CVSS: 9.3EPSS: 3%CPEs: 1EXPL: 1CVE-2015-3693 – Rowhammer - NaCl Sandbox Escape
https://notcve.org/view.php?id=CVE-2015-3693
Apple Mac EFI before 2015-001, as used in OS X before 10.10.4 and other products, does not properly set refresh rates for DDR3 RAM, which might make it easier for remote attackers to conduct row-hammer attacks, and consequently gain privileges or cause a denial of service (memory corruption), by triggering certain patterns of access to memory locations. Apple Mac EFI anterior a 2015-001, utilizado en OS X anterior a 10.10.4 y otros productos, no configura correctamente los indices actualizados para DDR3 RAM, lo que podría facilitar a atacantes remotos realizar ataques 'row-hammer', y como consecuencia gnar privilegios o causar una denegación de servicio (corrupción de memoria), mediante la provocación de ciertas pautas de acceso a localizaciones de memoria. • https://www.exploit-db.com/exploits/36311 http://googleprojectzero.blogspot.com/2015/03/exploiting-dram-rowhammer-bug-to-gain.html http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html http://lists.apple.com/archives/security-announce/2015/Jun/msg00003.html http://support.apple.com/kb/HT204934 http://support.apple.com/kb/HT204942 http://www.securityfocus.com/bid/75495 http://www.securitytracker.com/id/1032444 http://www.securitytracker.com/id/1032755 • CWE-254: 7PK - Security Features •
CVSS: 6.9EPSS: 2%CPEs: 5EXPL: 0CVE-2015-1743 – Microsoft Internet Explorer add-on Installer Sandbox Escape Vulnerability
https://notcve.org/view.php?id=CVE-2015-1743
Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-1748. Microsoft Internet Explorer 7 hasta 11 permite a atacantes remotos ganar privilegios a través de un sitio web manipulado, también conocido como 'vulnerabilidad de la elevación de privilegios de Internet Explorer,' una vulnerabilidad diferente a CVE-2015-1748. This vulnerability allows remote attackers to escape Enhanced Protected Mode on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the usage of the add-on installer. An attacker can bypass checks within the add-on installer with special paths and junction points to achieve medium-integrity code execution under the context of the user. • http://www.securityfocus.com/bid/74996 http://www.securitytracker.com/id/1032521 http://www.zerodayinitiative.com/advisories/ZDI-15-377 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-056 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 6.9EPSS: 1%CPEs: 5EXPL: 0CVE-2015-1748 – Microsoft Internet Explorer Protocol Handler Sandbox Escape Vulnerability
https://notcve.org/view.php?id=CVE-2015-1748
Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-1743. Microsoft Internet Explorer 7 hasta 11 permite a atacantes remotos ganar privilegios a través de un sitio web manipulado, también conocido como 'vulnerabilidad de la elevación de privilegios de Internet Explorer,' una vulnerabilidad diferente a CVE-2015-1743. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the usage of res:// and Windows Help Engine. By running specially crafted JavaScript, a 32-bit medium integrity process can be spawned. • http://www.securityfocus.com/bid/74997 http://www.securitytracker.com/id/1032521 http://www.zerodayinitiative.com/advisories/ZDI-15-251 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-056 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.9EPSS: 1%CPEs: 2EXPL: 0CVE-2015-1739 – Microsoft Internet Explorer Add-On Installer EPM Sandbox Escape Vulnerability
https://notcve.org/view.php?id=CVE-2015-1739
Microsoft Internet Explorer 10 and 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability." Microsoft Internet Explorer 10 y 11 permite a atacantes remotos ganar privilegios a través de un sitio web manipulado, también conocido como 'vulnerabilidad de la elevación de privilegios de Internet Explorer.' This vulnerability allows attackers to escape the Extended Protection Mode sandbox of vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the actions of the IE add-on installer. The installer can take a web page created by attacker code running in the context of the IE App Container and copy it to a location where it can be rendered as an Intranet webpage, which, by default, invokes IE as a medium-integrity process in the context of the user. • http://www.securityfocus.com/bid/74995 http://www.securitytracker.com/id/1032521 http://www.zerodayinitiative.com/advisories/ZDI-15-249 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-056 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 1%CPEs: 5EXPL: 1CVE-2015-4335 – redis: Lua sandbox escape and arbitrary code execution
https://notcve.org/view.php?id=CVE-2015-4335
Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command. Redis anterior a versión 2.8.21 y versiones 3.x y anteriores a 3.0.2, permite a los atacantes remotos ejecutar el código byte Lua arbitrario por medio del comando eval. A flaw was discovered in redis that could allow an authenticated user, who was able to use the EVAL command to run Lua code, to break out of the Lua sandbox and execute arbitrary code on the system. • http://benmmurphy.github.io/blog/2015/06/04/redis-eval-lua-sandbox-escape http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162094.html http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162146.html http://lists.opensuse.org/opensuse-updates/2015-10/msg00014.html http://rhn.redhat.com/errata/RHSA-2015-1676.html http://www.debian.org/security/2015/dsa-3279 http://www.openwall.com/lists/oss-security/2015/06/04/12 http://www.openwall.com/lis • CWE-17: DEPRECATED: Code •