Page 101 of 578 results (0.079 seconds)

CVSS: 5.8EPSS: 0%CPEs: 48EXPL: 0

CVE-2013-0957

https://notcve.org/view.php?id=CVE-2013-0957

Data Protection in Apple iOS before 7 allows attackers to bypass intended limits on incorrect passcode entry, and consequently avoid a configured Erase Data setting, by leveraging the presence of an app in the third-party sandbox. Protección de Datos en Apple iOS (anteriores a v7) permite a atacantes evitar los límites establecidos para la introducción incorrecta de contraseña, y consecuentemente evitar la configuración de Borrado de Datos, aprovechando la presencia de una aplicación en la sandbox de terceros. • http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html http://support.apple.com/kb/HT5934 http://www.securitytracker.com/id/1029054 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 6.9EPSS: 0%CPEs: 5EXPL: 1

CVE-2013-4015 – Microsoft Internet Explorer - CAnchorElement Use-After-Free (MS13-055)

https://notcve.org/view.php?id=CVE-2013-4015

Microsoft Internet Explorer 6 through 10 allows local users to bypass the elevation policy check in the (1) Protected Mode or (2) Enhanced Protected Mode protection mechanism, and consequently gain privileges, by leveraging the ability to execute sandboxed code. Microsoft Internet Explorer v6 hasta v10 permite a usuarios locales evitar el chequeo de la politica de elevación de permisos en los mecanismos de protección (1) Protected Mode o (2) Enhanced Protected Mode, y consecuentemente obtener privilegios, haciendo uso de la capacidad de ejecutar código en la sandbox. • https://www.exploit-db.com/exploits/28187 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-055 https://exchange.xforce.ibmcloud.com/vulnerabilities/85762 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 9.3EPSS: 3%CPEs: 62EXPL: 0

CVE-2013-3009 – JDK: Unspecified security fixes (July 2013)

https://notcve.org/view.php?id=CVE-2013-3009

The com.ibm.CORBA.iiop.ClientDelegate class in IBM Java 1.4.2 before 1.4.2 SR13-FP18, 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 improperly exposes the invoke method of the java.lang.reflect.Method class, which allows remote attackers to call setSecurityManager and bypass a sandbox protection mechanism via vectors related to the AccessController doPrivileged block. La clase com.ibm.CORBA.iiop.ClientDelegate en IBM Java 1.4.2 en vesiones anteriores a 1.4.2 SR13-FP18, 5.0 en vesiones anteriores a 5.0 SR16-FP3, 6 en vesiones anteriores a 6 SR14, 6.0.1 en vesiones anteriores a 6.0.1 SR6 y 7 en vesiones anteriores a 7 SR5 expone de manera incorrecta el método invocado de la clase java.lang.reflect.Method, lo que permite a atacantes remotos hacer llamar a setSecurityManager y eludir un mecanismo de protección de sandbox a través de vectores relacionados con el bloque AccessController doPrivileged. • http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2013-08 •

CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 0

CVE-2013-1695

https://notcve.org/view.php?id=CVE-2013-1695

Mozilla Firefox before 22.0 does not properly implement certain DocShell inheritance behavior for the sandbox attribute of an IFRAME element, which allows remote attackers to bypass intended access restrictions via a FRAME element within an IFRAME element. Mozilla Firefox antes de v22.0 no implementea correctamente cierto comportamiento DocShell para el atributo sandbox de un elemento IFRAME, lo que permite a atacantes remotos burlar las restricciones de acceso a través de un elemento FRAME dentro de un elemento IFRAME • http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00005.html http://www.mozilla.org/security/announce/2013/mfsa2013-57.html http://www.ubuntu.com/usn/USN-1890-1 https://bugzilla.mozilla.org/show_bug.cgi?id=849791 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16433 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 10.0EPSS: 94%CPEs: 188EXPL: 0

CVE-2013-2473 – Oracle Java ByteComponentRaster Buffer Overflow Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2013-2473

Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect ByteBandedRaster size checks" in 2D. ... Oracle no ha comentado sobre quejas de otros proveedores de que este problema permite a atacantes remotos eludir la sandbox Java a través de vectores relacionados con "comprobación de talla incorrecta ByteBandedRaster" en 2D. • http://advisories.mageia.org/MGASA-2013-0185.html http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880 http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/259d4998ce2f http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html http:/&#x •