CVSS: 9.8EPSS: 5%CPEs: 11EXPL: 1CVE-2017-5456 – Mozilla: Sandbox escape allowing local file system read access (MFSA 2017-12)
https://notcve.org/view.php?id=CVE-2017-5456
A mechanism to bypass file system access protections in the sandbox using the file system request constructor through an IPC message. ... Mecanismo para omitir las protecciones de acceso al sistema de archivos en el sandbox mediante el constructor de peticiones al sistema de archivos mediante un mensaje IPC. • http://www.securityfocus.com/bid/97940 http://www.securitytracker.com/id/1038320 https://access.redhat.com/errata/RHSA-2017:1106 https://bugzilla.mozilla.org/show_bug.cgi?id=1344415 https://www.mozilla.org/security/advisories/mfsa2017-10 https://www.mozilla.org/security/advisories/mfsa2017-12 https://access.redhat.com/security/cve/CVE-2017-5456 https://bugzilla.redhat.com/show_bug.cgi?id=1443297 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 4.3EPSS: 0%CPEs: 49EXPL: 0CVE-2017-5524
https://notcve.org/view.php?id=CVE-2017-5524
Plone 4.x through 4.3.11 and 5.x through 5.0.6 allow remote attackers to bypass a sandbox protection mechanism and obtain sensitive information by leveraging the Python string format method. Plone 4.x en veriones hasta 4.3.11 y 5.x en versiones hasta 5.0.6 permiten atacantes remotos evitar un mecanismo de protección sandbox y obtener información sensible aprovechando el método de formato de cadenas Python. • http://www.openwall.com/lists/oss-security/2017/01/18/6 http://www.securityfocus.com/bid/95679 https://plone.org/security/hotfix/20170117/sandbox-escape • CWE-134: Use of Externally-Controlled Format String •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-8986
https://notcve.org/view.php?id=CVE-2015-8986
Sandbox detection evasion vulnerability in hardware appliances in McAfee (now Intel Security) Advanced Threat Defense (MATD) 3.4.2.32 and earlier allows attackers to detect the sandbox environment, then bypass proper malware detection resulting in failure to detect a malware file (false-negative) via specially crafted malware. Vulnerabilidad de evasión de detección Sandbox en dispositivos hardware en McAfee (ahora Intel Security) Advanced Threat Defense (MATD) 3.4.2.32 y versiones anteriores permite a atacantes detectar el entorno de la caja de seguridad, y entonces eludir la adecuada detección de malware, lo que resulta en el fallo de detección de un archivo malware (falsos negativos) a través de malware especialmente manipulado. • https://kc.mcafee.com/corporate/index?page=content&id=SB10096 • CWE-254: 7PK - Security Features •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-6903
https://notcve.org/view.php?id=CVE-2017-6903
Executable bytecode in a malicious auto-downloaded file can set configuration variables to values that will result in unwanted native code DLLs being loaded, resulting in sandbox escape. ... Bytecode ejecutable en un archivo autodescargado malicioso puede configurar variables de configuración a valores que resultarán en la carga de DLLs de código nativo no deseadas, resultando en sandbox de escape. • http://www.debian.org/security/2017/dsa-3812 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857699 https://github.com/JACoders/OpenJK/commit/8956a35e7b91c4a0dd1fa6db1d28c7f0efbab2d7 https://github.com/ioquake/ioq3/commit/376267d534476a875d8b9228149c4ee18b74a4fd https://github.com/ioquake/ioq3/commit/b173ac05993f634a42be3d3535e1b158de0c3372 https://github.com/ioquake/ioq3/commit/f61fe5f6a0419ef4a88d46a128052f2e8352e85d https://github.com/iortcw/iortcw/commit/11a83410153756ae350a82ed41b08d128ff7f998 https://github.com/iortcw/iortcw/commit/b248763e4 •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 0CVE-2016-7630 – Apple iOS legacy-diagnostics Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2016-7630
The issue involves the "WebSheet" component, which allows attackers to bypass a sandbox protection mechanism via unspecified vectors. ... The issue lies in the launching of a diagnostic application that is able to render webpages outside of the sandbox. An attacker can leverage this vulnerability to escalate privileges outside the context of the sandbox. • https://support.apple.com/HT207422 • CWE-254: 7PK - Security Features •