CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-18603
https://notcve.org/view.php?id=CVE-2018-18603
23 Oct 2018 — 360 Total Security 3.5.0.1033 allows a Sandbox Escape via an "import os" statement, followed by os.system("CMD") or os.system("PowerShell"), within a .py file. • https://github.com/sandboxescape/360-3.5.0.1033-Sandbox-Escape-Exploit •
CVSS: 7.4EPSS: 16%CPEs: 2EXPL: 2CVE-2018-8463 – Microsoft Edge - Sandbox Escape
https://notcve.org/view.php?id=CVE-2018-8463
13 Sep 2018 — Microsoft Edge suffers from a sandbox escape vulnerability. • https://packetstorm.news/files/id/149576 •
CVSS: 4.7EPSS: 5%CPEs: 15EXPL: 2CVE-2018-8468 – Microsoft Edge - Sandbox Escape
https://notcve.org/view.php?id=CVE-2018-8468
13 Sep 2018 — An elevation of privilege vulnerability exists when Windows, allowing a sandbox escape, aka "Windows Elevation of Privilege Vulnerability." ... Microsoft Edge suffers from a sandbox escape vulnerability. • https://packetstorm.news/files/id/149576 •
CVSS: 7.4EPSS: 16%CPEs: 7EXPL: 2CVE-2018-8469 – Microsoft Edge - Sandbox Escape
https://notcve.org/view.php?id=CVE-2018-8469
13 Sep 2018 — Microsoft Edge suffers from a sandbox escape vulnerability. • https://packetstorm.news/files/id/149576 •
CVSS: 9.6EPSS: 1%CPEs: 5EXPL: 0CVE-2018-16068 – chromium-browser: Out of bounds write in Mojo
https://notcve.org/view.php?id=CVE-2018-16068
09 Sep 2018 — Missing validation in Mojo in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. • http://www.securityfocus.com/bid/105215 • CWE-20: Improper Input Validation •
CVSS: 8.3EPSS: 7%CPEs: 13EXPL: 0CVE-2018-8357
https://notcve.org/view.php?id=CVE-2018-8357
15 Aug 2018 — An elevation of privilege vulnerability exists in Microsoft browsers allowing sandbox escape, aka "Microsoft Browser Elevation of Privilege Vulnerability." • http://www.securityfocus.com/bid/105022 •
CVSS: 9.6EPSS: 0%CPEs: 5EXPL: 0CVE-2018-6152 – chromium-browser: Local file write in DevTools
https://notcve.org/view.php?id=CVE-2018-6152
27 Jul 2018 — The implementation of the Page.downloadBehavior backend unconditionally marked downloaded files as safe, regardless of file type in Google Chrome prior to 66.0.3359.117 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted HTML page and user interaction. • http://www.securityfocus.com/bid/104887 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2018-6553 – AppArmor cupsd Sandbox Bypass Due to Use of Hard Links
https://notcve.org/view.php?id=CVE-2018-6553
11 Jul 2018 — The CUPS AppArmor profile incorrectly confined the dnssd backend due to use of hard links. A local attacker could possibly use this issue to escape confinement. This flaw affects versions prior to 2.2.7-1ubuntu2.1 in Ubuntu 18.04 LTS, prior to 2.2.4-7ubuntu3.1 in Ubuntu 17.10, prior to 2.1.3-4ubuntu0.5 in Ubuntu 16.04 LTS, and prior to 1.7.2-0ubuntu1.10 in Ubuntu 14.04 LTS. El perfil CUPS AppArmor confinó incorrectamente la puerta trasera dnssd debido al uso de enlaces físicos. Un atacante local podría empl... • https://lists.debian.org/debian-lts-announce/2018/07/msg00014.html •
CVSS: 4.7EPSS: 0%CPEs: 11EXPL: 0CVE-2018-8314
https://notcve.org/view.php?id=CVE-2018-8314
11 Jul 2018 — An elevation of privilege vulnerability exists when Windows fails a check, allowing a sandbox escape, aka "Windows Elevation of Privilege Vulnerability." • http://www.securityfocus.com/bid/104652 •
CVSS: 9.6EPSS: 1%CPEs: 5EXPL: 0CVE-2018-6127 – chromium-browser: Use after free in indexedDB
https://notcve.org/view.php?id=CVE-2018-6127
07 Jun 2018 — Early free of object in use in IndexDB in Google Chrome prior to 67.0.3396.62 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. • http://www.securityfocus.com/bid/104309 • CWE-416: Use After Free •