Page 59 of 369 results (0.139 seconds)

CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0

An elevation of privilege vulnerability exists in Microsoft Edge that could allow an attacker to escape from the AppContainer sandbox in the browser, aka "Microsoft Edge Elevation of Privilege Vulnerability." This CVE ID is unique from CVE-2017-0241. Existe una vulnerabilidad de elevación de privilegios en Microsoft Edge que podría permitir a un atacante escapar de la caja de seguridad de AppContainer en el navegador, también conocida como "Vulnerabilidad de elevación de privilegios de borde de Microsoft". Este CVE ID es exclusivo de CVE-2017-0241. This vulnerability allows remote attackers to escape the AppContainer sandbox on vulnerable installations of Microsoft Edge. • http://www.securityfocus.com/bid/98179 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0233 •

CVSS: 7.6EPSS: 15%CPEs: 2EXPL: 0

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0222. Existe una vulnerabilidad de ejecución remota de código cuando Internet Explorer accede incorrectamente a objetos en la memoria, también conocido como "Vulnerabilidad de corrupción de memoria de Internet Explorer". Este CVE ID es exclusivo de CVE-2017-0222. This vulnerability allows remote attackers to escape the Enhanced Protected Mode (EPM) sandbox on vulnerable installations of Microsoft Internet Explorer. • http://www.securityfocus.com/bid/98139 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0226 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 0

A mechanism to bypass file system access protections in the sandbox to use the file picker to access different files than those selected in the file picker through the use of relative paths. This allows for read only access to the local file system. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53. Mecanismo para omitir las protecciones de acceso al sistema de archivos en el sandbox para emplear el picker de archivos para acceder a diferentes archivos que los seleccionados en el picker mediante el uso de rutas relativas. Esto permite acceso de solo lectura en el sistema de archivos local. • http://www.securityfocus.com/bid/97940 http://www.securitytracker.com/id/1038320 https://access.redhat.com/errata/RHSA-2017:1106 https://access.redhat.com/errata/RHSA-2017:1201 https://bugzilla.mozilla.org/show_bug.cgi?id=1349276 https://www.mozilla.org/security/advisories/mfsa2017-10 https://www.mozilla.org/security/advisories/mfsa2017-12 https://www.mozilla.org/security/advisories/mfsa2017-13 https://access.redhat.com/security/cve/CVE-2017-5454 https://bugzilla.redhat.com/sho • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 9.8EPSS: 5%CPEs: 11EXPL: 1

A mechanism to bypass file system access protections in the sandbox using the file system request constructor through an IPC message. This allows for read and write access to the local file system. This vulnerability affects Firefox ESR < 52.1 and Firefox < 53. Mecanismo para omitir las protecciones de acceso al sistema de archivos en el sandbox mediante el constructor de peticiones al sistema de archivos mediante un mensaje IPC. Esto permite acceso de lectura y escritura al sistema de archivos local. • http://www.securityfocus.com/bid/97940 http://www.securitytracker.com/id/1038320 https://access.redhat.com/errata/RHSA-2017:1106 https://bugzilla.mozilla.org/show_bug.cgi?id=1344415 https://www.mozilla.org/security/advisories/mfsa2017-10 https://www.mozilla.org/security/advisories/mfsa2017-12 https://access.redhat.com/security/cve/CVE-2017-5456 https://bugzilla.redhat.com/show_bug.cgi?id=1443297 • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 7.5EPSS: 2%CPEs: 11EXPL: 1

The internal feed reader APIs that crossed the sandbox barrier allowed for a sandbox escape and escalation of privilege if combined with another vulnerability that resulted in remote code execution inside the sandboxed process. • http://www.securityfocus.com/bid/97940 http://www.securitytracker.com/id/1038320 https://access.redhat.com/errata/RHSA-2017:1106 https://bugzilla.mozilla.org/show_bug.cgi?id=1341191 https://www.mozilla.org/security/advisories/mfsa2017-10 https://www.mozilla.org/security/advisories/mfsa2017-12 https://access.redhat.com/security/cve/CVE-2017-5455 https://bugzilla.redhat.com/show_bug.cgi?id=1443334 •