CVSS: 10.0EPSS: 1%CPEs: 4EXPL: 0CVE-2014-0432 – Oracle Java permuteArguments Sandbox Bypass Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-0432
Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-0455 and CVE-2014-2402. Vulnerabilidad no especificada en Oracle Java SE 7u51 y 8, y Java SE Embedded 7u51, que permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con las librerías, una vulnerabilidad diferente a CVE-2014-0455 y CVE-2014-2402. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the usage of permuteArguments. With the usage of this method, it is possible to disable the security manager and run code as privileged. • http://marc.info/?l=bugtraq&m=140852886808946&w=2 http://security.gentoo.org/glsa/glsa-201502-12.xml http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html http://www.securityfocus.com/bid/66897 https://access.redhat.com/errata/RHSA-2014:0413 https://access.redhat.com/security/cve/CVE-2014-0432 https://bugzilla.redhat.com/show_bug.cgi?id=1088023 •
CVSS: 5.0EPSS: 0%CPEs: 12EXPL: 0CVE-2014-1297
https://notcve.org/view.php?id=CVE-2014-1297
WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, does not properly validate WebProcess IPC messages, which allows remote attackers to bypass a sandbox protection mechanism and read arbitrary files by leveraging WebProcess access. WebKit, utilizado en Apple Safari anterior a 6.1.3 y 7.x anterior a 7.0.3, no valida debidamente mensajes IPC de WebProcess, lo que permite a atacantes remotos evadir un mecanismo de protección sandbox y leer archivos arbitrarios mediante el aprovechamiento de acceso a WebProcess. • http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 33%CPEs: 2EXPL: 0CVE-2014-0506 – Adobe Flash ExternalInterface Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-0506
Use-after-free vulnerability in Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.182 on Windows and OS X and before 11.2.202.350 on Linux, Adobe AIR before 13.0.0.83 on Android, Adobe AIR SDK before 13.0.0.83, and Adobe AIR SDK & Compiler before 13.0.0.83 allows remote attackers to execute arbitrary code, and possibly bypass an Internet Explorer sandbox protection mechanism, via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014. Una vulnerabilidad de uso de la memoria previamente liberada en Adobe Flash Player anteriores a versión 11.7.700.275 y versiones 11.8.x hasta 13.0.x anteriores a 13.0.0.182 en Windows y OS X y anteriores a versión 11.2.202.350 en Linux, Adobe AIR anteriores a versión 13.0.0.83 en Android, Adobe AIR SDK anteriores a versión 13.0.0.83, y Adobe AIR SDK & Compiler anteriores a versión 13.0.0.83, permite a los atacantes remotos ejecutar código arbitrario, y posiblemente omitir un mecanismo de protección del sandbox de Internet Explorer, por medio de vectores no especificados, como es demostrado por VUPEN durante una competencia de Pwn2Own en CanSecWest 2014. • http://helpx.adobe.com/security/products/flash-player/apsb14-09.html http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00012.html http://lists.opensuse.org/opensuse-updates/2014-04/msg00036.html http://lists.opensuse.org/opensuse-updates/2014-04/msg00050.html http://rhn.redhat.com/errata/RHSA-2014-0380.html http://security.gentoo.org/glsa/glsa-201405-04.xml http://twitter.com/thezdi/statuses/443886338077495296 http://www.pwn2own.com/2014/03/pwn2own-results-for-wednesday-day& • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2014-0512 – Adobe Reader Sandbox Bypass Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-0512
Adobe Reader 11.0.06 allows attackers to bypass a PDF sandbox protection mechanism via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014. Adobe Reader 11.0.06 permite a atacantes evadir un mecanismo de protección sandbox a través de vectores no especificados, como fue demostrado por VUPEN durante una competición Pwn2Own en CanSecWest 2014. ... An attacker can leverage this to execute code outside the context of the sandbox. • http://helpx.adobe.com/security/products/reader/apsb14-15.html http://twitter.com/thezdi/statuses/443827076580122624 http://www.pwn2own.com/2014/03/pwn2own-results-for-wednesday-day-one • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 59%CPEs: 1EXPL: 0CVE-2014-0510 – Adobe Flash Display Object Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-0510
Heap-based buffer overflow in Adobe Flash Player 12.0.0.77 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism via unspecified vectors, as demonstrated by Zeguang Zhao and Liang Chen during a Pwn2Own competition at CanSecWest 2014. Desbordamiento de buffer basado en memoria dinámica en Adobe Flash Player 12.0.0.77 permite a atacantes remotos ejecutar código arbitrario y evadir un mecanismo de protección sandbox a través de vectores no especificados, como fue demostrado por Zeguang Zhao y Liang Chen durante una competición Pwn2Own en CanSecWest 2014. • http://helpx.adobe.com/security/products/flash-player/apsb14-14.html http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00008.html http://rhn.redhat.com/errata/RHSA-2014-0496.html http://security.gentoo.org/glsa/glsa-201406-08.xml http://twitter.com/thezdi/statuses/444262022444621824 http://www.pwn2own.com/2014/03/pwn2own-results-thursday-day-two http://www.securityfocus.com/bid/66241 https://access.redhat.com/security/cve/CVE-2014-0510 https://bugzilla.redhat.com/s • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-416: Use After Free •