CVSS: 9.6EPSS: 1%CPEs: 5EXPL: 0CVE-2018-6127 – chromium-browser: Use after free in indexedDB
https://notcve.org/view.php?id=CVE-2018-6127
Early free of object in use in IndexDB in Google Chrome prior to 67.0.3396.62 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. • http://www.securityfocus.com/bid/104309 http://www.securitytracker.com/id/1041014 https://access.redhat.com/errata/RHSA-2018:1815 https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html https://crbug.com/842990 https://www.debian.org/security/2018/dsa-4237 https://access.redhat.com/security/cve/CVE-2018-6127 https://bugzilla.redhat.com/show_bug.cgi?id=1584037 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2018-4229
https://notcve.org/view.php?id=CVE-2018-4229
It allows attackers to bypass a sandbox protection mechanism by leveraging the misparsing of entitlement plists. ... Permite que atacantes omitan un mecanismo de protección de sandbox aprovechando el error de análisis de plists de derechos. • http://www.securitytracker.com/id/1041027 https://support.apple.com/HT208849 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-4184
https://notcve.org/view.php?id=CVE-2018-4184
It allows attackers to bypass a sandbox protection mechanism to obtain microphone access. ... Permite que atacantes omitan un mecanismo de protección del sandbox para obtener acceso al micrófono. • http://www.securitytracker.com/id/1041027 https://support.apple.com/HT208849 •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2018-8112 – Microsoft Edge XML File Sandbox Escape Vulnerability
https://notcve.org/view.php?id=CVE-2018-8112
A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins, aka "Microsoft Edge Security Feature Bypass Vulnerability." ... Esto también se conoce como "Microsoft Edge Security Feature Bypass Vulnerability". ... This vulnerability allows local attackers to escape the sandbox on vulnerable installations of Microsoft Edge. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists due to the fact that various operations can be triggered from within the Microsoft Edge sandbox. • http://www.securityfocus.com/bid/103963 http://www.securitytracker.com/id/1040844 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8112 • CWE-346: Origin Validation Error •
CVSS: 8.3EPSS: 0%CPEs: 25EXPL: 0CVE-2018-2814 – OpenJDK: incorrect handling of Reference clones can lead to sandbox bypass (Hotspot, 8192025)
https://notcve.org/view.php?id=CVE-2018-2814
., code that comes from the internet) and rely on the Java sandbox for security. ... Nota: Esta vulnerabilidad se aplica a implementaciones Java, normalmente en clientes que ejecutan aplicaciones Java Web Start en sandbox o applets Java en sandbox que cargan y ejecutan código que no es de confianza (por ejemplo, código proveniente de internet) y que confían en la sandbox de aislado Java para protegerse. • http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html http://www.securityfocus.com/bid/103798 http://www.securitytracker.com/id/1040697 https://access.redhat.com/errata/RHSA-2018:1188 https://access.redhat.com/errata/RHSA-2018:1191 https://access.redhat.com/errata/RHSA-2018:1201 https://access.redhat.com/errata/RHSA-2018:1202 https://access.redhat.com/errata/RHSA-2018:1203 https://access.redhat.com/errata/RHSA-2018:1204 https://access.redhat.com/errata/ •