CVSS: 10.0EPSS: 1%CPEs: 10EXPL: 0CVE-2014-0455 – Oracle Java DropArguments Sandbox Bypass Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-0455
Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-0432 and CVE-2014-2402. Vulnerabilidad no especificada en Oracle Java SE 7u51 y 8, y Java SE Embedded 7u51, permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con las librerías, una vulnerabilidad diferente a CVE-2014-0432 y CVE-2014-2402. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the usage of dropArguments. With the usage of this method, it is possible to disable the security manager and run code as privileged. • http://marc.info/?l=bugtraq&m=140852886808946&w=2 http://rhn.redhat.com/errata/RHSA-2014-0675.html http://secunia.com/advisories/58974 http://security.gentoo.org/glsa/glsa-201502-12.xml http://www-01.ibm.com/support/docview.wss?uid=swg21672080 http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html http://www.securityfocus.com/bid/66899 http://www.ubuntu.com/usn/USN-2187-1 https://access.redhat.com/errata/RHSA-2014:0413 https://www.ibm.com/su •
CVSS: 10.0EPSS: 91%CPEs: 22EXPL: 0CVE-2014-0457 – Oracle Java ScriptEngineManager Sandbox Bypass Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-0457
Unspecified vulnerability in Oracle Java SE 5.0u61, SE 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. Vulnerabilidad sin especificar en Oracle Java SE 5.0u61, SE 6u71, 7u51, y 8; JRockit R27.8.1 y R28.3.1; y Java SE Embedded 7u51 permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con las librerías. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ScriptEngineManager. With the usage of this class, it is possible to disable the security manager and run code as privileged. • http://marc.info/?l=bugtraq&m=140852974709252&w=2 http://rhn.redhat.com/errata/RHSA-2014-0675.html http://rhn.redhat.com/errata/RHSA-2014-0685.html http://secunia.com/advisories/58415 http://secunia.com/advisories/58974 http://secunia.com/advisories/59058 http://security.gentoo.org/glsa/glsa-201406-32.xml http://security.gentoo.org/glsa/glsa-201502-12.xml http://www-01.ibm.com/support/docview.wss?uid=swg21672080 http://www-01.ibm.com/support/docview.wss?uid= •
CVSS: 10.0EPSS: 1%CPEs: 4EXPL: 0CVE-2014-0432 – Oracle Java permuteArguments Sandbox Bypass Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-0432
Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-0455 and CVE-2014-2402. Vulnerabilidad no especificada en Oracle Java SE 7u51 y 8, y Java SE Embedded 7u51, que permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con las librerías, una vulnerabilidad diferente a CVE-2014-0455 y CVE-2014-2402. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the usage of permuteArguments. With the usage of this method, it is possible to disable the security manager and run code as privileged. • http://marc.info/?l=bugtraq&m=140852886808946&w=2 http://security.gentoo.org/glsa/glsa-201502-12.xml http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html http://www.securityfocus.com/bid/66897 https://access.redhat.com/errata/RHSA-2014:0413 https://access.redhat.com/security/cve/CVE-2014-0432 https://bugzilla.redhat.com/show_bug.cgi?id=1088023 •
CVSS: 5.0EPSS: 0%CPEs: 12EXPL: 0CVE-2014-1297
https://notcve.org/view.php?id=CVE-2014-1297
WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, does not properly validate WebProcess IPC messages, which allows remote attackers to bypass a sandbox protection mechanism and read arbitrary files by leveraging WebProcess access. WebKit, utilizado en Apple Safari anterior a 6.1.3 y 7.x anterior a 7.0.3, no valida debidamente mensajes IPC de WebProcess, lo que permite a atacantes remotos evadir un mecanismo de protección sandbox y leer archivos arbitrarios mediante el aprovechamiento de acceso a WebProcess. • http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2014-0512 – Adobe Reader Sandbox Bypass Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-0512
Adobe Reader 11.0.06 allows attackers to bypass a PDF sandbox protection mechanism via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014. Adobe Reader 11.0.06 permite a atacantes evadir un mecanismo de protección sandbox a través de vectores no especificados, como fue demostrado por VUPEN durante una competición Pwn2Own en CanSecWest 2014. ... An attacker can leverage this to execute code outside the context of the sandbox. • http://helpx.adobe.com/security/products/reader/apsb14-15.html http://twitter.com/thezdi/statuses/443827076580122624 http://www.pwn2own.com/2014/03/pwn2own-results-for-wednesday-day-one • CWE-264: Permissions, Privileges, and Access Controls •