CVSS: 7.8EPSS: 3%CPEs: 5EXPL: 0CVE-2023-4050 – Mozilla: Stack buffer overflow in StorageManager
https://notcve.org/view.php?id=CVE-2023-4050
01 Aug 2023 — This resulted in a potentially exploitable crash which could have led to a sandbox escape. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. ... This resulted in a potentially exploitable crash which could have led to a sandbox escape. • https://bugzilla.mozilla.org/show_bug.cgi?id=1843038 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4924
https://notcve.org/view.php?id=CVE-2022-4924
28 Jul 2023 — Use after free in WebRTC in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop.html • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4920
https://notcve.org/view.php?id=CVE-2022-4920
28 Jul 2023 — Heap buffer overflow in Blink in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_26.html • CWE-787: Out-of-bounds Write •
CVSS: 8.6EPSS: 1%CPEs: 3EXPL: 1CVE-2023-32364 – Apple Security Advisory 2023-07-24-4
https://notcve.org/view.php?id=CVE-2023-32364
26 Jul 2023 — A sandboxed process may be able to circumvent sandbox restrictions. macOS Ventura 13.5 addresses bypass, code execution, out of bounds read, and use-after-free vulnerabilities. • https://github.com/gergelykalman/CVE-2023-32364-macos-app-sandbox-escape •
CVSS: 8.6EPSS: 0%CPEs: 2EXPL: 0CVE-2023-32437 – Apple Security Advisory 2023-07-24-2
https://notcve.org/view.php?id=CVE-2023-32437
26 Jul 2023 — An app may be able to break out of its sandbox. iOS 16.6 and iPadOS 16.6 addresses bypass, code execution, and use-after-free vulnerabilities. • https://support.apple.com/en-us/HT213841 •
CVSS: 10.0EPSS: 33%CPEs: 1EXPL: 1CVE-2023-37903 – Sandbox Escape in vm2
https://notcve.org/view.php?id=CVE-2023-37903
21 Jul 2023 — vm2 is an open source vm/sandbox for Node.js. In vm2 for versions up to and including 3.9.19, Node.js custom inspect function allows attackers to escape the sandbox and run arbitrary code. This may result in Remote Code Execution, assuming the attacker has arbitrary code execution primitive inside the context of vm2 sandbox. ... A flaw was found in the vm2 custom inspect function, which allows attackers to escape the sandbox. ... Issues addressed include bypass and privile... • https://github.com/7h3h4ckv157/CVE-2023-37903 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 3.7EPSS: 0%CPEs: 24EXPL: 0CVE-2023-22049 – OpenJDK: improper handling of slash characters in URI-to-path conversion (8305312)
https://notcve.org/view.php?id=CVE-2023-22049
18 Jul 2023 — ., code that comes from the internet) and rely on the Java sandbox for security. • https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 3.1EPSS: 0%CPEs: 20EXPL: 0CVE-2023-22006 – OpenJDK: HTTP client insufficient file name validation (8302475)
https://notcve.org/view.php?id=CVE-2023-22006
18 Jul 2023 — ., code that comes from the internet) and rely on the Java sandbox for security. • https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 1CVE-2023-38286
https://notcve.org/view.php?id=CVE-2023-38286
14 Jul 2023 — Thymeleaf through 3.1.1.RELEASE, as used in spring-boot-admin (aka Spring Boot Admin) through 3.1.1 and other products, allows sandbox bypass via crafted HTML. • https://github.com/p1n93r/SpringBootAdmin-thymeleaf-SSTI • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 14%CPEs: 1EXPL: 2CVE-2023-37466 – vm2 Sandbox Escape vulnerability
https://notcve.org/view.php?id=CVE-2023-37466
13 Jul 2023 — vm2 is an advanced vm/sandbox for Node.js. ... In vm2 for versions up to 3.9.19, `Promise` handler sanitization can be bypassed with the `@@species` accessor property allowing attackers to escape the sandbox and run arbitrary code, potentially allowing remote code execution inside the context of vm2 sandbox. vm2 es una máquina virtual/sandbox avanzada para Node.js. ... A flaw was found in the vm2 Promise handler sanitization, which allows attackers to escape the sandbox. • https://packetstorm.news/files/id/177623 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •