Page 113 of 578 results (0.135 seconds)

CVSS: 6.8EPSS: 2%CPEs: 84EXPL: 0

CVE-2010-0186 – flash-plugin: unauthorized cross-domain requests (APSB10-06)

https://notcve.org/view.php?id=CVE-2010-0186

Cross-domain vulnerability in Adobe Flash Player before 10.0.45.2, Adobe AIR before 1.5.3.9130, and Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows remote attackers to bypass intended sandbox restrictions and make cross-domain requests via unspecified vectors. Vulnerabilidad de tipo cross-domain en Adobe Flash Player anterior a versión 10.0.45.2, Adobe AIR anterior a 1.5.3.9130 y Adobe Reader y Acrobat 8.x anterior al 8.2.1 y 9.x anterior al 9.3.1 permite a los atacantes remotos omitir las restricciones de sandbox previstas y hacer peticiones de tipo cross-domain por medio de vectores no específicos. • http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html http://secunia.com/advisories/38547 http://secunia.com/advisories/38639 http://secunia.com/advisories/38915 http://secunia.com/advisories/40220 http://secunia.com/advisories/43026 http://security.gentoo.org/glsa/glsa-201101-09.xml http://securitytracker.com/id?1023585 http://support.apple.com/kb/HT4188 http://www.adobe.com/sup •

CVSS: 10.0EPSS: 5%CPEs: 30EXPL: 0

CVE-2009-2935

https://notcve.org/view.php?id=CVE-2009-2935

Google V8, as used in Google Chrome before 2.0.172.43, allows remote attackers to bypass intended restrictions on reading memory, and possibly obtain sensitive information or execute arbitrary code in the Chrome sandbox, via crafted JavaScript. Google V8, usado en Google Chrome anteriores a v2.0.172.43, permite a los atacantes remotos, evitar restricciones intencionadas o lecturas de memoria, y posiblemente obtener información sensible o ejecución arbitraria de código en el Chrome sandbox, a través de JavaScript manipulado. • http://code.google.com/p/chromium/issues/detail?id=18639 http://googlechromereleases.blogspot.com/2009/08/stable-update-security-fixes.html http://osvdb.org/57421 http://secunia.com/advisories/36417 http://www.securityfocus.com/bid/36149 http://www.securitytracker.com/id?1022773 http://www.vupen.com/english/advisories/2009/2420 https://exchange.xforce.ibmcloud.com/vulnerabilities/52902 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.0EPSS: 2%CPEs: 91EXPL: 0

CVE-2008-5339 – Sun Java Web Start and Applet Multiple Sandbox Bypass Vulnerabilities

https://notcve.org/view.php?id=CVE-2008-5339

These vulnerabilities allow remote attackers to bypass sandbox restrictions on vulnerable installations of Sun Java Web Start. ... If the codebase points to the local filesystem, any file is then readable by the malicious applet. The third vulnerability allows JNLP files to bypass socket restrictions. • http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html http://marc.info/?l=bugtraq&m=123678756409861&w=2 http://marc.info/?l=bugtraq&m=126583436323697&w=2 http://rhn.redhat.com/errata/RHSA-2008-1018.html http://rhn.redhat.com/errata/RHSA-2008-1025.html http://secunia.com/advisories/32991 http://secunia.com •

CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0

CVE-2008-4831

https://notcve.org/view.php?id=CVE-2008-4831

Unspecified vulnerability in Adobe ColdFusion 8 and 8.0.1 and ColdFusion MX 7.0.2 allows local users to bypass sandbox restrictions, and obtain sensitive information or possibly gain privileges, via unknown vectors. Vulnerabilidad no especificada en Adobe ColdFusion v8 y v8.0.1 y ColdFusion MX v7.0.2; permite a usuarios locales evitar las restricciones de la caja de arena (sandbox) y obtener información sensible o posiblemente ganar privilegios a través de vectores desconocidos. • http://osvdb.org/49709 http://secunia.com/advisories/32567 http://www.adobe.com/support/security/bulletins/apsb08-21.html http://www.securityfocus.com/bid/32130 http://www.securitytracker.com/id?1021145 http://www.vupen.com/english/advisories/2008/3032 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 10.0EPSS: 2%CPEs: 77EXPL: 0

CVE-2008-3112 – Sun Java Web Start Sandbox Bypass Vulnerability

https://notcve.org/view.php?id=CVE-2008-3112

Directory traversal vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create arbitrary files via the writeManifest method in the CacheEntry class, aka CR 6703909. ... A directory traversal flaw in this method allows the creation of arbitrary files on the target system. • http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html http://marc.info/?l=bugtraq&m=122331139823057&w=2 h • CWE-264: Permissions, Privileges, and Access Controls •