CVE-2014-0457 – Oracle Java ScriptEngineManager Sandbox Bypass Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-0457
Unspecified vulnerability in Oracle Java SE 5.0u61, SE 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. Vulnerabilidad sin especificar en Oracle Java SE 5.0u61, SE 6u71, 7u51, y 8; JRockit R27.8.1 y R28.3.1; y Java SE Embedded 7u51 permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con las librerías. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ScriptEngineManager. With the usage of this class, it is possible to disable the security manager and run code as privileged. • http://marc.info/?l=bugtraq&m=140852974709252&w=2 http://rhn.redhat.com/errata/RHSA-2014-0675.html http://rhn.redhat.com/errata/RHSA-2014-0685.html http://secunia.com/advisories/58415 http://secunia.com/advisories/58974 http://secunia.com/advisories/59058 http://security.gentoo.org/glsa/glsa-201406-32.xml http://security.gentoo.org/glsa/glsa-201502-12.xml http://www-01.ibm.com/support/docview.wss?uid=swg21672080 http://www-01.ibm.com/support/docview.wss?uid= •
CVE-2014-0429 – OpenJDK: Incorrect mlib/raster image validation (2D, 8027841)
https://notcve.org/view.php?id=CVE-2014-0429
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. Vulnerabilidad no especificada en Oracle Java SE 5.0u61, 6u71, 7u51, y 8; JRockit R27.8.1 y R28.3.1; y Java SE Embedded 7u51 permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con 2D. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 http://marc.info/?l=bugtraq&m=140852974709252&w=2 http://rhn.redhat.com/errata/RHSA-2014-0675.html http://rhn.redhat.com/errata/RHSA-2014-0685.html http://secunia.com/advisories/58415 http://secunia.com/advisories/58974 http://secunia.com/advisories/59058 http://security.gentoo.org/glsa/glsa-201406-32.xml http://security.gentoo.org/glsa/glsa-201502-12.xml http://www-01.ibm.com/support/docview.wss?u •
CVE-2013-7313
https://notcve.org/view.php?id=CVE-2013-7313
The OSPF implementation in Juniper Junos through 13.x, JunosE, and ScreenOS through 6.3.x does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149. La implementación de OSPF en Juniper Junos hasta la versión 13.x, JunosE, y ScreenOS hasta la versión 6.3.x no considera la posibilidad de valores Link State ID duplicados en Link State Adverisement (LSA) antes de realizar operaciones en la base de datos LSA, lo que permite a atacantes remotos provocar una denegación de servicio (interrupción de enrutamiento) u obtener información sensible de paquetes a través de un paquete LSA manipulado, una vulnerabilidad relacionada con CVE-2013-0149. • http://www.kb.cert.org/vuls/id/229804 http://www.kb.cert.org/vuls/id/BLUU-97KQ26 •
CVE-2013-6618 – Juniper Junos J-Web - Privilege Escalation
https://notcve.org/view.php?id=CVE-2013-6618
jsdm/ajax/port.php in J-Web in Juniper Junos before 10.4R13, 11.4 before 11.4R7, 12.1 before 12.1R5, 12.2 before 12.2R3, and 12.3 before 12.3R1 allows remote authenticated users to execute arbitrary commands via the rsargs parameter in an exec action. jsdm / ajax / port.php de J-Web en Juniper Junos anterior 10.4R13, 11.4 anterior a 11.4R, 12,.1 anterior a 12.1R5 anterior a 12.2R3 y 12.3 antes 12.3R1 permite a usuarios remotos autenticados ejecutar comandos arbitrarios a través del parámetro rsargs en una acción exec. • https://www.exploit-db.com/exploits/29544 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10560 http://secunia.com/advisories/54731 http://www.exploit-db.com/exploits/29544 http://www.securityfocus.com/bid/62305 http://www.securitytracker.com/id/1029016 http://www.senseofsecurity.com.au/advisories/SOS-13-003 https://exchange.xforce.ibmcloud.com/vulnerabilities/87011 • CWE-20: Improper Input Validation •
CVE-2013-6015
https://notcve.org/view.php?id=CVE-2013-6015
Juniper Junos before 10.4S14, 11.4 before 11.4R5-S2, 12.1R before 12.1R3, 12.1X44 before 12.1X44-D20, and 12.1X45 before 12.1X45-D15 on SRX Series services gateways, when a plugin using TCP proxy is configured, allows remote attackers to cause a denial of service (flow daemon crash) via an unspecified sequence of TCP packets. Juniper Junos en versiones anteriores a 10.4S14, 11.4 en versiones anteriores a 11.4R5-S2, 12.1R en versiones anteriores a 12.1R3, 12.1X44 en versiones anteriores a 12.1X44-D20 y 12.1X45 en versiones anteriores a 12.1X45-D15 en puertas de enlace de servicios SRX Series, cuando se configura un plugin utilizando un proxy TCP, permite a atacantes remotos provocar una denegación de servicio (caída del demonio de flujo) a través de una secuencia no especificada de paquetes TCP. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10596 http://osvdb.org/98368 http://secunia.com/advisories/55218 http://www.securitytracker.com/id/1029177 • CWE-20: Improper Input Validation •