CVSS: 9.6EPSS: 1%CPEs: 5EXPL: 0CVE-2018-6127 – chromium-browser: Use after free in indexedDB
https://notcve.org/view.php?id=CVE-2018-6127
Early free of object in use in IndexDB in Google Chrome prior to 67.0.3396.62 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. • http://www.securityfocus.com/bid/104309 http://www.securitytracker.com/id/1041014 https://access.redhat.com/errata/RHSA-2018:1815 https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html https://crbug.com/842990 https://www.debian.org/security/2018/dsa-4237 https://access.redhat.com/security/cve/CVE-2018-6127 https://bugzilla.redhat.com/show_bug.cgi?id=1584037 • CWE-416: Use After Free •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2018-8112 – Microsoft Edge XML File Sandbox Escape Vulnerability
https://notcve.org/view.php?id=CVE-2018-8112
A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins, aka "Microsoft Edge Security Feature Bypass Vulnerability." This affects Microsoft Edge. Existe una vulnerabilidad de omisión de la característica de seguridad cuando Microsoft Edge gestiona de manera incorrecta las peticiones de diferentes orígenes. Esto también se conoce como "Microsoft Edge Security Feature Bypass Vulnerability". Esto afecta a Microsoft Edge. • http://www.securityfocus.com/bid/103963 http://www.securitytracker.com/id/1040844 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8112 • CWE-346: Origin Validation Error •
CVSS: 8.3EPSS: 0%CPEs: 25EXPL: 0CVE-2018-2814 – OpenJDK: incorrect handling of Reference clones can lead to sandbox bypass (Hotspot, 8192025)
https://notcve.org/view.php?id=CVE-2018-2814
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. • http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html http://www.securityfocus.com/bid/103798 http://www.securitytracker.com/id/1040697 https://access.redhat.com/errata/RHSA-2018:1188 https://access.redhat.com/errata/RHSA-2018:1191 https://access.redhat.com/errata/RHSA-2018:1201 https://access.redhat.com/errata/RHSA-2018:1202 https://access.redhat.com/errata/RHSA-2018:1203 https://access.redhat.com/errata/RHSA-2018:1204 https://access.redhat.com/errata/ •
CVSS: 8.3EPSS: 0%CPEs: 25EXPL: 0CVE-2018-2826 – Oracle Java MethodHandles tryFinally Type Confusion Sandbox Escape Vulnerability
https://notcve.org/view.php?id=CVE-2018-2826
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). The supported version that is affected is Java SE: 10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. • http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html http://www.securityfocus.com/bid/103796 http://www.securitytracker.com/id/1040697 https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0 https://security.netapp.com/advisory/ntap-20180419-0001 https://usn.ubuntu.com/3747-1 •
CVSS: 8.3EPSS: 0%CPEs: 25EXPL: 0CVE-2018-2825 – Oracle Java MethodHandles setVolatile Type Confusion Sandbox Escape Vulnerability
https://notcve.org/view.php?id=CVE-2018-2825
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). The supported version that is affected is Java SE: 10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. • http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html http://www.securityfocus.com/bid/103782 http://www.securitytracker.com/id/1040697 https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0 https://security.netapp.com/advisory/ntap-20180419-0001 https://usn.ubuntu.com/3747-1 •