CVE-2013-5893 – OpenJDK: JVM method processing issues (Libraries, 8029507)
https://notcve.org/view.php?id=CVE-2013-5893
Oracle has not commented on third-party claims that the issue is related to improper handling of methods in MethodHandles in HotSpot JVM, which allows attackers to escape the sandbox. • http://hg.openjdk.java.net/jdk7u/jdk7u/hotspot/rev/839100e42498 http://lists.opensuse.org/opensuse-updates/2014-01/msg00105.html http://lists.opensuse.org/opensuse-updates/2014-01/msg00107.html http://lists.opensuse.org/opensuse-updates/2014-02/msg00000.html http://marc.info/?l=bugtraq&m=139402697611681&w=2 http://osvdb.org/102000 http://rhn.redhat.com/errata/RHSA-2014-0026.html http://rhn.redhat.com/errata/RHSA-2014-0027.html http://rhn.redhat.com/errata/RHSA-2014-00 •
CVE-2014-0373 – OpenJDK: SnmpStatusException handling issues (Serviceability, 7068126)
https://notcve.org/view.php?id=CVE-2014-0373
Oracle has not commented on third-party claims that the issue is related to throwing of an incorrect exception when SnmpStatusException should have been used in the SNMP implementation, which allows attackers to escape the sandbox. • http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/496c51673dec http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00024.html http://lists.opensuse.org/opensuse-updates/2014-01/msg00105.html http://lists.opensuse.org/opensuse-updates/2014-01/msg00107.html http://lists.opensuse.org/opensuse-updates/2014-02/msg00000.html http://marc.info& •
CVE-2013-5878 – OpenJDK: null xmlns handling issue (Security, 8025026)
https://notcve.org/view.php?id=CVE-2013-5878
Oracle has not commented on third-party claims that the Security component does not properly handle null XML namespace (xmlns) attributes during XML document canonicalization, which allows attackers to escape the sandbox. ... Oracle no ha comentado las notificaciones de terceros de que el componente Security no maneja apropiadamente los atributos de espacio de nombres XML null (xmlns) durante la canonicalización de documentos XML, lo que permite a los atacantes escapar del sandbox. • http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00024.html http://lists.opensuse.org/opensuse-updates/2014-01/msg00105.html http://lists.opensuse.org/opensuse-updates/2014-01/msg00107.html http://lists.opensuse.org/opensuse-updates/2014-02/msg00000.html http://marc.info/?l=bugtraq&m=139402697611681&w=2 http://marc.info/?l •
CVE-2013-5045 – Microsoft Registry Symlink - IE Sandbox Escape (MS13-097)
https://notcve.org/view.php?id=CVE-2013-5045
Microsoft Internet Explorer 10 y 11 permite a usuarios locales evadir el mecanismo de modo protegido, y consecuentemente obtener privilegios mediante el aprovechamiento de la capacidad de ejecutar código en una sandbox, también conocido como "Vulnerabilidad de elevación de privilegios en Internet Explorer". • https://www.exploit-db.com/exploits/33893 http://packetstormsecurity.com/files/127245/MS13-097-Registry-Symlink-IE-Sandbox-Escape.html http://www.exploit-db.com/exploits/33893 http://www.osvdb.org/100757 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-097 https://github.com/tyranid/IE11SandboxEscapes • CWE-20: Improper Input Validation •
CVE-2013-4041 – JDK: unspecified sandbox bypass (JVM)
https://notcve.org/view.php?id=CVE-2013-4041
Unspecified vulnerability in IBM Java SDK 5.0.0 before SR16 FP4, 7.0.0 before SR6, 6.0.1 before SR7, and 6.0.0 before SR15 allows remote attackers to access restricted classes via unspecified vectors. Vulnerabilidad no especificada en el Java SDK de IBM 5.0.0 anteriores a SR16 FP4, 7.0.0 anteriores a SR6, 6.0.1 anteriores a SR7, y 6.0.0 anteriores a SR15 permite a atacantes remotos acceder clases restringidas a través de vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00013.html http://rhn.redhat.com/errata/RHSA-2013-1507.html http://rhn.redhat.com/errata/RHSA-2013-1508.html http://rhn.redhat.com/errata/RHSA-2013-1509.html http://rhn.redhat.com/errata/RHSA-2013-1793.html http://secunia.com/advisories/56338 http://www-01.ibm.com/support/docview.wss?uid=swg1IV51087 http://www-01.ibm.com/support/docview.wss?uid=swg1IV51088 http://www-01.ibm.com/support/docview.wss?uid •