Page 73 of 414 results (0.157 seconds)

CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0

CVE-2014-8892 – JDK: unspecified partial Java sandbox bypass fixed in Feb 2015 update

https://notcve.org/view.php?id=CVE-2014-8892

Unspecified vulnerability in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 5.0 before SR16-FP9, 6 before SR16-FP3, 6R1 before SR8-FP3, 7 before SR8-FP10, and 7R1 before SR2-FP10 allows remote attackers to bypass intended access permissions and obtain sensitive information via unspecified vectors related to the security manager. Vulnerabilidad no especificada en Java Virtual Machine (JVM) en IBM SDK, Java Technology Edition 5.0 anterior a SR16-FP9, 6 anterior a SR16-FP3, 6R1 anterior a SR8-FP3, 7 anterior a SR8-FP10, y 7R1 anterior a SR2-FP10 permite a atacantes remotos evadir los permisos de acceso y obtener información sensible a través de vectores no especificados relacionados con el gestor de seguridad. • http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00033.html http://lists.opensuse.org/opensuse-security-announce/2015-02 •

CVSS: 7.5EPSS: 2%CPEs: 3EXPL: 3

CVE-2014-4492 – Apple Mac OSX networkd - 'effective_audit_token' XPC Type Confusion Sandbox Escape

https://notcve.org/view.php?id=CVE-2014-4492

libnetcore in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not verify that certain values have the expected data type, which allows attackers to execute arbitrary code in an _networkd context via a crafted XPC message from a sandboxed app, as demonstrated by lack of verification of the XPC dictionary data type. libnetcore en Apple iOS anterior a 8.1.3, Apple OS X anterior a 10.10.2, y Apple TV anterior a 7.0.3 no verifica que ciertos valores tienen los tipos de datos esperados, lo que permite a atacantes ejecutar código arbitrario en un contexto _networkd a través de un mensaje XPC manipulado de una aplicación con sandbox, tal y como fue demostrado mediante la falta de verificación de un tipo de datos del diccionario de XPC. networkd is the system daemon which implements the com.apple.networkd XPC service. • https://www.exploit-db.com/exploits/35847 http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html http://packetstormsecurity.com/files/134393/Mac-OS-X-Networkd-XPC-Type-Confusion-Sandbox-Escape.html http://support.apple.com/HT204244 http://support.apple.com/HT204245 http://support.apple.com/HT204246 http://www.exploit-db • CWE-19: Data Processing Errors •

CVSS: 7.5EPSS: 6%CPEs: 1EXPL: 0

CVE-2014-8840 – (Mobile Pwn2Own) Apple iOS SSL Sandbox Bypass Vulnerability

https://notcve.org/view.php?id=CVE-2014-8840

The iTunes Store component in Apple iOS before 8.1.3 allows remote attackers to bypass a Safari sandbox protection mechanism by leveraging redirection of an SSL URL to the iTunes Store. El componente iTunes Store en Apple iOS anterior a 8.1.3 permite a atacantes remotos evadir el mecanismo de protección Safari sandbox mediante el aprovechamiento de la redirección de una URL de SSL en iTunes Store. ... An attacker can leverage this vulnerability to execute code outside the context of the sandbox. • http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html http://support.apple.com/HT204245 http://www.securitytracker.com/id/1031652 http://zerodayinitiative.com/advisories/ZDI-15-010 https://exchange.xforce.ibmcloud.com/vulnerabilities/100533 • CWE-310: Cryptographic Issues •

CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0

CVE-2014-0546 – Adobe Acrobat and Reader Sandbox Bypass Vulnerability

https://notcve.org/view.php?id=CVE-2014-0546

Adobe Reader and Acrobat 10.x before 10.1.11 and 11.x before 11.0.08 on Windows allow attackers to bypass a sandbox protection mechanism, and consequently execute native code in a privileged context, via unspecified vectors. Adobe Reader y Acrobat 10.x anterior a 10.1.11 y 11.x anterior a 11.0.08 en Windows permiten a atacantes evadir un mecanismo de protección sandbox, y como consecuencia ejecutar código nativo en un contexto privilegiado, a través de vectores no especificados. Adobe Acrobat and Reader on Windows allow attackers to bypass a sandbox protection mechanism, and consequently execute native code in a privileged context. • http://helpx.adobe.com/security/products/reader/apsb14-19.html http://www.securitytracker.com/id/1030711 •

CVSS: 7.5EPSS: 5%CPEs: 23EXPL: 0

CVE-2014-1371 – Apple OS X Dock Service Sandbox Escape Vulnerability

https://notcve.org/view.php?id=CVE-2014-1371

Error de indice del array en Dock en Apple OS X anterior a 10.9.4 permite a atacantes ejecutar código arbitrario o causar una denegación de servicio (referencia a puntero de función incorrecta y caída de aplicación) mediante el aprovechamiento del acceso a una aplicación en una sandbox para enviar un mensaje. • http://archives.neohapsis.com/archives/bugtraq/2014-06/0172.html http://secunia.com/advisories/59475 http://support.apple.com/kb/HT6296 http://www.securitytracker.com/id/1030505 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •