CVSS: 7.5EPSS: 0%CPEs: 21EXPL: 0CVE-2015-1155 – Apple Safari file:// Redirection Sandbox Escape Vulnerabliity
https://notcve.org/view.php?id=CVE-2015-1155
The history implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to bypass the Same Origin Policy and read arbitrary files via a crafted web site. ... An attacker can leverage this vulnerability to execute code outside the context of the Safari sandbox. • http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html http://lists.apple.com/archives/security-announce/2015/May/msg00000.html http://lists.opensuse.org/opensuse-updates/2016-03/msg00054.html http://lists.opensuse.org/opensuse-updates/2016-03/msg00132.html http://support.apple.com/kb/HT204941 http://www.securityfocus.com/bid/74527 http://www.securitytracker.com/id/1032270 http://www.ubuntu.com/usn/USN-2937-1 https://support.apple.com/HT204826 https://suppo • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2015-0470 – OpenJDK: incorrect handling of default methods (Hotspot, 8065366)
https://notcve.org/view.php?id=CVE-2015-0470
An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. • http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00017.html http://rhn.redhat.com/errata/RHSA-2015-0809.html http://rhn.redhat.com/errata/RHSA-2015-0854.html http://www.debian.org/security/2015/dsa-3234 http://www.debian.org/security/2015/dsa-3235 http://www.debian.org/security/2015/dsa-3316 http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html http://www.securityfocus.com/bid/74149 http://www.securitytracker.com/id/1032120 https://s •
CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0CVE-2015-0477 – OpenJDK: incorrect permissions check in resource loading (Beans, 8068320)
https://notcve.org/view.php?id=CVE-2015-0477
An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. • http://advisories.mageia.org/MGASA-2015-0158.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html http:/ •
CVSS: 10.0EPSS: 8%CPEs: 8EXPL: 0CVE-2015-0469 – ICU: layout engine glyphStorage off-by-one (OpenJDK 2D, 8067699)
https://notcve.org/view.php?id=CVE-2015-0469
A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. • http://advisories.mageia.org/MGASA-2015-0158.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html http:/ • CWE-122: Heap-based Buffer Overflow •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1115
https://notcve.org/view.php?id=CVE-2015-1115
The Telephony component in Apple iOS before 8.3 allows attackers to bypass a sandbox protection mechanism and access unintended telephone capabilities via a crafted app. El componente Telephony en Apple iOS anterior a 8.3 permite a atacantes evadir un mecanismo de protección de sandbox y acceder a capacidades de teléfono a través de una aplicación manipulada. • http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html http://www.securityfocus.com/bid/73978 http://www.securitytracker.com/id/1032050 https://support.apple.com/HT204661 • CWE-284: Improper Access Control •