Page 10 of 578 results (0.174 seconds)

CVSS: 9.1EPSS: 0%CPEs: 9EXPL: 0

CVE-2023-39401

https://notcve.org/view.php?id=CVE-2023-39401

Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization. • https://consumer.huawei.com/en/support/bulletin/2023/8 https://device.harmonyos.com/en/docs/security/update/security-bulletins-202308-0000001667644725 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-285: Improper Authorization •

CVSS: 9.1EPSS: 0%CPEs: 9EXPL: 0

CVE-2023-39400

https://notcve.org/view.php?id=CVE-2023-39400

Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization. • https://consumer.huawei.com/en/support/bulletin/2023/8 https://device.harmonyos.com/en/docs/security/update/security-bulletins-202308-0000001667644725 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-285: Improper Authorization •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-24698

https://notcve.org/view.php?id=CVE-2023-24698

Insufficient parameter validation in the Foswiki::Sandbox component of Foswiki v2.1.7 and below allows attackers to perform a directory traversal via supplying a crafted web request. • https://foswiki.org/Support/SecurityAlert-CVE-2023-24698 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-37896 – Nuclei Path Traversal vulnerability

https://notcve.org/view.php?id=CVE-2023-37896

The problem was related to sanitization issues with payload loading in sandbox mode. There was a potential risk with payloads loading in sandbox mode. ... The maintainers have also enabled sandbox by default for filesystem loading. ... Existía un riesgo potencial con la carga de payloads en modo sandbox. ... Los mantenedores también han habilitado sandbox por defecto para la carga del sistema de archivos. • https://github.com/projectdiscovery/nuclei/pull/3927 https://github.com/projectdiscovery/nuclei/releases/tag/v2.9.9 https://github.com/projectdiscovery/nuclei/security/advisories/GHSA-2xx4-jj5v-6mff • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0

CVE-2023-4050 – Mozilla: Stack buffer overflow in StorageManager

https://notcve.org/view.php?id=CVE-2023-4050

This resulted in a potentially exploitable crash which could have led to a sandbox escape. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. ... This resulted in a potentially exploitable crash which could have led to a sandbox escape. • https://bugzilla.mozilla.org/show_bug.cgi?id=1843038 https://lists.debian.org/debian-lts-announce/2023/08/msg00008.html https://lists.debian.org/debian-lts-announce/2023/08/msg00010.html https://www.debian.org/security/2023/dsa-5464 https://www.debian.org/security/2023/dsa-5469 https://www.mozilla.org/security/advisories/mfsa2023-29 https://www.mozilla.org/security/advisories/mfsa2023-30 https://www.mozilla.org/security/advisories/mfsa2023-31 https://access.redhat.com/security • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •