CVE-2018-8112 – Microsoft Edge XML File Sandbox Escape Vulnerability
https://notcve.org/view.php?id=CVE-2018-8112
This vulnerability allows local attackers to escape the sandbox on vulnerable installations of Microsoft Edge. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists due to the fact that various operations can be triggered from within the Microsoft Edge sandbox. • http://www.securityfocus.com/bid/103963 http://www.securitytracker.com/id/1040844 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8112 • CWE-346: Origin Validation Error •
CVE-2018-2814 – OpenJDK: incorrect handling of Reference clones can lead to sandbox bypass (Hotspot, 8192025)
https://notcve.org/view.php?id=CVE-2018-2814
., code that comes from the internet) and rely on the Java sandbox for security. ... Nota: Esta vulnerabilidad se aplica a implementaciones Java, normalmente en clientes que ejecutan aplicaciones Java Web Start en sandbox o applets Java en sandbox que cargan y ejecutan código que no es de confianza (por ejemplo, código proveniente de internet) y que confían en la sandbox de aislado Java para protegerse. • http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html http://www.securityfocus.com/bid/103798 http://www.securitytracker.com/id/1040697 https://access.redhat.com/errata/RHSA-2018:1188 https://access.redhat.com/errata/RHSA-2018:1191 https://access.redhat.com/errata/RHSA-2018:1201 https://access.redhat.com/errata/RHSA-2018:1202 https://access.redhat.com/errata/RHSA-2018:1203 https://access.redhat.com/errata/RHSA-2018:1204 https://access.redhat.com/errata/ •
CVE-2018-2825 – Oracle Java MethodHandles setVolatile Type Confusion Sandbox Escape Vulnerability
https://notcve.org/view.php?id=CVE-2018-2825
., code that comes from the internet) and rely on the Java sandbox for security. ... Nota: Esta vulnerabilidad se aplica a implementaciones Java, normalmente en clientes que ejecutan aplicaciones Java Web Start en sandbox o applets Java en sandbox que cargan y ejecutan código que no es de confianza (por ejemplo, código proveniente de internet) y que confían en la sandbox de aislado Java para protegerse. • http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html http://www.securityfocus.com/bid/103782 http://www.securitytracker.com/id/1040697 https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0 https://security.netapp.com/advisory/ntap-20180419-0001 https://usn.ubuntu.com/3747-1 •
CVE-2018-2826 – Oracle Java MethodHandles tryFinally Type Confusion Sandbox Escape Vulnerability
https://notcve.org/view.php?id=CVE-2018-2826
., code that comes from the internet) and rely on the Java sandbox for security. ... Nota: Esta vulnerabilidad se aplica a implementaciones Java, normalmente en clientes que ejecutan aplicaciones Java Web Start en sandbox o applets Java en sandbox que cargan y ejecutan código que no es de confianza (por ejemplo, código proveniente de internet) y que confían en la sandbox de aislado Java para protegerse. • http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html http://www.securityfocus.com/bid/103796 http://www.securitytracker.com/id/1040697 https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0 https://security.netapp.com/advisory/ntap-20180419-0001 https://usn.ubuntu.com/3747-1 •
CVE-2018-5129 – Mozilla: Out-of-bounds write with malformed IPC messages (MFSA 2018-07)
https://notcve.org/view.php?id=CVE-2018-5129
This can potentially allow for sandbox escape through memory corruption in the parent process. ... Esto puede permitir un escape de sandbox mediante la corrupción de memoria en el proceso padre. • http://www.securityfocus.com/bid/103388 http://www.securitytracker.com/id/1040514 https://access.redhat.com/errata/RHSA-2018:0526 https://access.redhat.com/errata/RHSA-2018:0527 https://access.redhat.com/errata/RHSA-2018:0647 https://access.redhat.com/errata/RHSA-2018:0648 https://bugzilla.mozilla.org/show_bug.cgi?id=1428947 https://lists.debian.org/debian-lts-announce/2018/03/msg00010.html https://lists.debian.org/debian-lts-announce/2018/03/msg00029.html https://securi • CWE-787: Out-of-bounds Write •