CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2014-1715 – Google Chrome Directory Traversal Sandbox Escape Vulnerability
https://notcve.org/view.php?id=CVE-2014-1715
Directory traversal vulnerability in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows has unspecified impact and attack vectors. Vulnerabilidad de salto de directorio en Google Chrome anterior a 33.0.1750.152 en OS X y Linux y anterior a 33.0.1750.154 en Windows tiene vectores de impacto y ataque no especificados. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of directories. The issue lies in the failure to fully check for directory traversal attempts. • http://googlechromereleases.blogspot.com/2014/03/stable-channel-update_14.html http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00008.html http://security.gentoo.org/glsa/glsa-201408-16.xml http://www.debian.org/security/2014/dsa-2883 http://www.securityfocus.com/bid/66249 https://code.google.com/p/chromium/issues/detail?id=352429 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 1%CPEs: 5EXPL: 0CVE-2014-1714 – Google Chrome Clipboard Sandbox Escape Vulnerability
https://notcve.org/view.php?id=CVE-2014-1714
The ScopedClipboardWriter::WritePickledData function in ui/base/clipboard/scoped_clipboard_writer.cc in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows does not verify a certain format value, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the clipboard. La función ScopedClipboardWriter::WritePickledData en ui/base/clipboard/scoped_clipboard_writer.cc en Google Chrome anterior a 33.0.1750.152 en OS X y Linux y anterior a 33.0.1750.154 en Windows no verifica cierto valor de formato, lo que permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado a través de vectores relacionados con el portapapeles. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the Microsoft Windows Clipboard. An attacker can leverage this vulnerability to execute code under the context of the broker process. • http://archives.neohapsis.com/archives/bugtraq/2014-03/0143.html http://googlechromereleases.blogspot.com/2014/03/stable-channel-update_14.html http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00008.html http://security.gentoo.org/glsa/glsa-201408-16.xml https://code.google.com/p/chromium/issues/detail?id=352395 https://src.chromium.org/viewvc/chrome?revision=256974&view=revision • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 77%CPEs: 8EXPL: 2CVE-2014-0257 – Microsoft .NET Deployment Service - IE Sandbox Escape (MS14-009)
https://notcve.org/view.php?id=CVE-2014-0257
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly determine whether it is safe to execute a method, which allows remote attackers to execute arbitrary code via (1) a crafted web site or (2) a crafted .NET Framework application that exposes a COM server endpoint, aka "Type Traversal Vulnerability." Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5 y 4.5.1 no determina adecuadamente si es seguro ejecutar un método, lo que permite a atacantes remotos ejecutar código arbitrario a través de (1) un sitio web manipulado o (2) una aplicación .NET Framework manipulada que expone un servidor COM, también conocido como "Type Traversal Vulnerability." • https://www.exploit-db.com/exploits/33892 http://packetstormsecurity.com/files/127246/MS14-009-.NET-Deployment-Service-IE-Sandbox-Escape.html http://secunia.com/advisories/56793 http://www.exploit-db.com/exploits/33892 http://www.osvdb.org/103163 http://www.securityfocus.com/bid/65417 http://www.securitytracker.com/id/1029745 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-009 https://github.com/tyranid/IE11SandboxEscapes • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 1%CPEs: 5EXPL: 0CVE-2014-0416 – OpenJDK: insecure subject principals set handling (JAAS, 8024306)
https://notcve.org/view.php?id=CVE-2014-0416
Oracle has not commented on third-party claims that the issue is related to how principals are set for the Subject class, which allows attackers to escape the sandbox using deserialization of a crafted Subject instance. • http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/abe1cb2d27cb http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00024.html http://lists.opensuse.org/opensuse-updates/2014-01/msg00105.html http://lists.opensuse.org/opensuse-updates/2014-01/msg00107.html http://lists.opensuse.org/opensuse-updates/2014-02/msg00000.html http://marc.info& •
CVSS: 10.0EPSS: 13%CPEs: 5EXPL: 0CVE-2014-0428 – OpenJDK: insufficient security checks in IIOP streams (CORBA, 8025767)
https://notcve.org/view.php?id=CVE-2014-0428
Oracle has not commented on third-party claims that the issue is related to "insufficient security checks in IIOP streams," which allows attackers to escape the sandbox. • http://hg.openjdk.java.net/jdk7u/jdk7u/corba/rev/0a879f00b698 http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00024.html http://lists.opensuse.org/opensuse-updates/2014-01/msg00105.html http://lists.opensuse.org/opensuse-updates/2014-01/msg00107.html http://lists.opensuse.org/opensuse-updates/2014-02/msg00000.html http://marc.inf •