坏漏洞 | |
| CVE-2014-1337 | Apple Safari WebKit 内存损坏漏洞 | |
| CVE-2014-1336 | Apple Safari WebKit 内存损坏漏洞 | |
| CVE-2014-1335 | Apple Safari WebKit 内存损坏漏洞 | |
| CVE-2014-1334 | Apple Safari WebKit 内存损坏漏洞 | |
| CVE-2014-1333 | Apple Safari WebKit 内存损坏漏洞 | |
| CVE-2014-1331 | Apple Safari WebKit 内存损坏漏洞 | |
| CVE-2014-1330 | Apple Safari WebKit 内存损坏漏洞 | |
| CVE-2014-1329 | Apple Safari WebKit 内存损坏漏洞 |
Showing top 20 of 45 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
V. Comments for CVE-2014-1346
No comments yet