CVE-2017-3080 – Adobe Flash BrokerCreateFile Broker Method Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2017-3080
Adobe Flash Player versions 26.0.0.131 and earlier have a security bypass vulnerability related to the Flash API used by Internet Explorer. ... This vulnerability allows remote attackers to bypass the Enhanced Protected Mode sandbox of vulnerable installations of Adobe Flash Player and disclose file contents. • http://www.securityfocus.com/bid/99519 http://www.securitytracker.com/id/1038845 https://access.redhat.com/errata/RHSA-2017:1731 https://helpx.adobe.com/security/products/flash-player/apsb17-21.html https://security.gentoo.org/glsa/201707-15 https://access.redhat.com/security/cve/CVE-2017-3080 https://bugzilla.redhat.com/show_bug.cgi?id=1469763 •
CVE-2017-5087 – chromium-browser: sandbox escape in indexeddb
https://notcve.org/view.php?id=CVE-2017-5087
A use after free in Blink in Google Chrome prior to 59.0.3071.104 for Mac, Windows, and Linux, and 59.0.3071.117 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page, aka an IndexedDB sandbox escape. ... Esto también se conoce como escape de espacio aislado o sandbox IndexedDB. • http://www.debian.org/security/2017/dsa-3926 http://www.securityfocus.com/bid/99096 http://www.securitytracker.com/id/1038765 https://access.redhat.com/errata/RHSA-2017:1495 https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop_15.html https://crbug.com/725032 https://security.gentoo.org/glsa/201706-20 https://access.redhat.com/security/cve/CVE-2017-5087 https://bugzilla.redhat.com/show_bug.cgi?id=1462148 • CWE-416: Use After Free •
CVE-2017-6986
https://notcve.org/view.php?id=CVE-2017-6986
It allows attackers to conduct sandbox-escape attacks or cause a denial of service (memory corruption) via a crafted app. • http://www.securitytracker.com/id/1038484 https://support.apple.com/HT207797 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2017-2512
https://notcve.org/view.php?id=CVE-2017-2512
The issue involves the "Sandbox" component. It allows attackers to conduct sandbox-escape attacks or cause a denial of service (memory corruption) via a crafted app. ... El problema involucra al componente "Sandbox". Permite a los atacantes conducir ataques de escape del sandbox o causar una denegación de servicio (corrupción de memoria) por medio de una aplicación diseñada. • http://www.securitytracker.com/id/1038484 https://support.apple.com/HT207797 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2017-2535 – Apple macOS authd Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2017-2535
It allows attackers to conduct sandbox-escape attacks or cause a denial of service (resource consumption) via a crafted app. ... Permite a los atacantes conducir ataques de escape del sandbox o causar una denegación de servicio (consumo de recursos) por medio de una aplicación especialmente diseñada. • http://www.securitytracker.com/id/1038484 https://support.apple.com/HT207797 • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •