CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40455 – Apple Security Advisory 09-26-2023-2
https://notcve.org/view.php?id=CVE-2023-40455
26 Sep 2023 — A sandboxed process may be able to circumvent sandbox restrictions. ... Un proceso en la zona protegida puede ser capaz de omitir las restricciones de la sandbox. macOS Sonoma 14 addresses buffer overflow, bypass, code execution, out of bounds read, resource exhaustion, spoofing, and use-after-free vulnerabilities. • http://seclists.org/fulldisclosure/2023/Oct/3 •
CVSS: 8.6EPSS: 0%CPEs: 5EXPL: 1CVE-2023-40448 – Apple Security Advisory 09-26-2023-8
https://notcve.org/view.php?id=CVE-2023-40448
26 Sep 2023 — A remote attacker may be able to break out of Web Content sandbox. ... Un atacante remoto puede escapar de la sandbox del Contenido Web. macOS Sonoma 14 addresses buffer overflow, bypass, code execution, out of bounds read, resource exhaustion, spoofing, and use-after-free vulnerabilities. • https://github.com/w0wbox/CVE-2023-40448 •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38586 – Apple Security Advisory 09-26-2023-2
https://notcve.org/view.php?id=CVE-2023-38586
26 Sep 2023 — An access issue was addressed with additional sandbox restrictions. ... A sandboxed process may be able to circumvent sandbox restrictions. Se solucionó un problema de acceso con restricciones adicionales de la sandbox. ... Un proceso de la zona protegida puede eludir las restricciones de la sandbox. macOS Sonoma 14 addresses buffer overflow, bypass, code execution, out of bounds read, resource exhaustion, spoofing, and use-after-free vulnerabilities. • http://seclists.org/fulldisclosure/2023/Oct/3 •
CVSS: 8.6EPSS: 0%CPEs: 5EXPL: 0CVE-2023-4576 – Gentoo Linux Security Advisory 202402-25
https://notcve.org/view.php?id=CVE-2023-4576
11 Sep 2023 — On Windows, an integer overflow could occur in `RecordedSourceSurfaceCreation` which resulted in a heap buffer overflow potentially leaking sensitive data that could have led to a sandbox escape. *This bug only affects Firefox on Windows. ... En Windows, podría ocurrir un desbordamiento de enteros en `RecordedSourceSurfaceCreation`, lo que resultó en un desbordamiento del búfer que podría filtrar datos confidenciales que podrían haber llevado a un escape de la sandbox. ... On Windows, an integ... • https://bugzilla.mozilla.org/show_bug.cgi?id=1846694 • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-41039 – Sandbox escape via various forms of "format" in RestrictedPython
https://notcve.org/view.php?id=CVE-2023-41039
30 Aug 2023 — RestrictedPython is a restricted execution environment for Python to run untrusted code. Python's "format" functionality allows someone controlling the format string to "read" all objects accessible through recursive attribute lookup and subscription from objects he can access. This can lead to critical information disclosure. With `RestrictedPython`, the format functionality is available via the `format` and `format_map` methods of `str` (and `unicode`) (accessed either via the class or its instances) and ... • https://github.com/zopefoundation/RestrictedPython/commit/4134aedcff17c977da7717693ed89ce56d54c120 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 9.4EPSS: 0%CPEs: 9EXPL: 0CVE-2023-39402
https://notcve.org/view.php?id=CVE-2023-39402
13 Aug 2023 — Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization. • https://consumer.huawei.com/en/support/bulletin/2023/8 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-285: Improper Authorization •
CVSS: 9.4EPSS: 0%CPEs: 9EXPL: 0CVE-2023-39401
https://notcve.org/view.php?id=CVE-2023-39401
13 Aug 2023 — Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization. • https://consumer.huawei.com/en/support/bulletin/2023/8 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-285: Improper Authorization •
CVSS: 9.4EPSS: 0%CPEs: 9EXPL: 0CVE-2023-39400
https://notcve.org/view.php?id=CVE-2023-39400
13 Aug 2023 — Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization. • https://consumer.huawei.com/en/support/bulletin/2023/8 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-285: Improper Authorization •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-24698
https://notcve.org/view.php?id=CVE-2023-24698
08 Aug 2023 — Insufficient parameter validation in the Foswiki::Sandbox component of Foswiki v2.1.7 and below allows attackers to perform a directory traversal via supplying a crafted web request. • https://foswiki.org/Support/SecurityAlert-CVE-2023-24698 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-37896 – Nuclei Path Traversal vulnerability
https://notcve.org/view.php?id=CVE-2023-37896
04 Aug 2023 — The problem was related to sanitization issues with payload loading in sandbox mode. There was a potential risk with payloads loading in sandbox mode. ... The maintainers have also enabled sandbox by default for filesystem loading. ... Existía un riesgo potencial con la carga de payloads en modo sandbox. ... Los mantenedores también han habilitado sandbox por defecto para la carga del sistema de archivos. • https://github.com/projectdiscovery/nuclei/pull/3927 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •