CVE-2023-41880 – Miscompilation of wasm `i64x2.shr_s` instruction with constant input on x86_64
https://notcve.org/view.php?id=CVE-2023-41880
The primary impact of this issue is that any WebAssembly program using the `i64x2.shr_s` with a constant shift amount larger than 32 may produce an incorrect result. This issue is not an escape from the WebAssembly sandbox. ... Este problema no es un escape del entorno limitado de WebAssembly. • https://docs.rs/wasmtime/latest/wasmtime/struct.Config.html#method.wasm_simd https://github.com/bytecodealliance/wasmtime/commit/8d7eda15b0badcbea83a7aac2d08f80788b59240 https://github.com/bytecodealliance/wasmtime/pull/6372 https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-gw5p-q8mj-p7gh https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-gw5p-q8mj-p7gh#:~:text=Mailing%20list%20announcement • CWE-193: Off-by-one Error •
CVE-2023-4576
https://notcve.org/view.php?id=CVE-2023-4576
On Windows, an integer overflow could occur in `RecordedSourceSurfaceCreation` which resulted in a heap buffer overflow potentially leaking sensitive data that could have led to a sandbox escape. *This bug only affects Firefox on Windows. ... En Windows, podría ocurrir un desbordamiento de enteros en `RecordedSourceSurfaceCreation`, lo que resultó en un desbordamiento del búfer que podría filtrar datos confidenciales que podrían haber llevado a un escape de la sandbox. • https://bugzilla.mozilla.org/show_bug.cgi?id=1846694 https://www.mozilla.org/security/advisories/mfsa2023-34 https://www.mozilla.org/security/advisories/mfsa2023-35 https://www.mozilla.org/security/advisories/mfsa2023-36 https://www.mozilla.org/security/advisories/mfsa2023-37 https://www.mozilla.org/security/advisories/mfsa2023-38 • CWE-190: Integer Overflow or Wraparound •
CVE-2023-41039 – Sandbox escape via various forms of "format" in RestrictedPython
https://notcve.org/view.php?id=CVE-2023-41039
RestrictedPython is a restricted execution environment for Python to run untrusted code. Python's "format" functionality allows someone controlling the format string to "read" all objects accessible through recursive attribute lookup and subscription from objects he can access. This can lead to critical information disclosure. With `RestrictedPython`, the format functionality is available via the `format` and `format_map` methods of `str` (and `unicode`) (accessed either via the class or its instances) and via `string.Formatter`. All known versions of `RestrictedPython` are vulnerable. • https://github.com/zopefoundation/RestrictedPython/commit/4134aedcff17c977da7717693ed89ce56d54c120 https://github.com/zopefoundation/RestrictedPython/security/advisories/GHSA-xjw2-6jm9-rf67 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVE-2023-3494 – bhyve privileged guest escape via fwctl
https://notcve.org/view.php?id=CVE-2023-3494
Malicious, privileged software running in a guest VM can exploit the buffer overflow to achieve code execution on the host in the bhyve userspace process, which typically runs as root, mitigated by the capabilities assigned through the Capsicum sandbox available to the bhyve process. • https://security.FreeBSD.org/advisories/FreeBSD-SA-23:07.bhyve.asc https://security.netapp.com/advisory/ntap-20230831-0006 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2023-4050 – Mozilla: Stack buffer overflow in StorageManager
https://notcve.org/view.php?id=CVE-2023-4050
This resulted in a potentially exploitable crash which could have led to a sandbox escape. ... This resulted in a potentially exploitable crash which could have led to a sandbox escape. • https://bugzilla.mozilla.org/show_bug.cgi?id=1843038 https://lists.debian.org/debian-lts-announce/2023/08/msg00008.html https://lists.debian.org/debian-lts-announce/2023/08/msg00010.html https://www.debian.org/security/2023/dsa-5464 https://www.debian.org/security/2023/dsa-5469 https://www.mozilla.org/security/advisories/mfsa2023-29 https://www.mozilla.org/security/advisories/mfsa2023-30 https://www.mozilla.org/security/advisories/mfsa2023-31 https://access.redhat.com/security • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •