Page 61 of 369 results (0.017 seconds)

CVSS: 8.8EPSS: 0%CPEs: 11EXPL: 0

CVE-2016-7545 – policycoreutils: SELinux sandbox escape via TIOCSTI ioctl

https://notcve.org/view.php?id=CVE-2016-7545

SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call. SELinux policycoreutils permite a usuarios locales ejecutar comandos arbitrarios fuera de la sandbox a través de una llamada ioctl TIOCSTI manipulada. It was found that the sandbox tool provided in policycoreutils was vulnerable to a TIOCSTI ioctl attack. A specially crafted program executed via the sandbox command could use this flaw to execute arbitrary commands in the context of the parent shell, escaping the sandbox. • http://rhn.redhat.com/errata/RHSA-2016-2702.html http://rhn.redhat.com/errata/RHSA-2017-0535.html http://rhn.redhat.com/errata/RHSA-2017-0536.html http://www.openwall.com/lists/oss-security/2016/09/25/1 http://www.securityfocus.com/bid/93156 http://www.securitytracker.com/id/1037283 https://github.com/SELinuxProject/selinux/commit/acca96a135a4d2a028ba9b636886af99c0915379 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UPRNK3PWMAVNJZ53YW5GOEOGJSFNAQIF https:& • CWE-284: Improper Access Control •

CVSS: 8.8EPSS: 0%CPEs: 17EXPL: 1

CVE-2016-4271 – flash-plugin: multiple code execution issues fixed in APSB16-29

https://notcve.org/view.php?id=CVE-2016-4271

Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-4277 and CVE-2016-4278, aka a "local-with-filesystem Flash sandbox bypass" issue. Adobe Flash Player en versiones anteriores a 18.0.0.375 y 19.x hasta la versión 23.x en versiones anteriores a 23.0.0.162 en Windows y SO X y en versiones anteriores a 11.2.202.635 en Linux permite a atacantes eludir restricciones destinadas al acceso y obtener información sensible a través de vectores no especificados, una vulnerabilidad diferente a CVE-2016-4277 y CVE-2016-4278, vulnerabilidad también conocida como un problema "local-with-filesystem Flash sandbox bypass". • http://lab.truel.it/flash-sandbox-bypass http://rhn.redhat.com/errata/RHSA-2016-1865.html http://www.securitytracker.com/id/1036791 https://blog.bjornweb.nl/2017/02/flash-bypassing-local-sandbox-data-exfiltration-credentials-leak https://helpx.adobe.com/security/products/flash-player/apsb16-29.html https://security.gentoo.org/glsa/201610-10 https://access.redhat.com/security/cve/CVE-2016-4271 https://bugzilla.redhat.com/show_bug.cgi? •

CVSS: 6.9EPSS: 1%CPEs: 2EXPL: 0

CVE-2016-3292 – Microsoft Internet Explorer Add-on Installer Enhanced Protected Mode Sandbox Escape Vulnerability

https://notcve.org/view.php?id=CVE-2016-3292

Microsoft Internet Explorer 10 and 11 mishandles integrity settings and zone settings, which allows remote attackers to bypass a sandbox protection mechanism via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability." Microsoft Internet Explorer 10 y 11 no maneja adecuadamente ajustes de integridad y de zona, lo que permite a atacantes remotos eludir un mecanismo de protección sandbox a través de un sitio web manipulado, vulnerabilidad también conocida como "Internet Explorer Elevation of Privilege Vulnerability". This vulnerability allows attackers to escape from the Enhanced Protected Mode sandbox on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the usage of the Internet Explorer Add-on Installer component. An attacker who has gained code execution within the Internet Explorer Enhanced Protected Mode sandbox can leverage this component to place a malicious HTML file in a predictable location at medium integrity. • http://www.securityfocus.com/bid/92808 http://www.securitytracker.com/id/1036788 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-104 • CWE-20: Improper Input Validation •

CVSS: 6.8EPSS: 2%CPEs: 8EXPL: 0

CVE-2016-2837 – Mozilla Firefox ClearKeyDecryptor Heap Buffer Overflow Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2016-2837

Heap-based buffer overflow in the ClearKey Content Decryption Module (CDM) in the Encrypted Media Extensions (EME) API in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 might allow remote attackers to execute arbitrary code by providing a malformed video and leveraging a Gecko Media Plugin (GMP) sandbox bypass. Desbordamiento de búfer basado en memoria dinámica en el ClearKey Content Decryption Module (CDM) en el Encrypted Media Extensions (EME) API en Mozilla Firefox en versiones anteriores a 48.0 y Firefox ESR 45.x en versiones anteriores a 45.3 podría permitir a atacantes remotos ejecutar código arbitrario proporcionando un vídeo malformado y aprovechando un Gecko Media Plugin (GMP) sandbox bypass. • http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00029.html http://rhn.redhat.com/errata/RHSA-2016-1551.html http://www.debian.org/security/2016/dsa-3640 http://www.mozilla.org/security/announce/2016/mfsa2016-77.html http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html http://www.securityfocus.com/bid/92258 http://www.securitytracker.com/id/1036508 http://www.ubuntu.c • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0

CVE-2016-1706 – chromium-browser: sandbox escape in ppapi

https://notcve.org/view.php?id=CVE-2016-1706

The PPAPI implementation in Google Chrome before 52.0.2743.82 does not validate the origin of IPC messages to the plugin broker process that should have come from the browser process, which allows remote attackers to bypass a sandbox protection mechanism via an unexpected message type, related to broker_process_dispatcher.cc, ppapi_plugin_process_host.cc, ppapi_thread.cc, and render_frame_message_filter.cc. La implementación PPAPI en Google Chrome en versiones anteriores a 52.0.2743.82 no valida el origen de los mensajes IPC para el plugin del proceso broker que debería haber llegado desde el proceso navegador, lo que permite a atacantes remotos eludir un mecanismo de protección sandbox a través de un tipo de mensaje inesperado, relacionado con broker_process_dispatcher.cc, ppapi_plugin_process_host.cc, ppapi_thread.cc y render_frame_message_filter.cc. • http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00028.html http://rhn.redhat.com/errata/RHSA-2016-1485.html http://www.debian.org/security/2016/dsa-3637 http://www.securitytracker.com • CWE-20: Improper Input Validation •