CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 2CVE-2023-26486 – Vega `scale` expression function cross site scripting
https://notcve.org/view.php?id=CVE-2023-26486
03 Mar 2023 — This can be exploited to escape the Vega expression sandbox in order to execute arbitrary JavaScript. • https://github.com/vega/vega/releases/tag/v5.23.0 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 12%CPEs: 1EXPL: 0CVE-2023-25764
https://notcve.org/view.php?id=CVE-2023-25764
15 Feb 2023 — Jenkins Email Extension Plugin 2.93 and earlier does not escape, sanitize, or sandbox rendered email template output or log output generated during template rendering, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create or change custom email templates. • http://www.openwall.com/lists/oss-security/2023/02/15/4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-24422 – jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin
https://notcve.org/view.php?id=CVE-2023-24422
24 Jan 2023 — A sandbox bypass vulnerability involving map constructors in Jenkins Script Security Plugin 1228.vd93135a_2fb_25 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM. Una vulnerabilidad de omisión de la sandbox que involucra constructores de mapas en Jenkins Script Security Plugin 1228.vd93135a_2fb_25 y versiones anteriores per... • https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-3016 • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 14%CPEs: 1EXPL: 1CVE-2019-13768
https://notcve.org/view.php?id=CVE-2019-13768
02 Jan 2023 — Use after free in FileAPI in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 266EXPL: 0CVE-2022-31696 – VMware ESXi TCP/IP Memory Corruption Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-31696
13 Dec 2022 — A malicious actor with local access to ESXi may exploit this issue to corrupt memory leading to an escape of the ESXi sandbox. ... Un actor malintencionado con acceso local a ESXi puede aprovechar este problema para dañar la memoria y provocar un escape del entorno limitado de ESXi. • https://www.vmware.com/security/advisories/VMSA-2022-0030.html • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 1CVE-2022-4135 – Google Chromium GPU Heap Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2022-4135
25 Nov 2022 — Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) El desbordamiento del búfer de montón en GPU en Google Chrome anterior a 107.0.5304.121 permitió a un atacante remoto que había comprometido el proceso de renderizado realizar potencialmente un escape de la zona de pruebas a través de una página HTML mani... • https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_24.html • CWE-787: Out-of-bounds Write •
CVSS: 9.6EPSS: 0%CPEs: 2EXPL: 0CVE-2022-3890 – Debian Security Advisory 5275-1
https://notcve.org/view.php?id=CVE-2022-3890
09 Nov 2022 — Heap buffer overflow in Crashpad in Google Chrome on Android prior to 107.0.5304.106 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) El desbordamiento del búfer de montón en Crashpad en Google Chrome en Android anterior a 107.0.5304.106 permitió a un atacante remoto que había comprometido el proceso de renderizado realizar potencialmente un escape de la zona de pruebas ... • https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop.html • CWE-787: Out-of-bounds Write •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43401 – jenkins-plugin/script-security: Sandbox bypass vulnerabilities in Jenkins Script Security Plugin
https://notcve.org/view.php?id=CVE-2022-43401
19 Oct 2022 — Una vulnerabilidad de omisión del sandbox que involucra varios moldes llevados a cabo implícitamente por el tiempo de ejecución del lenguaje Groovy en Jenkins Script Security Plugin versiones 1183.v774b_0b_0a_a_451 y anteriores, permite a atacantes con permiso para definir y ejecutar scripts en sandbox, incluyendo Pipelines, omitir la protección del sandbox y ejecutar código arbitrario en el contexto de la JVM del controlador de Jenkins A sandbox bypass vulnerability was f... • http://www.openwall.com/lists/oss-security/2022/10/19/3 • CWE-693: Protection Mechanism Failure •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43402 – jenkins-plugin/workflow-cps: Sandbox bypass vulnerabilities in Pipeline: Groovy Plugin
https://notcve.org/view.php?id=CVE-2022-43402
19 Oct 2022 — Una vulnerabilidad de omisión del sandbox que involucra varios lanzamientos llevados a cabo implícitamente por el tiempo de ejecución del lenguaje Groovy en Jenkins Pipeline: Groovy Plugin versiones 2802.v5ea_628154b_c2 y anteriores, permite a atacantes con permiso para definir y ejecutar scripts con sandbox, incluyendo Pipelines, omitir la protección del sandbox y ejecutar código arbitrario en el contexto de la JVM del controlador de Jenkins A sandbox bypass vulnerability... • http://www.openwall.com/lists/oss-security/2022/10/19/3 • CWE-693: Protection Mechanism Failure •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43403 – jenkins-plugin/script-security: Sandbox bypass vulnerabilities in Jenkins Script Security Plugin
https://notcve.org/view.php?id=CVE-2022-43403
19 Oct 2022 — A sandbox bypass vulnerability involving casting an array-like value to an array type in Jenkins Script Security Plugin 1183.v774b_0b_0a_a_451 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM. Una vulnerabilidad de omisión del sandbox que involucra la fundición de un valor de tipo array a un tipo de array en Jenkins Script ... • http://www.openwall.com/lists/oss-security/2022/10/19/3 • CWE-693: Protection Mechanism Failure •