CVSS: 4.4EPSS: 1%CPEs: 1EXPL: 0CVE-2018-8112 – Microsoft Edge XML File Sandbox Escape Vulnerability
https://notcve.org/view.php?id=CVE-2018-8112
09 May 2018 — A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins, aka "Microsoft Edge Security Feature Bypass Vulnerability." This affects Microsoft Edge. Existe una vulnerabilidad de omisión de la característica de seguridad cuando Microsoft Edge gestiona de manera incorrecta las peticiones de diferentes orígenes. Esto también se conoce como "Microsoft Edge Security Feature Bypass Vulnerability". Esto afecta a Microsoft Edge. • http://www.securityfocus.com/bid/103963 • CWE-346: Origin Validation Error •
CVSS: 8.3EPSS: 0%CPEs: 25EXPL: 0CVE-2018-2814 – OpenJDK: incorrect handling of Reference clones can lead to sandbox bypass (Hotspot, 8192025)
https://notcve.org/view.php?id=CVE-2018-2814
19 Apr 2018 — Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may si... • http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html •
CVSS: 8.3EPSS: 0%CPEs: 25EXPL: 0CVE-2018-2825 – Oracle Java MethodHandles setVolatile Type Confusion Sandbox Escape Vulnerability
https://notcve.org/view.php?id=CVE-2018-2825
18 Apr 2018 — Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). The supported version that is affected is Java SE: 10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeo... • http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html •
CVSS: 8.3EPSS: 3%CPEs: 25EXPL: 0CVE-2018-2826 – Oracle Java MethodHandles tryFinally Type Confusion Sandbox Escape Vulnerability
https://notcve.org/view.php?id=CVE-2018-2826
18 Apr 2018 — Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). The supported version that is affected is Java SE: 10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeo... • http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html •
CVSS: 8.8EPSS: 1%CPEs: 15EXPL: 0CVE-2018-5125 – Mozilla: Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7 (MFSA 2018-07)
https://notcve.org/view.php?id=CVE-2018-5125
14 Mar 2018 — If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash or opening new tabs, escape the sandbox, bypass same-origin restrictions, obtain sensitive information, confuse the user with misleading permission requests, or execute arbitrary code. • http://www.securityfocus.com/bid/103388 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 4%CPEs: 4EXPL: 0CVE-2018-5126 – Ubuntu Security Notice USN-3596-2
https://notcve.org/view.php?id=CVE-2018-5126
14 Mar 2018 — If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash or opening new tabs, escape the sandbox, bypass same-origin restrictions, obtain sensitive information, confuse the user with misleading permission requests, or execute arbitrary code. • http://www.securityfocus.com/bid/103386 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 19%CPEs: 18EXPL: 0CVE-2018-5127 – Mozilla: Buffer overflow manipulating SVG animatedPathSegList (MFSA 2018-07)
https://notcve.org/view.php?id=CVE-2018-5127
14 Mar 2018 — If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash or opening new tabs, escape the sandbox, bypass same-origin restrictions, obtain sensitive information, confuse the user with misleading permission requests, or execute arbitrary code. • http://www.securityfocus.com/bid/103388 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 3%CPEs: 4EXPL: 0CVE-2018-5128 – Ubuntu Security Notice USN-3596-2
https://notcve.org/view.php?id=CVE-2018-5128
14 Mar 2018 — If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash or opening new tabs, escape the sandbox, bypass same-origin restrictions, obtain sensitive information, confuse the user with misleading permission requests, or execute arbitrary code. • http://www.securityfocus.com/bid/103386 • CWE-416: Use After Free •
CVSS: 8.6EPSS: 2%CPEs: 18EXPL: 0CVE-2018-5129 – Mozilla: Out-of-bounds write with malformed IPC messages (MFSA 2018-07)
https://notcve.org/view.php?id=CVE-2018-5129
14 Mar 2018 — This can potentially allow for sandbox escape through memory corruption in the parent process. ... If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash or opening new tabs, escape the sandbox, bypass same-origin restrictions, obtain sensitive information, confuse the user with misleading permission requests, or execute arbitrary code. • http://www.securityfocus.com/bid/103388 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 1%CPEs: 17EXPL: 0CVE-2018-5130 – Mozilla: Mismatched RTP payload type can trigger memory corruption (MFSA 2018-07)
https://notcve.org/view.php?id=CVE-2018-5130
14 Mar 2018 — If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash or opening new tabs, escape the sandbox, bypass same-origin restrictions, obtain sensitive information, confuse the user with misleading permission requests, or execute arbitrary code. • http://www.securityfocus.com/bid/103388 • CWE-20: Improper Input Validation CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •