CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2017-6977 – Apple macOS speechsynthesisd Unsigned Dylib Loading Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2017-6977
It allows attackers to conduct sandbox-escape attacks or cause a denial of service (memory corruption) via a crafted app. ... Permite a los atacantes conducir ataques de escape del sandbox o causar una denegación de servicio (corrupción de memoria) por medio de una aplicación diseñada. • http://www.securitytracker.com/id/1038484 https://support.apple.com/HT207797 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2017-2534 – Apple macOS speechsynthesisd Unsigned Dylib Loading Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2017-2534
It allows attackers to conduct sandbox-escape attacks via a crafted app. ... Permite a los atacantes conducir ataques de escape del sandbox por medio de una aplicación diseñada. • http://www.securitytracker.com/id/1038484 https://support.apple.com/HT207797 •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-0233 – Microsoft Edge WriteClassesOfCategory DLL Planting Sandbox Escape Vulnerability
https://notcve.org/view.php?id=CVE-2017-0233
An elevation of privilege vulnerability exists in Microsoft Edge that could allow an attacker to escape from the AppContainer sandbox in the browser, aka "Microsoft Edge Elevation of Privilege Vulnerability." ... This vulnerability allows remote attackers to escape the AppContainer sandbox on vulnerable installations of Microsoft Edge. • http://www.securityfocus.com/bid/98179 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0233 •
CVSS: 7.6EPSS: 15%CPEs: 2EXPL: 0CVE-2017-0226 – Microsoft Internet Explorer Enhanced Protected Mode Sandbox Escape Vulnerability
https://notcve.org/view.php?id=CVE-2017-0226
This vulnerability allows remote attackers to escape the Enhanced Protected Mode (EPM) sandbox on vulnerable installations of Microsoft Internet Explorer. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists due to the EPM sandbox allowing low-privileged code to perform various operations, such as modifying certain low-integrity parts of the file system and calling specific APIs. • http://www.securityfocus.com/bid/98139 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0226 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 0CVE-2017-5454 – Mozilla: Sandbox escape allowing file system read access through file picker (MFSA 2017-12)
https://notcve.org/view.php?id=CVE-2017-5454
A mechanism to bypass file system access protections in the sandbox to use the file picker to access different files than those selected in the file picker through the use of relative paths. ... Mecanismo para omitir las protecciones de acceso al sistema de archivos en el sandbox para emplear el picker de archivos para acceder a diferentes archivos que los seleccionados en el picker mediante el uso de rutas relativas. • http://www.securityfocus.com/bid/97940 http://www.securitytracker.com/id/1038320 https://access.redhat.com/errata/RHSA-2017:1106 https://access.redhat.com/errata/RHSA-2017:1201 https://bugzilla.mozilla.org/show_bug.cgi?id=1349276 https://www.mozilla.org/security/advisories/mfsa2017-10 https://www.mozilla.org/security/advisories/mfsa2017-12 https://www.mozilla.org/security/advisories/mfsa2017-13 https://access.redhat.com/security/cve/CVE-2017-5454 https://bugzilla.redhat.com/sho • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •