CVE-2013-1475 – OpenJDK: IIOP type reuse sandbox bypass (CORBA, 8000540, SE-2012-01 Issue 50)
https://notcve.org/view.php?id=CVE-2013-1475
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "IIOP type reuse management" in ObjectStreamClass.java. Vulnerabilidad sin especificar en el Java Runtime Environment (JRE) de oracle Java SE v7 hasta la Update v11, desde la v6 hasta la Update v38, desde la v5.0 hasta la Update v38, y la v1.4.2_40 junto con anteriores que permite ataques remotos que afectan la confidencialidad, la integridad y la disponibilidad por vectores relacionados con CORBA • http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/corba/rev/127e4c348a71 http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html http://marc.info/?l=bugtraq&m=136439120408139&w=2 http://marc.info/?l=bugtraq&m=136570436423916&w=2 http://marc.info/?l=bugtraq&m=136733161405818&w=2 http://rhn •
CVE-2013-0431 – Oracle JRE Sandbox Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2013-0431
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows user-assisted remote attackers to bypass the Java security sandbox via unspecified vectors related to JMX, aka "Issue 52," a different vulnerability than CVE-2013-1490. Una Vulnerabilidad no especificada en el componente Java Runtime Environment (JRE) en Java SE versión 7 hasta Update 11 y OpenJDK versión 7 de Oracle, permite a los atacantes remotos asistidos por el usuario omitir el sandbox de seguridad Java por medio de vectores no especificados relacionados con JMX, también se conoce como "Issue 52", una vulnerabilidad diferente de CVE-2013-1490. Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle allows remote attackers to bypass the Java security sandbox. • https://www.exploit-db.com/exploits/24539 http://arstechnica.com/security/2013/01/critical-java-vulnerabilies-confirmed-in-latest-version http://blogs.computerworld.com/malware-and-vulnerabilities/21693/yet-another-java-security-flaw-discovered-number-53 http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html http://marc.info/?l=bugtraq&m=136439120408139&w=2 http://marc.info/?l=bugtraq&m=136733161405818&w=2 http://rhn.redhat.com/errata/RHSA-2013-0237.html http://rhn.re •
CVE-2012-5076 – Oracle Java SE Sandbox Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2012-5076
An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. • https://www.exploit-db.com/exploits/24309 https://www.exploit-db.com/exploits/22657 http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html http://rhn.redhat.com/errata/RHSA-2012-1386.html http://rhn.redhat.com/errata/RHSA-2012-1391.html http://rhn.redhat.com/errata/RHSA-2012-1467.html http://secunia.com/advisories/51029 http://secunia.com/advisories/51326 http://secunia.com/advisories/51390 http://security.gentoo.org/glsa/glsa-201406-32.xml http:& •
CVE-2011-3046
https://notcve.org/view.php?id=CVE-2011-3046
The extension subsystem in Google Chrome before 17.0.963.78 does not properly handle history navigation, which allows remote attackers to execute arbitrary code by leveraging a "Universal XSS (UXSS)" issue. El subsistema de extensión en Google Chrome antes de v17.0.963.78 no gestiona adecuadamente el historial de navegación, lo que permite a atacantes remotos ejecutar código de su elección qaprovechandose de un problema "XSS universal(UXSS)". • 1026776 http://www.zdnet.com/blog/security/cansecwest-pwnium-google-chrome-hacked-with-sandbox-bypass/10563 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14686 https://plus.google.com/u/0/116651741222993143554/posts/5Eq5d9XgFqs • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2008-7303
https://notcve.org/view.php?id=CVE-2008-7303
The nonet and nointernet sandbox profiles in Apple Mac OS X 10.5.x do not propagate restrictions to all created processes, which allows remote attackers to access network resources via a crafted application, as demonstrated by use of launchctl to trigger the launchd daemon's execution of a script file, a related issue to CVE-2011-1516. • http://www.coresecurity.com/content/apple-osx-sandbox-bypass https://www.blackhat.com/presentations/bh-jp-08/bh-jp-08-Miller/BlackHat-Japan-08-Miller-Hacking-OSX.pdf • CWE-264: Permissions, Privileges, and Access Controls •