CVSS: 8.8EPSS: 0%CPEs: 16EXPL: 7CVE-2017-5123 – Linux Kernel 4.13 (Ubuntu 17.10) - 'waitid()' SMEP/SMAP/Chrome Sandbox Privilege Escalation
https://notcve.org/view.php?id=CVE-2017-5123
Insufficient data validation in waitid allowed an user to escape sandboxes on Linux. Una comprobación de datos insuficiente en waitid permitía a un usuario escapar de los sandbox en Linux • https://www.exploit-db.com/exploits/43127 https://www.exploit-db.com/exploits/43029 https://github.com/c3r34lk1ll3r/CVE-2017-5123 https://github.com/0x5068656e6f6c/CVE-2017-5123 https://github.com/FloatingGuy/CVE-2017-5123 https://github.com/teawater/CVE-2017-5123 https://github.com/h1bAna/CVE-2017-5123 https://crbug.com/772848 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=96ca579a1ecc943b75beba58bebb0356f6cc4b51 https://security.netapp.com/adviso • CWE-20: Improper Input Validation •
CVSS: 7.2EPSS: 0%CPEs: 55EXPL: 0CVE-2017-12301
https://notcve.org/view.php?id=CVE-2017-12301
A vulnerability in the Python scripting subsystem of Cisco NX-OS Software could allow an authenticated, local attacker to escape the Python parser and gain unauthorized access to the underlying operating system of the device. The vulnerability exists due to insufficient sanitization of user-supplied parameters that are passed to certain Python functions within the scripting sandbox of the affected device. An attacker could exploit this vulnerability to escape the scripting sandbox and execute arbitrary commands on the underlying operating system with the privileges of the authenticated user. ... Una vulnerabilidad en el subsistema de scripting en Python del software Cisco NX-OS podría permitir que un atacante local sin autenticar escape el analizador Python y obtenga acceso no autorizado al sistema operativo del dispositivo. La vulnerabilidad existe debido a la sanitización insuficiente de parámetros proporcionados por el usuario que se pasan a ciertas funciones Python en la sandbox de scripting del dispositivo afectado. • http://www.securitytracker.com/id/1039622 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-ppe • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 4%CPEs: 9EXPL: 0CVE-2017-5121 – chromium-browser: out-of-bounds access in v8
https://notcve.org/view.php?id=CVE-2017-5121
Inappropriate use of JIT optimisation in V8 in Google Chrome prior to 61.0.3163.100 for Linux, Windows, and Mac allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page, related to the escape analysis phase. El uso inapropiado de la optimización JIT en V8 en Google Chrome, en versiones anteriores a la 61.0.3163.100 para Linux, Windows y Mac, permitía que un atacante remoto ejecutase código arbitrario en un espacio aislado o sandbox mediante una página HTML manipulada. Esto está relacionado con la fase de análisis de escape. • http://www.debian.org/security/2017/dsa-3985 http://www.securityfocus.com/bid/100947 http://www.securitytracker.com/id/1039497 https://access.redhat.com/errata/RHSA-2017:2792 https://blogs.technet.microsoft.com/mmpc/2017/10/18/browser-security-beyond-sandboxing https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop_21.html https://crbug.com/765433 https://security.gentoo.org/glsa/201709-25 https://access.redhat.com/security/cve/CVE-2017-5121 https:&#x • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.4EPSS: 0%CPEs: 16EXPL: 1CVE-2017-3085 – Adobe Flash URL Redirect Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2017-3085
The issue lies in the failure to properly apply sandbox rules when following a URL redirect. • http://www.securityfocus.com/bid/100191 http://www.securitytracker.com/id/1039088 http://www.zerodayinitiative.com/advisories/ZDI-17-634 https://access.redhat.com/errata/RHSA-2017:2457 https://blog.bjornweb.nl/2017/08/flash-remote-sandbox-escape-windows-user-credentials-leak https://helpx.adobe.com/security/products/flash-player/apsb17-23.html https://security.gentoo.org/glsa/201709-16 https://access.redhat.com/security/cve/CVE-2017-3085 https://bugzilla.redhat.com/show_bug& • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2017-8503 – Microsoft Edge XAML File Improper Access Control Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2017-8503
Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to escape from the AppContainer sandbox, aka "Microsoft Edge Elevation of Privilege Vulnerability". ... Microsoft Edge en Microsoft Windows 10 1511, 1607, 1703, y Windows Server 2016 permite que un atacante escape de la sandbox AppContainer. • http://www.securityfocus.com/bid/99395 http://www.securitytracker.com/id/1039101 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8503 •