CVSS: 4.6EPSS: 0%CPEs: 7EXPL: 0CVE-2017-12336
https://notcve.org/view.php?id=CVE-2017-12336
A vulnerability in the TCL scripting subsystem of Cisco NX-OS System Software could allow an authenticated, local attacker to escape the interactive TCL shell and gain unauthorized access to the underlying operating system of the device. ... An attacker could exploit this vulnerability to escape the scripting sandbox and execute arbitrary commands on the underlying operating system with the privileges of the authenticated user. ... Una vulnerabilidad en el subsistema de scripting TCL de Cisco NX-OS System Software podría permitir que un atacante local autenticado escape el shell TCL interactivo y obtenga acceso no autorizado al sistema operativo subyacente del dispositivo. ... Un atacante podría explotar esta vulnerabilidad para escapar la sandbox de scripting y ejecutar comandos arbitrarios en el sistema operativo en el que se ejecuta con los privilegios del usuario autenticado. • http://www.securityfocus.com/bid/102168 http://www.securitytracker.com/id/1039936 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos5 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2016-10702
https://notcve.org/view.php?id=CVE-2016-10702
Pebble Smartwatch devices through 4.3 mishandle UUID storage, which allows attackers to read an arbitrary application's flash storage, and access an arbitrary application's JavaScript instance, by modifying a UUID value within the header of a crafted application binary. Los dispositivos Pebble Smartwatch hasta la versión 4.3 gestionan el almacenamiento UUID de manera incorrecta. Esto permite que atacantes lean el almacenamiento flash de una aplicación arbitraria y accedan a la instancia JavaScript de una aplicación arbitraria modificando un valor UUID en la cabecera de un binario de aplicación manipulado. • https://blog.fletchto99.com/2016/november/pebble-app-sandbox-escape • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.2EPSS: 0%CPEs: 55EXPL: 0CVE-2017-12301
https://notcve.org/view.php?id=CVE-2017-12301
A vulnerability in the Python scripting subsystem of Cisco NX-OS Software could allow an authenticated, local attacker to escape the Python parser and gain unauthorized access to the underlying operating system of the device. The vulnerability exists due to insufficient sanitization of user-supplied parameters that are passed to certain Python functions within the scripting sandbox of the affected device. An attacker could exploit this vulnerability to escape the scripting sandbox and execute arbitrary commands on the underlying operating system with the privileges of the authenticated user. ... Una vulnerabilidad en el subsistema de scripting en Python del software Cisco NX-OS podría permitir que un atacante local sin autenticar escape el analizador Python y obtenga acceso no autorizado al sistema operativo del dispositivo. La vulnerabilidad existe debido a la sanitización insuficiente de parámetros proporcionados por el usuario que se pasan a ciertas funciones Python en la sandbox de scripting del dispositivo afectado. • http://www.securitytracker.com/id/1039622 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-ppe • CWE-20: Improper Input Validation •
CVSS: 7.4EPSS: 0%CPEs: 16EXPL: 1CVE-2017-3085 – Adobe Flash URL Redirect Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2017-3085
The issue lies in the failure to properly apply sandbox rules when following a URL redirect. • http://www.securityfocus.com/bid/100191 http://www.securitytracker.com/id/1039088 http://www.zerodayinitiative.com/advisories/ZDI-17-634 https://access.redhat.com/errata/RHSA-2017:2457 https://blog.bjornweb.nl/2017/08/flash-remote-sandbox-escape-windows-user-credentials-leak https://helpx.adobe.com/security/products/flash-player/apsb17-23.html https://security.gentoo.org/glsa/201709-16 https://access.redhat.com/security/cve/CVE-2017-3085 https://bugzilla.redhat.com/show_bug& • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2017-8503 – Microsoft Edge XAML File Improper Access Control Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2017-8503
Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to escape from the AppContainer sandbox, aka "Microsoft Edge Elevation of Privilege Vulnerability". ... Microsoft Edge en Microsoft Windows 10 1511, 1607, 1703, y Windows Server 2016 permite que un atacante escape de la sandbox AppContainer. • http://www.securityfocus.com/bid/99395 http://www.securitytracker.com/id/1039101 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8503 •