Page 10 of 417 results (0.093 seconds)

CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-5170

https://notcve.org/view.php?id=CVE-2023-5170

This memory leak could be used to effect a sandbox escape if the correct data was leaked. ... Esta pérdida de memoria podría usarse para efectuar un escape de la sandbox si se filtraron los datos correctos. • https://bugzilla.mozilla.org/show_bug.cgi?id=1846686 https://security.gentoo.org/glsa/202401-10 https://www.mozilla.org/security/advisories/mfsa2023-41 • CWE-401: Missing Release of Memory after Effective Lifetime •

CVSS: 8.6EPSS: 0%CPEs: 5EXPL: 0

CVE-2023-4576

https://notcve.org/view.php?id=CVE-2023-4576

On Windows, an integer overflow could occur in `RecordedSourceSurfaceCreation` which resulted in a heap buffer overflow potentially leaking sensitive data that could have led to a sandbox escape. *This bug only affects Firefox on Windows. ... En Windows, podría ocurrir un desbordamiento de enteros en `RecordedSourceSurfaceCreation`, lo que resultó en un desbordamiento del búfer que podría filtrar datos confidenciales que podrían haber llevado a un escape de la sandbox. • https://bugzilla.mozilla.org/show_bug.cgi?id=1846694 https://www.mozilla.org/security/advisories/mfsa2023-34 https://www.mozilla.org/security/advisories/mfsa2023-35 https://www.mozilla.org/security/advisories/mfsa2023-36 https://www.mozilla.org/security/advisories/mfsa2023-37 https://www.mozilla.org/security/advisories/mfsa2023-38 • CWE-190: Integer Overflow or Wraparound •

CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 0

CVE-2023-41039 – Sandbox escape via various forms of "format" in RestrictedPython

https://notcve.org/view.php?id=CVE-2023-41039

RestrictedPython is a restricted execution environment for Python to run untrusted code. Python's "format" functionality allows someone controlling the format string to "read" all objects accessible through recursive attribute lookup and subscription from objects he can access. This can lead to critical information disclosure. With `RestrictedPython`, the format functionality is available via the `format` and `format_map` methods of `str` (and `unicode`) (accessed either via the class or its instances) and via `string.Formatter`. All known versions of `RestrictedPython` are vulnerable. • https://github.com/zopefoundation/RestrictedPython/commit/4134aedcff17c977da7717693ed89ce56d54c120 https://github.com/zopefoundation/RestrictedPython/security/advisories/GHSA-xjw2-6jm9-rf67 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •

CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0

CVE-2023-4050 – Mozilla: Stack buffer overflow in StorageManager

https://notcve.org/view.php?id=CVE-2023-4050

This resulted in a potentially exploitable crash which could have led to a sandbox escape. ... This resulted in a potentially exploitable crash which could have led to a sandbox escape. • https://bugzilla.mozilla.org/show_bug.cgi?id=1843038 https://lists.debian.org/debian-lts-announce/2023/08/msg00008.html https://lists.debian.org/debian-lts-announce/2023/08/msg00010.html https://www.debian.org/security/2023/dsa-5464 https://www.debian.org/security/2023/dsa-5469 https://www.mozilla.org/security/advisories/mfsa2023-29 https://www.mozilla.org/security/advisories/mfsa2023-30 https://www.mozilla.org/security/advisories/mfsa2023-31 https://access.redhat.com/security • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •

CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 1

CVE-2022-4924

https://notcve.org/view.php?id=CVE-2022-4924

Use after free in WebRTC in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop.html https://crbug.com/1272967 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ • CWE-416: Use After Free •