CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2017-5180 – Firejail < 0.9.44.4 / < 0.9.38.8 LTS - Local Sandbox Escape
https://notcve.org/view.php?id=CVE-2017-5180
Firejail before 0.9.44.4 and 0.9.38.x LTS before 0.9.38.8 LTS does not consider the .Xauthority case during its attempt to prevent accessing user files with an euid of zero, which allows local users to conduct sandbox-escape attacks via vectors involving a symlink and the --private option. Firejail en versiones anteriores a 0.9.44.4 y 0.9.38.x LTS en versiones anteriores a 0.9.38.8 LTS no considera el caso .Xauthority durante su intento para impedir el acceso a los archivos de usuario con un euid de cero, lo que permite a usuarios locales llevar a cabo ataques de sybox-escape a través de vectores que implican un enlace simbólico y la opción --private. • https://www.exploit-db.com/exploits/43359 http://openwall.com/lists/oss-security/2017/01/04/2 http://www.securityfocus.com/bid/95298 https://firejail.wordpress.com/download-2/release-notes https://security.gentoo.org/glsa/201701-62 • CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9073
https://notcve.org/view.php?id=CVE-2016-9073
WebExtensions can bypass security checks to load privileged URLs and potentially escape the WebExtension sandbox. ... WebExtensions puede omitir las comprobaciones de seguridad para cargar URL privilegiadas y escapar del sandbox de WebExtension. • http://www.securityfocus.com/bid/94337 http://www.securitytracker.com/id/1037298 https://bugzilla.mozilla.org/show_bug.cgi?id=1289273 https://www.mozilla.org/security/advisories/mfsa2016-89 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 0%CPEs: 11EXPL: 0CVE-2016-7545 – policycoreutils: SELinux sandbox escape via TIOCSTI ioctl
https://notcve.org/view.php?id=CVE-2016-7545
SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call. SELinux policycoreutils permite a usuarios locales ejecutar comandos arbitrarios fuera de la sandbox a través de una llamada ioctl TIOCSTI manipulada. It was found that the sandbox tool provided in policycoreutils was vulnerable to a TIOCSTI ioctl attack. A specially crafted program executed via the sandbox command could use this flaw to execute arbitrary commands in the context of the parent shell, escaping the sandbox. • http://rhn.redhat.com/errata/RHSA-2016-2702.html http://rhn.redhat.com/errata/RHSA-2017-0535.html http://rhn.redhat.com/errata/RHSA-2017-0536.html http://www.openwall.com/lists/oss-security/2016/09/25/1 http://www.securityfocus.com/bid/93156 http://www.securitytracker.com/id/1037283 https://github.com/SELinuxProject/selinux/commit/acca96a135a4d2a028ba9b636886af99c0915379 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UPRNK3PWMAVNJZ53YW5GOEOGJSFNAQIF https:& • CWE-284: Improper Access Control •
CVSS: 8.8EPSS: 0%CPEs: 17EXPL: 1CVE-2016-4271 – flash-plugin: multiple code execution issues fixed in APSB16-29
https://notcve.org/view.php?id=CVE-2016-4271
Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-4277 and CVE-2016-4278, aka a "local-with-filesystem Flash sandbox bypass" issue. Adobe Flash Player en versiones anteriores a 18.0.0.375 y 19.x hasta la versión 23.x en versiones anteriores a 23.0.0.162 en Windows y SO X y en versiones anteriores a 11.2.202.635 en Linux permite a atacantes eludir restricciones destinadas al acceso y obtener información sensible a través de vectores no especificados, una vulnerabilidad diferente a CVE-2016-4277 y CVE-2016-4278, vulnerabilidad también conocida como un problema "local-with-filesystem Flash sandbox bypass". • http://lab.truel.it/flash-sandbox-bypass http://rhn.redhat.com/errata/RHSA-2016-1865.html http://www.securitytracker.com/id/1036791 https://blog.bjornweb.nl/2017/02/flash-bypassing-local-sandbox-data-exfiltration-credentials-leak https://helpx.adobe.com/security/products/flash-player/apsb16-29.html https://security.gentoo.org/glsa/201610-10 https://access.redhat.com/security/cve/CVE-2016-4271 https://bugzilla.redhat.com/show_bug.cgi? •
CVSS: 6.9EPSS: 1%CPEs: 2EXPL: 0CVE-2016-3292 – Microsoft Internet Explorer Add-on Installer Enhanced Protected Mode Sandbox Escape Vulnerability
https://notcve.org/view.php?id=CVE-2016-3292
Microsoft Internet Explorer 10 and 11 mishandles integrity settings and zone settings, which allows remote attackers to bypass a sandbox protection mechanism via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability." Microsoft Internet Explorer 10 y 11 no maneja adecuadamente ajustes de integridad y de zona, lo que permite a atacantes remotos eludir un mecanismo de protección sandbox a través de un sitio web manipulado, vulnerabilidad también conocida como "Internet Explorer Elevation of Privilege Vulnerability". This vulnerability allows attackers to escape from the Enhanced Protected Mode sandbox on vulnerable installations of Microsoft Internet Explorer. ... An attacker who has gained code execution within the Internet Explorer Enhanced Protected Mode sandbox can leverage this component to place a malicious HTML file in a predictable location at medium integrity. • http://www.securityfocus.com/bid/92808 http://www.securitytracker.com/id/1036788 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-104 • CWE-20: Improper Input Validation •