CVSS: 9.9EPSS: 0%CPEs: 3EXPL: 0CVE-2023-37271 – RestrictedPython vulnerable to arbitrary code execution via stack frame sandbox escape
https://notcve.org/view.php?id=CVE-2023-37271
Prior to versions 6.1 and 5.3, an attacker with access to a RestrictedPython environment can write code that gets the current stack frame in a generator and then walk the stack all the way beyond the RestrictedPython invocation boundary, thus breaking out of the restricted sandbox and potentially allowing arbitrary code execution in the Python interpreter. • https://github.com/zopefoundation/RestrictedPython/commit/c8eca66ae49081f0016d2e1f094c3d72095ef531 https://github.com/zopefoundation/RestrictedPython/security/advisories/GHSA-wqc8-x2pr-7jqh • CWE-913: Improper Control of Dynamically-Managed Code Resources •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2019-25136
https://notcve.org/view.php?id=CVE-2019-25136
A compromised child process could have injected XBL Bindings into privileged CSS rules, resulting in arbitrary code execution and a sandbox escape. This vulnerability affects Firefox < 70. • https://bugzilla.mozilla.org/show_bug.cgi?id=1530709 https://www.mozilla.org/security/advisories/mfsa2019-34 •
CVSS: 8.6EPSS: 1%CPEs: 8EXPL: 0CVE-2023-32409 – Apple Multiple Products WebKit Sandbox Escape Vulnerability
https://notcve.org/view.php?id=CVE-2023-32409
A remote attacker may be able to break out of Web Content sandbox. ... Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit contain an unspecified vulnerability that can allow a remote attacker to break out of the Web Content sandbox. • https://support.apple.com/en-us/HT213757 https://support.apple.com/en-us/HT213758 https://support.apple.com/en-us/HT213761 https://support.apple.com/en-us/HT213762 https://support.apple.com/en-us/HT213764 https://support.apple.com/en-us/HT213842 •
CVSS: 9.6EPSS: 0%CPEs: 6EXPL: 0CVE-2023-32680 – Missing SQL permissions check in metabase
https://notcve.org/view.php?id=CVE-2023-32680
They could edit snippets via the API or, in the application UI, when editing the metadata for a model based on a SQL question, and people in sandboxed groups could edit a SQL snippet used in a query that creates their sandbox. • https://github.com/metabase/metabase/pull/30852 https://github.com/metabase/metabase/pull/30853 https://github.com/metabase/metabase/pull/30854 https://github.com/metabase/metabase/security/advisories/GHSA-mw6j-f894-4qxv • CWE-306: Missing Authentication for Critical Function •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 1CVE-2023-32314 – Sandbox Escape
https://notcve.org/view.php?id=CVE-2023-32314
vm2 is a sandbox that can run untrusted code with Node's built-in modules. A sandbox escape vulnerability exists in vm2 for versions up to and including 3.9.17. ... As a result a threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. ... A flaw was found in the vm2 sandbox. When a host object is created based on the specification of Proxy, an attacker can bypass the sandbox protections. • https://gist.github.com/arkark/e9f5cf5782dec8321095be3e52acf5ac https://github.com/patriksimek/vm2/commit/d88105f99752305c5b8a77b63ddee3ec86912daf https://github.com/patriksimek/vm2/releases/tag/3.9.18 https://github.com/patriksimek/vm2/security/advisories/GHSA-whpj-8f3w-67p5 https://access.redhat.com/security/cve/CVE-2023-32314 https://bugzilla.redhat.com/show_bug.cgi?id=2208376 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •