CVSS: 6.5EPSS: 0%CPEs: 68EXPL: 0CVE-2017-1000483
https://notcve.org/view.php?id=CVE-2017-1000483
Accessing private content via str.format in through-the-web templates and scripts in Plone 2.5-5.1rc1. This improves an earlier hotfix. Since the format method was introduced in Python 2.6, this part of the hotfix is only relevant for Plone 4 and 5. Acceso a contenido privado mediante str.format plantillas y scripts a través de la web en Plone 2.5-5.1rc1. Esto mejora un hotfix anterior. • https://plone.org/security/hotfix/20171128/sandbox-escape •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2016-10702
https://notcve.org/view.php?id=CVE-2016-10702
Pebble Smartwatch devices through 4.3 mishandle UUID storage, which allows attackers to read an arbitrary application's flash storage, and access an arbitrary application's JavaScript instance, by modifying a UUID value within the header of a crafted application binary. Los dispositivos Pebble Smartwatch hasta la versión 4.3 gestionan el almacenamiento UUID de manera incorrecta. Esto permite que atacantes lean el almacenamiento flash de una aplicación arbitraria y accedan a la instancia JavaScript de una aplicación arbitraria modificando un valor UUID en la cabecera de un binario de aplicación manipulado. • https://blog.fletchto99.com/2016/november/pebble-app-sandbox-escape • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.4EPSS: 0%CPEs: 16EXPL: 1CVE-2017-3085 – Adobe Flash URL Redirect Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2017-3085
Adobe Flash Player versions 26.0.0.137 and earlier have a security bypass vulnerability that leads to information disclosure when performing URL redirect. ... The issue lies in the failure to properly apply sandbox rules when following a URL redirect. • http://www.securityfocus.com/bid/100191 http://www.securitytracker.com/id/1039088 http://www.zerodayinitiative.com/advisories/ZDI-17-634 https://access.redhat.com/errata/RHSA-2017:2457 https://blog.bjornweb.nl/2017/08/flash-remote-sandbox-escape-windows-user-credentials-leak https://helpx.adobe.com/security/products/flash-player/apsb17-23.html https://security.gentoo.org/glsa/201709-16 https://access.redhat.com/security/cve/CVE-2017-3085 https://bugzilla.redhat.com/show&# • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 8.8EPSS: 1%CPEs: 3EXPL: 0CVE-2017-5092 – chromium-browser: use after free in ppapi
https://notcve.org/view.php?id=CVE-2017-5092
Insufficient validation of untrusted input in PPAPI Plugins in Google Chrome prior to 60.0.3112.78 for Windows allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Validación insuficiente de entradas no fiables en PPAPI Plugins en Google Chrome, en versiones anteriores a la 60.0.3112.78 para Windows, permitía que un atacante remoto pudiese realizar un escape de espacio aislado o sandbox mediante una página HTML manipulada. • http://www.debian.org/security/2017/dsa-3926 http://www.securityfocus.com/bid/99950 https://access.redhat.com/errata/RHSA-2017:1833 https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html https://crbug.com/733549 https://security.gentoo.org/glsa/201709-15 https://access.redhat.com/security/cve/CVE-2017-5092 https://bugzilla.redhat.com/show_bug.cgi?id=1475194 • CWE-20: Improper Input Validation CWE-416: Use After Free •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2017-11615
https://notcve.org/view.php?id=CVE-2017-11615
A sandbox escape in the Lua interface in Wube Factorio before 0.15.31 allows remote game servers or user-assisted attackers to execute arbitrary C code by including and loading a C library. Un escape del sandbox en Lua Interface en Wube Factorio anterior a la versión 0.15.31, permite a los servidores de juegos remotos o atacantes asistidos por el usuario ejecutar código C arbitrario incluyendo y cargando una biblioteca C. • https://security.gerhardt.link/RCE-in-Factorio •