CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-20932 – OpenJDK: incorrect handling of ZIP files with duplicate entries (8276123)
https://notcve.org/view.php?id=CVE-2024-20932
16 Jan 2024 — ., code that comes from the internet) and rely on the Java sandbox for security. ... Nota: Esta vulnerabilidad se aplica a implementaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start en sandbox o subprogramas de Java en sandbox, que cargan y ejecutan código que no es de confianza (por ejemplo, código que proviene de Internet) y dependen del entorno limitado de Java para su seguridad. ... Note: This vulnerability applies to Java deployments, typically in cl... • https://security.netapp.com/advisory/ntap-20240201-0002 • CWE-20: Improper Input Validation CWE-284: Improper Access Control •
CVSS: 5.9EPSS: 0%CPEs: 19EXPL: 0CVE-2024-20926 – OpenJDK: arbitrary Java code execution in Nashorn (8314284)
https://notcve.org/view.php?id=CVE-2024-20926
16 Jan 2024 — ., code that comes from the internet) and rely on the Java sandbox for security. ... Esta vulnerabilidad también se aplica a las implementaciones de Java, generalmente en clientes que ejecutan aplicaciones Java Web Start en una sandbox o subprogramas de Java en una sandbox, que cargan y ejecutan código que no es de confianza (por ejemplo, código que proviene de Internet) y dependen del entorno limitado de Java para su seguridad. ... This vulnerability also applies to Java deployments, t... • https://lists.debian.org/debian-lts-announce/2024/01/msg00023.html • CWE-20: Improper Input Validation •
CVSS: 7.4EPSS: 0%CPEs: 19EXPL: 0CVE-2024-20918 – OpenJDK: array out-of-bounds access due to missing range check in C1 compiler (8314468)
https://notcve.org/view.php?id=CVE-2024-20918
16 Jan 2024 — ., code that comes from the internet) and rely on the Java sandbox for security. ... Esta vulnerabilidad también se aplica a las implementaciones de Java, generalmente en clientes que ejecutan aplicaciones Java Web Start en una sandbox o subprogramas de Java en una sandbox, que cargan y ejecutan código que no es de confianza (por ejemplo, código que proviene de Internet) y dependen del entorno limitado de Java para su seguridad. ... This vulnerability also applies to Java deployments, t... • https://lists.debian.org/debian-lts-announce/2024/01/msg00023.html • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-6860 – Mozilla: Potential sandbox escape due to <code>VideoBridge</code> lack of texture validation
https://notcve.org/view.php?id=CVE-2023-6860
19 Dec 2023 — This could be abused to escape the sandbox. ... Se podría abusar de esto para escapar de la sandbox. ... This could be abused to escape the sandbox. ... An attacker could potentially exploit this issue to escape the sandbox. • https://bugzilla.mozilla.org/show_bug.cgi?id=1854669 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 1%CPEs: 6EXPL: 0CVE-2023-6856 – Mozilla: Heap-buffer-overflow affecting WebGL <code>DrawElementsInstanced</code> method with Mesa VM driver
https://notcve.org/view.php?id=CVE-2023-6856
19 Dec 2023 — This issue could allow an attacker to perform remote code execution and sandbox escape. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121. ... This issue could allow an attacker to perform remote code execution and sandbox escape. ... An attacker could potentially exploit this issue to escape the sandbox. • https://bugzilla.mozilla.org/show_bug.cgi?id=1843782 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-44382 – October CMS safe mode bypass using Twig sandbox escape
https://notcve.org/view.php?id=CVE-2023-44382
01 Dec 2023 — An authenticated backend user with the `editor.cms_pages`, `editor.cms_layouts`, or `editor.cms_partials` permissions who would normally not be permitted to provide PHP code to be executed by the CMS due to `cms.safe_mode` being enabled can write specific Twig code to escape the Twig sandbox and execute arbitrary PHP. ... Un usuario backend autenticado con los permisos `editor.cms_pages`, `editor.cms_layouts` o `editor.cms_partials` a quien normalmente no se le permitiría proporcionar código PHP para... • https://github.com/octobercms/october/security/advisories/GHSA-p8q3-h652-65vx • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 17%CPEs: 7EXPL: 0CVE-2023-6345 – Google Skia Integer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2023-6345
29 Nov 2023 — Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. ... Google Chromium Skia contains an integer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a malicious file. • https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop_28.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.7EPSS: 0%CPEs: 6EXPL: 1CVE-2023-5557 – Tracker-miners: sandbox escape
https://notcve.org/view.php?id=CVE-2023-5557
13 Oct 2023 — A weakness in the sandbox allows a maliciously-crafted file to execute code outside the sandbox if the tracker-extract process has first been compromised by a separate vulnerability. ... Una debilidad en la sandbox permite que un archivo creado con fines malintencionados ejecute código fuera de la sandbox si el proceso de extracción del rastreador se ha visto comprometido primero por una vulnerabilidad separada. • https://access.redhat.com/errata/RHSA-2023:7712 • CWE-693: Protection Mechanism Failure •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-43656 – Sandbox escape for instances that have enabled transformation functions in matrix-hookshot
https://notcve.org/view.php?id=CVE-2023-43656
27 Sep 2023 — Instances that have enabled transformation functions (those that have `generic.allowJsTransformationFunctions` in their config), may be vulnerable to an attack where it is possible to break out of the `vm2` sandbox and as a result Hookshot will be vulnerable to this. ... Version 4.5.0 and above of hookshot include a new sandbox library which should better protect users. ... La versión 4.5.0 y superiores de hookshot incluyen una nueva biblioteca sandbox que debería proteger mejor a los u... • https://github.com/matrix-org/matrix-hookshot/commit/dc126afa6af86d66aefcd23a825326f405bcc894 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5170 – Gentoo Linux Security Advisory 202401-10
https://notcve.org/view.php?id=CVE-2023-5170
27 Sep 2023 — This memory leak could be used to effect a sandbox escape if the correct data was leaked. ... Esta pérdida de memoria podría usarse para efectuar un escape de la sandbox si se filtraron los datos correctos. • https://bugzilla.mozilla.org/show_bug.cgi?id=1846686 • CWE-401: Missing Release of Memory after Effective Lifetime •