CVSS: 7.4EPSS: 0%CPEs: 16EXPL: 1CVE-2017-3085 – Adobe Flash URL Redirect Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2017-3085
Adobe Flash Player versions 26.0.0.137 and earlier have a security bypass vulnerability that leads to information disclosure when performing URL redirect. ... The issue lies in the failure to properly apply sandbox rules when following a URL redirect. • http://www.securityfocus.com/bid/100191 http://www.securitytracker.com/id/1039088 http://www.zerodayinitiative.com/advisories/ZDI-17-634 https://access.redhat.com/errata/RHSA-2017:2457 https://blog.bjornweb.nl/2017/08/flash-remote-sandbox-escape-windows-user-credentials-leak https://helpx.adobe.com/security/products/flash-player/apsb17-23.html https://security.gentoo.org/glsa/201709-16 https://access.redhat.com/security/cve/CVE-2017-3085 https://bugzilla.redhat.com/show&# • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 8.8EPSS: 1%CPEs: 3EXPL: 0CVE-2017-5092 – chromium-browser: use after free in ppapi
https://notcve.org/view.php?id=CVE-2017-5092
Insufficient validation of untrusted input in PPAPI Plugins in Google Chrome prior to 60.0.3112.78 for Windows allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Validación insuficiente de entradas no fiables en PPAPI Plugins en Google Chrome, en versiones anteriores a la 60.0.3112.78 para Windows, permitía que un atacante remoto pudiese realizar un escape de espacio aislado o sandbox mediante una página HTML manipulada. • http://www.debian.org/security/2017/dsa-3926 http://www.securityfocus.com/bid/99950 https://access.redhat.com/errata/RHSA-2017:1833 https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html https://crbug.com/733549 https://security.gentoo.org/glsa/201709-15 https://access.redhat.com/security/cve/CVE-2017-5092 https://bugzilla.redhat.com/show_bug.cgi?id=1475194 • CWE-20: Improper Input Validation CWE-416: Use After Free •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2017-11615
https://notcve.org/view.php?id=CVE-2017-11615
A sandbox escape in the Lua interface in Wube Factorio before 0.15.31 allows remote game servers or user-assisted attackers to execute arbitrary C code by including and loading a C library. Un escape del sandbox en Lua Interface en Wube Factorio anterior a la versión 0.15.31, permite a los servidores de juegos remotos o atacantes asistidos por el usuario ejecutar código C arbitrario incluyendo y cargando una biblioteca C. • https://security.gerhardt.link/RCE-in-Factorio •
CVSS: 8.8EPSS: 2%CPEs: 4EXPL: 1CVE-2017-7047 – Apple macOS/iOS - 'xpc_data' Objects Sandbox Escape Privilege Escalation
https://notcve.org/view.php?id=CVE-2017-7047
Permite a los atacantes ejecutar código arbitrario en un contexto privilegiado o provocar una denegación de servicio (corrupción de memoria) por medio de una aplicación creada. macOS and iOS sandbox escapes and privilege escalation vulnerabilities exist due to unexpected shared memory-backed xpc_data objects. • https://www.exploit-db.com/exploits/42407 http://www.securityfocus.com/bid/99883 http://www.securitytracker.com/id/1038950 https://support.apple.com/HT207922 https://support.apple.com/HT207923 https://support.apple.com/HT207924 https://support.apple.com/HT207925 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.1EPSS: 0%CPEs: 46EXPL: 0CVE-2017-10078 – OpenJDK: Nashorn incompletely blocking access to Java APIs (Scripting, 8171539)
https://notcve.org/view.php?id=CVE-2017-10078
Nota: Esta vulnerabilidad puede ser explotada mediante aplicaciones Java Web Start en sandbox y applets Java en sandbox. También puede ser explotada proporcionando datos a las API en los componentes especificados sin emplear aplicaciones Java Web Start en sandbox o applets Java en sandbox, como a través de un servicio web. ... An untrusted JavaScript executed by Nashorn could use this flaw to bypass intended restrictions. • http://www.debian.org/security/2017/dsa-3919 http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html http://www.securityfocus.com/bid/99752 http://www.securitytracker.com/id/1038931 https://access.redhat.com/errata/RHSA-2017:1789 https://access.redhat.com/errata/RHSA-2017:1790 https://access.redhat.com/errata/RHSA-2017:2469 https://access.redhat.com/errata/RHSA-2017:3453 https://cert.vde.com/en-us/advisories/vde-2017-002 https://security.gentoo.org/g •