CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 0CVE-2018-6560 – flatpak: sandbox escape in D-Bus filtering by a crafted authentication handshake
https://notcve.org/view.php?id=CVE-2018-6560
In dbus-proxy/flatpak-proxy.c in Flatpak before 0.8.9, and 0.9.x and 0.10.x before 0.10.3, crafted D-Bus messages to the host can be used to break out of the sandbox, because whitespace handling in the proxy is not identical to whitespace handling in the daemon. En dbus-proxy/flatpak-proxy.c en Flatpak en versiones anteriores a la 0.8.9, 0.9.x y 0.10.x anteriores a la 0.10.3, se pueden utilizar mensajes D-Bus manipulados para salir del sandbox, ya que la gestión de los espacios en blanco en el proxy no es idéntica a cómo gestiona el demonio los espacios en blanco. ... A specially crafted flatpak application could use this flaw to bypass all restrictions imposed by flatpak and have full access to the D-BUS interface. • https://access.redhat.com/errata/RHSA-2018:2766 https://github.com/flatpak/flatpak/commit/52346bf187b5a7f1c0fe9075b328b7ad6abe78f6 https://github.com/flatpak/flatpak/releases/tag/0.10.3 https://github.com/flatpak/flatpak/releases/tag/0.8.9 https://access.redhat.com/security/cve/CVE-2018-6560 https://bugzilla.redhat.com/show_bug.cgi?id=1542207 • CWE-270: Privilege Context Switching Error CWE-436: Interpretation Conflict •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6055 – chromium-browser: Insufficient policy enforcement in Catalog Service
https://notcve.org/view.php?id=CVE-2018-6055
Insufficient policy enforcement in Catalog Service in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially run arbitrary code outside sandbox via a crafted HTML page. Aplicación de políticas insuficiente en Catalog Service en Google Chrome en versiones anteriores a la 64.0.3282.119 permitía que un atacante remoto ejecutase código arbitrario fuera del sandbox mediante una página HTML manipulada. Chromium suffers from a sandbox escape vulnerability via an exposed filesystem::mojom::Directory mojo interface in the catalog service. • http://www.securityfocus.com/bid/105516 https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html https://crbug.com/791003 https://access.redhat.com/security/cve/CVE-2018-6055 https://bugzilla.redhat.com/show_bug.cgi?id=1633393 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2018-4091
https://notcve.org/view.php?id=CVE-2018-4091
The issue involves the "Sandbox" component. It allows bypass of a sandbox protection mechanism. ... El problema afecta al componente "Sandbox". Permite la omisión de un mecanismo de protección de sandbox. • http://www.securityfocus.com/bid/102785 http://www.securitytracker.com/id/1040267 https://support.apple.com/HT208465 •
CVSS: 6.5EPSS: 0%CPEs: 68EXPL: 0CVE-2017-1000483
https://notcve.org/view.php?id=CVE-2017-1000483
Accessing private content via str.format in through-the-web templates and scripts in Plone 2.5-5.1rc1. This improves an earlier hotfix. Since the format method was introduced in Python 2.6, this part of the hotfix is only relevant for Plone 4 and 5. Acceso a contenido privado mediante str.format plantillas y scripts a través de la web en Plone 2.5-5.1rc1. Esto mejora un hotfix anterior. • https://plone.org/security/hotfix/20171128/sandbox-escape •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2016-10702
https://notcve.org/view.php?id=CVE-2016-10702
Pebble Smartwatch devices through 4.3 mishandle UUID storage, which allows attackers to read an arbitrary application's flash storage, and access an arbitrary application's JavaScript instance, by modifying a UUID value within the header of a crafted application binary. Los dispositivos Pebble Smartwatch hasta la versión 4.3 gestionan el almacenamiento UUID de manera incorrecta. Esto permite que atacantes lean el almacenamiento flash de una aplicación arbitraria y accedan a la instancia JavaScript de una aplicación arbitraria modificando un valor UUID en la cabecera de un binario de aplicación manipulado. • https://blog.fletchto99.com/2016/november/pebble-app-sandbox-escape • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •