Page 54 of 369 results (0.087 seconds)

CVSS: 8.3EPSS: 0%CPEs: 13EXPL: 0

An elevation of privilege vulnerability exists in Microsoft browsers allowing sandbox escape, aka "Microsoft Browser Elevation of Privilege Vulnerability." • http://www.securityfocus.com/bid/105022 http://www.securitytracker.com/id/1041457 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8357 •

CVSS: 9.6EPSS: 1%CPEs: 5EXPL: 0

The implementation of the Page.downloadBehavior backend unconditionally marked downloaded files as safe, regardless of file type in Google Chrome prior to 66.0.3359.117 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted HTML page and user interaction. • http://www.securityfocus.com/bid/104887 https://access.redhat.com/errata/RHSA-2018:2282 https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html https://crbug.com/805445 https://security.gentoo.org/glsa/201808-01 https://www.debian.org/security/2018/dsa-4256 https://access.redhat.com/security/cve/CVE-2018-6152 https://bugzilla.redhat.com/show_bug.cgi?id=1608208 • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0

The CUPS AppArmor profile incorrectly confined the dnssd backend due to use of hard links. A local attacker could possibly use this issue to escape confinement. This flaw affects versions prior to 2.2.7-1ubuntu2.1 in Ubuntu 18.04 LTS, prior to 2.2.4-7ubuntu3.1 in Ubuntu 17.10, prior to 2.1.3-4ubuntu0.5 in Ubuntu 16.04 LTS, and prior to 1.7.2-0ubuntu1.10 in Ubuntu 14.04 LTS. El perfil CUPS AppArmor confinó incorrectamente la puerta trasera dnssd debido al uso de enlaces físicos. Un atacante local podría emplear este problema para escapar del confinamiento. • https://lists.debian.org/debian-lts-announce/2018/07/msg00014.html https://security.gentoo.org/glsa/201908-08 https://usn.ubuntu.com/usn/usn-3713-1 https://www.debian.org/security/2018/dsa-4243 •

CVSS: 4.7EPSS: 0%CPEs: 11EXPL: 0

An elevation of privilege vulnerability exists when Windows fails a check, allowing a sandbox escape, aka "Windows Elevation of Privilege Vulnerability." • http://www.securityfocus.com/bid/104652 http://www.securitytracker.com/id/1041263 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8314 •

CVSS: 9.6EPSS: 1%CPEs: 5EXPL: 0

Early free of object in use in IndexDB in Google Chrome prior to 67.0.3396.62 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. • http://www.securityfocus.com/bid/104309 http://www.securitytracker.com/id/1041014 https://access.redhat.com/errata/RHSA-2018:1815 https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html https://crbug.com/842990 https://www.debian.org/security/2018/dsa-4237 https://access.redhat.com/security/cve/CVE-2018-6127 https://bugzilla.redhat.com/show_bug.cgi?id=1584037 • CWE-416: Use After Free •