CVSS: 10.0EPSS: 91%CPEs: 22EXPL: 0CVE-2014-0457 – Oracle Java ScriptEngineManager Sandbox Bypass Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-0457
Unspecified vulnerability in Oracle Java SE 5.0u61, SE 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. Vulnerabilidad sin especificar en Oracle Java SE 5.0u61, SE 6u71, 7u51, y 8; JRockit R27.8.1 y R28.3.1; y Java SE Embedded 7u51 permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con las librerías. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ScriptEngineManager. With the usage of this class, it is possible to disable the security manager and run code as privileged. • http://marc.info/?l=bugtraq&m=140852974709252&w=2 http://rhn.redhat.com/errata/RHSA-2014-0675.html http://rhn.redhat.com/errata/RHSA-2014-0685.html http://secunia.com/advisories/58415 http://secunia.com/advisories/58974 http://secunia.com/advisories/59058 http://security.gentoo.org/glsa/glsa-201406-32.xml http://security.gentoo.org/glsa/glsa-201502-12.xml http://www-01.ibm.com/support/docview.wss?uid=swg21672080 http://www-01.ibm.com/support/docview.wss?uid= •
CVSS: 10.0EPSS: 1%CPEs: 4EXPL: 0CVE-2014-0432 – Oracle Java permuteArguments Sandbox Bypass Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-0432
Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-0455 and CVE-2014-2402. Vulnerabilidad no especificada en Oracle Java SE 7u51 y 8, y Java SE Embedded 7u51, que permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con las librerías, una vulnerabilidad diferente a CVE-2014-0455 y CVE-2014-2402. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the usage of permuteArguments. With the usage of this method, it is possible to disable the security manager and run code as privileged. • http://marc.info/?l=bugtraq&m=140852886808946&w=2 http://security.gentoo.org/glsa/glsa-201502-12.xml http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html http://www.securityfocus.com/bid/66897 https://access.redhat.com/errata/RHSA-2014:0413 https://access.redhat.com/security/cve/CVE-2014-0432 https://bugzilla.redhat.com/show_bug.cgi?id=1088023 •
CVSS: 5.0EPSS: 0%CPEs: 12EXPL: 0CVE-2014-1297
https://notcve.org/view.php?id=CVE-2014-1297
WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, does not properly validate WebProcess IPC messages, which allows remote attackers to bypass a sandbox protection mechanism and read arbitrary files by leveraging WebProcess access. WebKit, utilizado en Apple Safari anterior a 6.1.3 y 7.x anterior a 7.0.3, no valida debidamente mensajes IPC de WebProcess, lo que permite a atacantes remotos evadir un mecanismo de protección sandbox y leer archivos arbitrarios mediante el aprovechamiento de acceso a WebProcess. • http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2014-0512 – Adobe Reader Sandbox Bypass Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-0512
Adobe Reader 11.0.06 allows attackers to bypass a PDF sandbox protection mechanism via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014. Adobe Reader 11.0.06 permite a atacantes evadir un mecanismo de protección sandbox a través de vectores no especificados, como fue demostrado por VUPEN durante una competición Pwn2Own en CanSecWest 2014. ... An attacker can leverage this to execute code outside the context of the sandbox. • http://helpx.adobe.com/security/products/reader/apsb14-15.html http://twitter.com/thezdi/statuses/443827076580122624 http://www.pwn2own.com/2014/03/pwn2own-results-for-wednesday-day-one • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 59%CPEs: 1EXPL: 0CVE-2014-0510 – Adobe Flash Display Object Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-0510
Heap-based buffer overflow in Adobe Flash Player 12.0.0.77 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism via unspecified vectors, as demonstrated by Zeguang Zhao and Liang Chen during a Pwn2Own competition at CanSecWest 2014. Desbordamiento de buffer basado en memoria dinámica en Adobe Flash Player 12.0.0.77 permite a atacantes remotos ejecutar código arbitrario y evadir un mecanismo de protección sandbox a través de vectores no especificados, como fue demostrado por Zeguang Zhao y Liang Chen durante una competición Pwn2Own en CanSecWest 2014. • http://helpx.adobe.com/security/products/flash-player/apsb14-14.html http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00008.html http://rhn.redhat.com/errata/RHSA-2014-0496.html http://security.gentoo.org/glsa/glsa-201406-08.xml http://twitter.com/thezdi/statuses/444262022444621824 http://www.pwn2own.com/2014/03/pwn2own-results-thursday-day-two http://www.securityfocus.com/bid/66241 https://access.redhat.com/security/cve/CVE-2014-0510 https://bugzilla.redhat.com/s • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-416: Use After Free •