CVSS: 7.5EPSS: 2%CPEs: 11EXPL: 1CVE-2017-5455 – Mozilla: Sandbox escape through internal feed reader APIs (MFSA 2017-12)
https://notcve.org/view.php?id=CVE-2017-5455
The internal feed reader APIs that crossed the sandbox barrier allowed for a sandbox escape and escalation of privilege if combined with another vulnerability that resulted in remote code execution inside the sandboxed process. • http://www.securityfocus.com/bid/97940 http://www.securitytracker.com/id/1038320 https://access.redhat.com/errata/RHSA-2017:1106 https://bugzilla.mozilla.org/show_bug.cgi?id=1341191 https://www.mozilla.org/security/advisories/mfsa2017-10 https://www.mozilla.org/security/advisories/mfsa2017-12 https://access.redhat.com/security/cve/CVE-2017-5455 https://bugzilla.redhat.com/show_bug.cgi?id=1443334 •
CVSS: 4.3EPSS: 0%CPEs: 49EXPL: 0CVE-2017-5524
https://notcve.org/view.php?id=CVE-2017-5524
Plone 4.x through 4.3.11 and 5.x through 5.0.6 allow remote attackers to bypass a sandbox protection mechanism and obtain sensitive information by leveraging the Python string format method. Plone 4.x en veriones hasta 4.3.11 y 5.x en versiones hasta 5.0.6 permiten atacantes remotos evitar un mecanismo de protección sandbox y obtener información sensible aprovechando el método de formato de cadenas Python. • http://www.openwall.com/lists/oss-security/2017/01/18/6 http://www.securityfocus.com/bid/95679 https://plone.org/security/hotfix/20170117/sandbox-escape • CWE-134: Use of Externally-Controlled Format String •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-6903
https://notcve.org/view.php?id=CVE-2017-6903
Executable bytecode in a malicious auto-downloaded file can set configuration variables to values that will result in unwanted native code DLLs being loaded, resulting in sandbox escape. • http://www.debian.org/security/2017/dsa-3812 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857699 https://github.com/JACoders/OpenJK/commit/8956a35e7b91c4a0dd1fa6db1d28c7f0efbab2d7 https://github.com/ioquake/ioq3/commit/376267d534476a875d8b9228149c4ee18b74a4fd https://github.com/ioquake/ioq3/commit/b173ac05993f634a42be3d3535e1b158de0c3372 https://github.com/ioquake/ioq3/commit/f61fe5f6a0419ef4a88d46a128052f2e8352e85d https://github.com/iortcw/iortcw/commit/11a83410153756ae350a82ed41b08d128ff7f998 https://github.com/iortcw/iortcw/commit/b248763e4 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4617
https://notcve.org/view.php?id=CVE-2016-4617
The issue involves a sandbox escape related to launchctl process spawning in the "libxpc" component. • http://www.securityfocus.com/bid/96329 https://support.apple.com/HT207170 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-5940
https://notcve.org/view.php?id=CVE-2017-5940
Firejail before 0.9.44.6 and 0.9.38.x LTS before 0.9.38.10 LTS does not comprehensively address dotfile cases during its attempt to prevent accessing user files with an euid of zero, which allows local users to conduct sandbox-escape attacks via vectors involving a symlink and the --private option. • http://www.openwall.com/lists/oss-security/2017/01/31/16 http://www.securityfocus.com/bid/96221 https://firejail.wordpress.com/download-2/release-notes https://github.com/netblue30/firejail/commit/38d418505e9ee2d326557e5639e8da49c298858f https://github.com/netblue30/firejail/commit/903fd8a0789ca3cc3c21d84cd0282481515592ef https://github.com/netblue30/firejail/commit/b8a4ff9775318ca5e679183884a6a63f3da8f863 https://security.gentoo.org/glsa/201702-03 • CWE-269: Improper Privilege Management •