Page 11 of 419 results (0.131 seconds)

CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0

This resulted in a potentially exploitable crash which could have led to a sandbox escape. ... This resulted in a potentially exploitable crash which could have led to a sandbox escape. • https://bugzilla.mozilla.org/show_bug.cgi?id=1843038 https://lists.debian.org/debian-lts-announce/2023/08/msg00008.html https://lists.debian.org/debian-lts-announce/2023/08/msg00010.html https://www.debian.org/security/2023/dsa-5464 https://www.debian.org/security/2023/dsa-5469 https://www.mozilla.org/security/advisories/mfsa2023-29 https://www.mozilla.org/security/advisories/mfsa2023-30 https://www.mozilla.org/security/advisories/mfsa2023-31 https://access.redhat.com/security • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •

CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 1

Use after free in WebRTC in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop.html https://crbug.com/1272967 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ • CWE-416: Use After Free •

CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 1

Heap buffer overflow in Blink in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_26.html https://crbug.com/1306861 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YKLJ3B3D5BCVWE3QNP4N7HHF26OHD567 • CWE-787: Out-of-bounds Write •

CVSS: 8.6EPSS: 0%CPEs: 3EXPL: 1

A sandboxed process may be able to circumvent sandbox restrictions. • https://github.com/gergelykalman/CVE-2023-32364-macos-app-sandbox-escape https://support.apple.com/en-us/HT213843 https://support.apple.com/kb/HT213844 https://support.apple.com/kb/HT213845 •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1

vm2 is an open source vm/sandbox for Node.js. In vm2 for versions up to and including 3.9.19, Node.js custom inspect function allows attackers to escape the sandbox and run arbitrary code. This may result in Remote Code Execution, assuming the attacker has arbitrary code execution primitive inside the context of vm2 sandbox. ... A flaw was found in the vm2 custom inspect function, which allows attackers to escape the sandbox. • https://github.com/7h3h4ckv157/CVE-2023-37903 https://github.com/patriksimek/vm2/security/advisories/GHSA-g644-9gfx-q4q4 https://security.netapp.com/advisory/ntap-20230831-0007 https://access.redhat.com/security/cve/CVE-2023-37903 https://bugzilla.redhat.com/show_bug.cgi?id=2224969 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •