CVSS: 10.0EPSS: 1%CPEs: 6EXPL: 0CVE-2016-1629 – chromium-browser: same-origin bypass in Blink and Sandbox escape in Chrome
https://notcve.org/view.php?id=CVE-2016-1629
Google Chrome before 48.0.2564.116 allows remote attackers to bypass the Blink Same Origin Policy and a sandbox protection mechanism via unspecified vectors. Google Chrome en versiones anteriores a 48.0.2564.116 permite a atacantes remotos eludir la Blink Same Origin Policy y el mecanismo de protección sandbox a través de vectores no especificados. • http://googlechromereleases.blogspot.com/2016/02/stable-channel-update_18.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00045.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00047.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00048.html http://rhn.redhat.com/errata/RHSA-2016-0286.html http://www.debian.org/security/2016/dsa-3486 http://www.securityfocus.com/bid/83302 http://www.securitytracker.com/id/1035184 http://www. • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2016-0020 – Microsoft Internet Explorer NewMessage Protected Mode Sandbox Escape Vulnerability
https://notcve.org/view.php?id=CVE-2016-0020
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 mishandle DLL loading, which allows local users to gain privileges via a crafted application, aka "MAPI DLL Loading Elevation of Privilege Vulnerability." Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1 y Windows 7 SP1 no maneja adecuadamente la carga de DLL, lo que permite a usuarios locales obtener privilegios a través de una aplicación manipulada, también conocido como "MAPI DLL Loading Elevation of Privilege Vulnerability". This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the IShdocvwBroker::NewMessage API. Calling this API causes the broker process to load a DLL from a potentially unsafe location. • http://www.securitytracker.com/id/1034661 http://www.zerodayinitiative.com/advisories/ZDI-16-018 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-007 •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7003 – OS X Coreaudiod Calls Uninitialized Function Pointer
https://notcve.org/view.php?id=CVE-2015-7003
coreaudiod in Audio in Apple OS X before 10.11.1 does not initialize an unspecified data structure, which allows attackers to execute arbitrary code via a crafted app. coreaudiod en Audio en Apple OS X en versiones anteriores a 10.11.1 no inicializa una estructura de datos sin especificar, lo que permite a atacantes ejecutar código arbitrario a través de una aplicación manipulada. com.apple.audio.coreaudiod is reachable from various sandboxes including the Safari renderer. coreaudiod is sandboxed and runs as its own user, nevertheless it has access to various other interesting attack surfaces which safari doesn't, allowing this bug to potentially form part of a full sandbox escape chain. • http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html https://support.apple.com/HT205375 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.4EPSS: 2%CPEs: 2EXPL: 0CVE-2015-6051 – Microsoft Internet Explorer ShowSaveFileDialog Protected Mode Sandbox Escape Vulnerability
https://notcve.org/view.php?id=CVE-2015-6051
Microsoft Internet Explorer 10 and 11 allows remote attackers to gain privileges via a crafted web site, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "Internet Explorer Elevation of Privilege Vulnerability." Microsoft Internet Explorer 10 y 11 permite a atacantes remotos obtener privilegios a través de un sitio web manipulado, según lo demostrado por una transición desde Low Integrity hasta Medium Integrity, también conocida como 'Internet Explorer Elevation of Privilege Vulnerability'. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the usage of the CProtectedModeAPI::ShowSaveFileDialog API. An attacker can leverage this API to set the current working directory and allow for DLL planting. • http://www.securityfocus.com/bid/76991 http://www.securitytracker.com/id/1033800 http://www.zerodayinitiative.com/advisories/ZDI-15-545 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-106 •
CVSS: 6.9EPSS: 8%CPEs: 4EXPL: 0CVE-2015-6047 – Microsoft Internet Explorer EditWith Sandbox Escape Vulnerability
https://notcve.org/view.php?id=CVE-2015-6047
This vulnerability allows remote attackers to escape the Application Container and execute code in the context of the logged-in user on vulnerable installations of Microsoft Internet Explorer. • http://www.securitytracker.com/id/1033800 http://www.zerodayinitiative.com/advisories/ZDI-15-522 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-106 • CWE-264: Permissions, Privileges, and Access Controls •