CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11114
https://notcve.org/view.php?id=CVE-2024-11114
Inappropriate implementation in Views in Google Chrome on Windows prior to 131.0.6778.69 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2024/11/stable-channel-update-for-desktop_12.html https://issues.chromium.org/issues/370856871 •
CVSS: 1.0EPSS: 0%CPEs: 7EXPL: 0CVE-2024-51481 – Nix allows macOS sandbox escape via built-in builders
https://notcve.org/view.php?id=CVE-2024-51481
Nix is a package manager for Linux and other Unix systems. On macOS, built-in builders (such as `builtin:fetchurl`, exposed to users with `import <nix/fetchurl.nix>`) were not executed in the macOS sandbox. Thus, these builders (which are running under the `nixbld*` users) had read access to world-readable paths and write access to world-writable paths outside of the sandbox. This issue is fixed in 2.18.9, 2.19.7, 2.20.9, 2.21.5, 2.22.4, 2.23.4, and 2.24.10. Note that sandboxing is not enabled by default on macOS. • https://github.com/NixOS/nix/commit/597fcc98e18e3178734d06a9e7306250e8cb8d74 https://github.com/NixOS/nix/security/advisories/GHSA-wf4c-57rh-9pjg • CWE-693: Protection Mechanism Failure •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-8923 – Sandbox Escape in Now Platform
https://notcve.org/view.php?id=CVE-2024-8923
ServiceNow has addressed an input validation vulnerability that was identified in the Now Platform. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow deployed an update to hosted instances and ServiceNow provided the update to our partners and self-hosted customers. Further, the vulnerability is addressed in the listed patches and hot fixes. • https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1706070 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 1CVE-2024-39205 – Pyload Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-39205
CVE-2024-28397 is a sandbox escape in js2py versions 0.74 and below. js2py is a popular python package that can evaluate javascript code inside a python interpreter. The vulnerability allows for an attacker to obtain a reference to a python object in the js2py environment enabling them to escape the sandbox, bypass pyimport restrictions and execute arbitrary commands on the host. • https://github.com/Marven11/CVE-2024-39205-Pyload-RCE https://github.com/Marven11/CVE-2024-39205-Pyload-RCE/tree/main https://github.com/pyload/pyload https://github.com/pyload/pyload/security/advisories/GHSA-r9pp-r4xf-597r - •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7024
https://notcve.org/view.php?id=CVE-2024-7024
Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. • https://issues.chromium.org/issues/334120897 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •