CVSS: 5.0EPSS: 1%CPEs: 18EXPL: 0CVE-2015-0407 – OpenJDK: directory information leak via file chooser (Swing, 8055304)
https://notcve.org/view.php?id=CVE-2015-0407
An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. • http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581 http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00018.html http://marc.info/?l=bugtraq&m=142496355704097&w=2 http://marc.info/?l=bugtraq&m=142607790919348&w=2 http://rhn.redhat.com/errata/RHSA-2015-0068.html http://rhn.redhat.com/errata/RHSA& •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 0CVE-2014-6549 – OpenJDK: incorrect class loader permission check in ClassLoader getParent() (Libraries, 8055314)
https://notcve.org/view.php?id=CVE-2014-6549
An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. • http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00024.html http://rhn.redhat.com/errata/RHSA-2015-0080.html http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html http://www.securityfocus.com/bid/72137 http://www.securitytracker.com/id/1031580 https://security.gentoo.org/glsa/201507-14 https://www-304.ibm.com/support/docview.wss?uid=swg21695474 https://access.redhat.com/security/cve/CVE-2014-6549 https://bugzilla.redhat.com/show_bug.cgi?id=118366 •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2014-6587 – OpenJDK: MulticastSocket NULL pointer dereference (Libraries, 8056264)
https://notcve.org/view.php?id=CVE-2014-6587
An untrusted Java application or applet could possibly use this flaw to bypass certain Java sandbox restrictions. • http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581 http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00018.html http://marc.info/?l=bugtraq&m=142496355704097&w=2 http://marc.info/?l=bugtraq&m=142607790919348&w=2 http://rhn.redhat.com/errata/RHSA-2015-0068.html http://rhn.redhat.com/errata/RHSA& • CWE-476: NULL Pointer Dereference •
CVSS: 6.4EPSS: 0%CPEs: 20EXPL: 0CVE-2014-9150
https://notcve.org/view.php?id=CVE-2014-9150
Race condition in the MoveFileEx call hook feature in Adobe Reader and Acrobat 11.x before 11.0.09 on Windows allows attackers to bypass a sandbox protection mechanism, and consequently write to files in arbitrary locations, via an NTFS junction attack, a similar issue to CVE-2014-0568. Condición de carrera en la caracteristica 'MoveFileEx call hook' en Adobe Reader and Acrobat 11.x anterior a 11.0.09 en Windows permite a atacantes remotos evadir el mecanismo de protección de sandbox, y como consecuencia escribir a ficheros en localizaciones arbitrarias, a través de un ataque de unión NTFS, un problema similar a CVE-2014-0568. • http://helpx.adobe.com/security/products/reader/apsb14-28.html https://code.google.com/p/google-security-research/issues/detail?id=103 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2014-4457
https://notcve.org/view.php?id=CVE-2014-4457
The Sandbox Profiles subsystem in Apple iOS before 8.1.1 does not properly implement the debugserver sandbox, which allows attackers to bypass intended binary-execution restrictions via a crafted application that is run during a time period when debugging is not enabled. El subsistema Sandbox Profiles en Apple iOS anterior a 8.1.1 no implementa debidamente el sandbox debugserver, lo cual permite a atacantes evadir las restricciones destinadas a la ejecución de binarios a través de una aplicación manipulada que es ejecutada durante un período de tiempo cuando la depuración no está habilitada. • http://lists.apple.com/archives/security-announce/2014/Nov/msg00000.html http://www.securityfocus.com/bid/71143 http://www.securitytracker.com/id/1031232 https://exchange.xforce.ibmcloud.com/vulnerabilities/98777 https://support.apple.com/en-us/HT204418 https://support.apple.com/en-us/HT6590 • CWE-264: Permissions, Privileges, and Access Controls •