CVSS: 10.0EPSS: 96%CPEs: 9EXPL: 2CVE-2012-5076 – Oracle Java SE Sandbox Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2012-5076
An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. • https://www.exploit-db.com/exploits/24309 https://www.exploit-db.com/exploits/22657 http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html http://rhn.redhat.com/errata/RHSA-2012-1386.html http://rhn.redhat.com/errata/RHSA-2012-1391.html http://rhn.redhat.com/errata/RHSA-2012-1467.html http://secunia.com/advisories/51029 http://secunia.com/advisories/51326 http://secunia.com/advisories/51390 http://security.gentoo.org/glsa/glsa-201406-32.xml http:& •
CVSS: 10.0EPSS: 1%CPEs: 82EXPL: 0CVE-2012-5086 – OpenJDK: XMLDecoder sandbox restriction bypass (Beans, 7195917)
https://notcve.org/view.php?id=CVE-2012-5086
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans. Una vulnerabilidad no especificada en el componente Java Runtime Environment (JRE) en Oracle Java SE 7 Update 7 y anteriores, y v6 Update 35 y anteriores, permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con los Beans. • http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00023.html http://marc.info/?l=bugtraq&m=135542848327757&w=2 http://marc.info/?l=bugtraq&m=135758563611658&w=2 http://rhn.redhat.com/errata/RHSA-2012-1385.html http://rhn.redhat.com/errata/RHSA-2012-1386.html http://rhn.redhat.com/errata/RHSA-2012-1391.html http://rhn.redhat.com/errata/RHSA-2012-1392.html http://rhn.redhat.com&#x •
CVSS: 9.6EPSS: 1%CPEs: 1EXPL: 0CVE-2012-5376
https://notcve.org/view.php?id=CVE-2012-5376
The Inter-process Communication (IPC) implementation in Google Chrome before 22.0.1229.94 allows remote attackers to bypass intended sandbox restrictions and write to arbitrary files by leveraging access to a renderer process, a different vulnerability than CVE-2012-5112. La implementación de Inter-process Communication (IPC) en Google Chrome anteriores a v22.0.1229.94 permite a atacantes remotos evitar las restricciones del entorno de ejecución seguro "sandbox" establecidos y escribir en ficheros aprovechando el acceso a procesos de renderizado, es una vulnerabilidad distinta a CVE-2012-5112. • http://blog.chromium.org/2012/10/pwnium-2-results-and-wrap-up_10.html http://code.google.com/p/chromium/issues/detail?id=154983 http://code.google.com/p/chromium/issues/detail?id=154987 http://googlechromereleases.blogspot.com/2012/10/stable-channel-update_6105.html http://osvdb.org/86156 http://secunia.com/advisories/50954 https://exchange.xforce.ibmcloud.com/vulnerabilities/79186 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15156 • CWE-269: Improper Privilege Management •
CVSS: 7.1EPSS: 0%CPEs: 102EXPL: 0CVE-2012-3697
https://notcve.org/view.php?id=CVE-2012-3697
WebKit in Apple Safari before 6.0 does not properly handle file: URLs, which allows remote attackers to bypass intended sandbox restrictions and read arbitrary files by leveraging a WebProcess compromise. • http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html http://support.apple.com/kb/HT5400 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2011-3084
https://notcve.org/view.php?id=CVE-2011-3084
Google Chrome before 19.0.1084.46 does not use a dedicated process for the loading of links found on an internal page, which might allow attackers to bypass intended sandbox restrictions via a crafted page. Google Chrome anterior a v19.0.1084.46 no utiliza un proceso exclusivo para la carga de los enlaces que se encuentran en una página interna, permitiendo así que un atacante eluda las restricciones de la sandbox a través de una página diseñada. • http://code.google.com/p/chromium/issues/detail?id=113496 http://googlechromereleases.blogspot.com/2012/05/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00009.html http://security.gentoo.org/glsa/glsa-201205-03.xml http://www.securityfocus.com/bid/53540 http://www.securitytracker.com/id?1027067 https://exchange.xforce.ibmcloud.com/vulnerabilities/75589 https://oval.cisecurity. • CWE-264: Permissions, Privileges, and Access Controls •