CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-26405 – ZDI-CAN-20712: Object Prototype pollution which leads to API Restrictions Bypass
https://notcve.org/view.php?id=CVE-2023-26405
12 Apr 2023 — This vulnerability allows remote attackers to escape the sandbox on affected installations of Adobe Acrobat Reader DC. ... An attacker can leverage this vulnerability to escape the sandbox and execute arbitrary code in the context of the current process. • https://helpx.adobe.com/security/products/acrobat/apsb23-24.html • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 2%CPEs: 1EXPL: 8CVE-2023-26122
https://notcve.org/view.php?id=CVE-2023-26122
11 Apr 2023 — All versions of the package safe-eval are vulnerable to Sandbox Bypass due to improper input sanitization. ... All versions of the package safe-eval are vulnerable to Sandbox Bypass due to improper input sanitization. • https://gist.github.com/seongil-wi/2db6cb884e10137a93132b7f74879cce • CWE-265: Privilege Issues CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 1CVE-2023-26919
https://notcve.org/view.php?id=CVE-2023-26919
10 Apr 2023 — delight-nashorn-sandbox 0.2.4 and 0.2.5 is vulnerable to sandbox escape. • https://github.com/javadelight/delight-nashorn-sandbox/issues/135 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 10.0EPSS: 79%CPEs: 1EXPL: 4CVE-2023-29017 – vm2 Sandbox Escape vulnerability
https://notcve.org/view.php?id=CVE-2023-29017
06 Apr 2023 — vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. ... A threat actor could bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. ... This flaw allows a remote, unauthenticated attacker to escape the restrictions of the sandbox and execute code on the host. • https://github.com/timb-machine-mirrors/seongil-wi-CVE-2023-29017 • CWE-755: Improper Handling of Exceptional Conditions CWE-913: Improper Control of Dynamically-Managed Code Resources •
CVSS: 6.4EPSS: 1%CPEs: 1EXPL: 1CVE-2022-27665
https://notcve.org/view.php?id=CVE-2022-27665
03 Apr 2023 — Reflected XSS (via AngularJS sandbox escape expressions) exists in Progress Ipswitch WS_FTP Server 8.6.0. • https://github.com/dievus/CVE-2022-27665 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.2EPSS: 0%CPEs: 4EXPL: 0CVE-2023-28101 – Flatpak metadata with ANSI control codes can cause misleading terminal output
https://notcve.org/view.php?id=CVE-2023-28101
16 Mar 2023 — .` Several vulnerabilities have been found in Flatpack, the worst of which lead to privilege escalation and sandbox escape. • https://github.com/flatpak/flatpak/commit/409e34187de2b2b2c4ef34c79f417be698830f6c • CWE-116: Improper Encoding or Escaping of Output •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-28100 – TIOCLINUX can send commands outside sandbox if running on a virtual console
https://notcve.org/view.php?id=CVE-2023-28100
16 Mar 2023 — Several vulnerabilities have been found in Flatpack, the worst of which lead to privilege escalation and sandbox escape. • https://github.com/flatpak/flatpak/commit/8e63de9a7d3124f91140fc74f8ca9ed73ed53be9 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2023-28154 – webpack JS package <= 5.75.0 - Sandbox Bypass
https://notcve.org/view.php?id=CVE-2023-28154
13 Mar 2023 — The JS package webpack is vulnerable to Sandbox Bypass in versions up to, and including, 5.75.0 due to mishandling magic comments. • https://github.com/webpack/webpack/compare/v5.75.0...v5.76.0 • CWE-269: Improper Privilege Management •
CVSS: 5.5EPSS: 3%CPEs: 1EXPL: 0CVE-2023-25764
https://notcve.org/view.php?id=CVE-2023-25764
15 Feb 2023 — Jenkins Email Extension Plugin 2.93 and earlier does not escape, sanitize, or sandbox rendered email template output or log output generated during template rendering, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create or change custom email templates. • http://www.openwall.com/lists/oss-security/2023/02/15/4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-24422 – jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin
https://notcve.org/view.php?id=CVE-2023-24422
24 Jan 2023 — A sandbox bypass vulnerability involving map constructors in Jenkins Script Security Plugin 1228.vd93135a_2fb_25 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM. Una vulnerabilidad de omisión de la sandbox que involucra constructores de mapas en Jenkins Script Security Plugin 1228.vd93135a_2fb_25 y versiones anteriores per... • https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-3016 • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •