Page 87 of 578 results (0.107 seconds)

CVSS: 10.0EPSS: 8%CPEs: 8EXPL: 0

CVE-2015-0469 – ICU: layout engine glyphStorage off-by-one (OpenJDK 2D, 8067699)

https://notcve.org/view.php?id=CVE-2015-0469

A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. • http://advisories.mageia.org/MGASA-2015-0158.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html http:/ • CWE-122: Heap-based Buffer Overflow •

CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2015-1115

https://notcve.org/view.php?id=CVE-2015-1115

The Telephony component in Apple iOS before 8.3 allows attackers to bypass a sandbox protection mechanism and access unintended telephone capabilities via a crafted app. El componente Telephony en Apple iOS anterior a 8.3 permite a atacantes evadir un mecanismo de protección de sandbox y acceder a capacidades de teléfono a través de una aplicación manipulada. • http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html http://www.securityfocus.com/bid/73978 http://www.securitytracker.com/id/1032050 https://support.apple.com/HT204661 • CWE-284: Improper Access Control •

CVSS: 2.6EPSS: 0%CPEs: 237EXPL: 0

CVE-2015-0820

https://notcve.org/view.php?id=CVE-2015-0820

Mozilla Firefox before 36.0 does not properly restrict transitions of JavaScript objects from a non-extensible state to an extensible state, which allows remote attackers to bypass a Caja Compiler sandbox protection mechanism or a Secure EcmaScript sandbox protection mechanism via a crafted web site. Mozilla Firefox anterior a 36.0 no restringe correctamente las transiciones de objetos JavaScript de un estado no existente a un estado extensible, lo que permite a atacantes remotos evadir el mecanismo de protección del sandbox de Caja Compiler o un mecanismo de protección de sandbox de Secure EcmaScript a través de un sitio web manipulado. • http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html http://lists.opensuse.org/opensuse-updates/2015-03/msg00067.html http://www.mozilla.org/security/announce/2015/mfsa2015-27.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securityfocus.com/bid/72757 http://www.ubuntu.com/usn/USN-2505-1 https://bugzilla.mozilla.org/show_bug.cgi?id=1125389 https://security.gentoo.org/glsa/201504-01 • CWE-284: Improper Access Control •

CVSS: 7.5EPSS: 97%CPEs: 5EXPL: 6

CVE-2015-1427 – Elasticsearch Groovy Scripting Engine Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2015-1427

The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script. El motor de secuencias de comandos Groovy en Elasticsearch anterior a 1.3.8 y 1.4.x anterior a 1.4.3 permite a atacantes remotos evadir el mecanismo de protección de sandbox y ejecutar comandos de shell arbitrarios a través de una secuencia de comandos manipulada. ... The vulnerability allows an attacker to construct Groovy scripts that escape the sandbox and execute shell commands as the user running the Elasticsearch Java VM. The Groovy scripting engine in Elasticsearch allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands. • https://www.exploit-db.com/exploits/36415 https://www.exploit-db.com/exploits/36337 https://github.com/t0kx/exploit-CVE-2015-1427 https://github.com/xpgdgit/CVE-2015-1427 https://github.com/cyberharsh/Groovy-scripting-engine-CVE-2015-1427 http://packetstormsecurity.com/files/130368/Elasticsearch-1.3.7-1.4.2-Sandbox-Escape-Command-Execution.html http://packetstormsecurity.com/files/130784/ElasticSearch-Unauthenticated-Remote-Code-Execution.html http://www.elasticsearch.com/blog/elasticsear • CWE-284: Improper Access Control •

CVSS: 10.0EPSS: 3%CPEs: 5EXPL: 0

CVE-2014-8891 – JDK: unspecified full Java sandbox bypass fixed in Feb 2015 update

https://notcve.org/view.php?id=CVE-2014-8891

Unspecified vulnerability in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 5.0 before SR16-FP9, 6 before SR16-FP3, 6R1 before SR8-FP3, 7 before SR8-FP10, and 7R1 before SR2-FP10 allows remote attackers to escape the Java sandbox and execute arbitrary code via unspecified vectors related to the security manager. Vulnerabilidad no especificada en Java Virtual Machine (JVM) en IBM SDK, Java Technology Edition 5.0 anterior a SR16-FP9, 6 anterior a SR16-FP3, 6R1 anterior a SR8-FP3, 7 anterior a SR8-FP10, y 7R1 anterior a SR2-FP10 permite a atacantes remotos escapar del sandbox de Java y ejecutar código arbitrario a través de vectores no especificados relacionados con el gestor de seguridad. • http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00033.html http://lists.opensuse.org/opensuse-security-announce/2015-02 •