CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4617
https://notcve.org/view.php?id=CVE-2016-4617
The issue involves a sandbox escape related to launchctl process spawning in the "libxpc" component. ... El problema involucra una fuga de sandbox relacionada con la generación de procesos launchctl en el componente "libxpc". • http://www.securityfocus.com/bid/96329 https://support.apple.com/HT207170 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-5940
https://notcve.org/view.php?id=CVE-2017-5940
Firejail before 0.9.44.6 and 0.9.38.x LTS before 0.9.38.10 LTS does not comprehensively address dotfile cases during its attempt to prevent accessing user files with an euid of zero, which allows local users to conduct sandbox-escape attacks via vectors involving a symlink and the --private option. • http://www.openwall.com/lists/oss-security/2017/01/31/16 http://www.securityfocus.com/bid/96221 https://firejail.wordpress.com/download-2/release-notes https://github.com/netblue30/firejail/commit/38d418505e9ee2d326557e5639e8da49c298858f https://github.com/netblue30/firejail/commit/903fd8a0789ca3cc3c21d84cd0282481515592ef https://github.com/netblue30/firejail/commit/b8a4ff9775318ca5e679183884a6a63f3da8f863 https://security.gentoo.org/glsa/201702-03 • CWE-269: Improper Privilege Management •
CVSS: 7.5EPSS: 0%CPEs: 19EXPL: 0CVE-2016-3102
https://notcve.org/view.php?id=CVE-2016-3102
The Script Security plugin before 1.18.1 in Jenkins might allow remote attackers to bypass a Groovy sandbox protection mechanism via a plugin that performs (1) direct field access or (2) get/set array operations. El plugin Script Security en versiones anteriores a 1.18.1 en Jenkins podría permitir a atacantes remotos eludir el mecanismo de protección sandbox de Groovy a través del plugin que realiza (1) acceso directo al campo o (2) operaciones de array get/set. • https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-04-11 • CWE-254: 7PK - Security Features •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2017-5180 – Firejail < 0.9.44.4 / < 0.9.38.8 LTS - Local Sandbox Escape
https://notcve.org/view.php?id=CVE-2017-5180
Firejail before 0.9.44.4 and 0.9.38.x LTS before 0.9.38.8 LTS does not consider the .Xauthority case during its attempt to prevent accessing user files with an euid of zero, which allows local users to conduct sandbox-escape attacks via vectors involving a symlink and the --private option. • https://www.exploit-db.com/exploits/43359 http://openwall.com/lists/oss-security/2017/01/04/2 http://www.securityfocus.com/bid/95298 https://firejail.wordpress.com/download-2/release-notes https://security.gentoo.org/glsa/201701-62 • CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 11EXPL: 0CVE-2016-7545 – policycoreutils: SELinux sandbox escape via TIOCSTI ioctl
https://notcve.org/view.php?id=CVE-2016-7545
SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call. SELinux policycoreutils permite a usuarios locales ejecutar comandos arbitrarios fuera de la sandbox a través de una llamada ioctl TIOCSTI manipulada. It was found that the sandbox tool provided in policycoreutils was vulnerable to a TIOCSTI ioctl attack. A specially crafted program executed via the sandbox command could use this flaw to execute arbitrary commands in the context of the parent shell, escaping the sandbox. • http://rhn.redhat.com/errata/RHSA-2016-2702.html http://rhn.redhat.com/errata/RHSA-2017-0535.html http://rhn.redhat.com/errata/RHSA-2017-0536.html http://www.openwall.com/lists/oss-security/2016/09/25/1 http://www.securityfocus.com/bid/93156 http://www.securitytracker.com/id/1037283 https://github.com/SELinuxProject/selinux/commit/acca96a135a4d2a028ba9b636886af99c0915379 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UPRNK3PWMAVNJZ53YW5GOEOGJSFNAQIF https:& • CWE-284: Improper Access Control •