CVSS: 6.5EPSS: 0%CPEs: 21EXPL: 0CVE-2018-12365 – Mozilla: Compromised IPC child process can list local filenames
https://notcve.org/view.php?id=CVE-2018-12365
A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. ... Un proceso hijo IPC comprometido puede escapar el sandbox de contenido y listar los nombres de archivos arbitrarios en el sistema de archivos sin consentimiento o interacción del usuario. • http://www.securityfocus.com/bid/104560 http://www.securitytracker.com/id/1041193 https://access.redhat.com/errata/RHSA-2018:2112 https://access.redhat.com/errata/RHSA-2018:2113 https://access.redhat.com/errata/RHSA-2018:2251 https://access.redhat.com/errata/RHSA-2018:2252 https://bugzilla.mozilla.org/show_bug.cgi?id=1459206 https://lists.debian.org/debian-lts-announce/2018/06/msg00014.html https://lists.debian.org/debian-lts-announce/2018/07/msg00013.html https://securi • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-552: Files or Directories Accessible to External Parties •
CVSS: 9.8EPSS: 4%CPEs: 8EXPL: 0CVE-2018-11229 – Crestron Multiple Products CTP Console LAUNCH Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-11229
An attacker can leverage this vulnerability to escape the CTP console's sandbox environment to execute commands with elevated privileges. • http://www.securityfocus.com/bid/105051 https://ics-cert.us-cert.gov/advisories/ICSA-18-221-01 https://support.crestron.com/app/answers/answer_view/a_id/5471/~/the-latest-details-from-crestron-on-security-and-safety-on-the-internet • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.6EPSS: 1%CPEs: 5EXPL: 0CVE-2018-6127 – chromium-browser: Use after free in indexedDB
https://notcve.org/view.php?id=CVE-2018-6127
Early free of object in use in IndexDB in Google Chrome prior to 67.0.3396.62 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. • http://www.securityfocus.com/bid/104309 http://www.securitytracker.com/id/1041014 https://access.redhat.com/errata/RHSA-2018:1815 https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html https://crbug.com/842990 https://www.debian.org/security/2018/dsa-4237 https://access.redhat.com/security/cve/CVE-2018-6127 https://bugzilla.redhat.com/show_bug.cgi?id=1584037 • CWE-416: Use After Free •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2018-8112 – Microsoft Edge XML File Sandbox Escape Vulnerability
https://notcve.org/view.php?id=CVE-2018-8112
This vulnerability allows local attackers to escape the sandbox on vulnerable installations of Microsoft Edge. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists due to the fact that various operations can be triggered from within the Microsoft Edge sandbox. • http://www.securityfocus.com/bid/103963 http://www.securitytracker.com/id/1040844 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8112 • CWE-346: Origin Validation Error •
CVSS: 8.3EPSS: 0%CPEs: 25EXPL: 0CVE-2018-2814 – OpenJDK: incorrect handling of Reference clones can lead to sandbox bypass (Hotspot, 8192025)
https://notcve.org/view.php?id=CVE-2018-2814
., code that comes from the internet) and rely on the Java sandbox for security. ... Nota: Esta vulnerabilidad se aplica a implementaciones Java, normalmente en clientes que ejecutan aplicaciones Java Web Start en sandbox o applets Java en sandbox que cargan y ejecutan código que no es de confianza (por ejemplo, código proveniente de internet) y que confían en la sandbox de aislado Java para protegerse. • http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html http://www.securityfocus.com/bid/103798 http://www.securitytracker.com/id/1040697 https://access.redhat.com/errata/RHSA-2018:1188 https://access.redhat.com/errata/RHSA-2018:1191 https://access.redhat.com/errata/RHSA-2018:1201 https://access.redhat.com/errata/RHSA-2018:1202 https://access.redhat.com/errata/RHSA-2018:1203 https://access.redhat.com/errata/RHSA-2018:1204 https://access.redhat.com/errata/ •