Page 15 of 441 results (0.012 seconds)

CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 1

delight-nashorn-sandbox 0.2.4 and 0.2.5 is vulnerable to sandbox escape. • https://github.com/javadelight/delight-nashorn-sandbox/issues/135 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •

CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 4

vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. ... A threat actor could bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. ... This flaw allows a remote, unauthenticated attacker to escape the restrictions of the sandbox and execute code on the host. • https://github.com/timb-machine-mirrors/seongil-wi-CVE-2023-29017 https://github.com/passwa11/CVE-2023-29017-reverse-shell https://gist.github.com/seongil-wi/2a44e082001b959bfe304b62121fb76d https://github.com/patriksimek/vm2/commit/d534e5785f38307b70d3aac1945260a261a94d50 https://github.com/patriksimek/vm2/issues/515 https://github.com/patriksimek/vm2/security/advisories/GHSA-7jxr-cg7f-gpgv https://access.redhat.com/security/cve/CVE-2023-29017 https://bugzilla.redhat.com/show_bug.cgi?id=2185374 • CWE-755: Improper Handling of Exceptional Conditions CWE-913: Improper Control of Dynamically-Managed Code Resources •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

Reflected XSS (via AngularJS sandbox escape expressions) exists in Progress Ipswitch WS_FTP Server 8.6.0. • https://github.com/dievus/CVE-2022-27665 https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023 https://docs.ipswitch.com/WS_FTP_Server2020/ReleaseNotes/index.htm • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

The JS package webpack is vulnerable to Sandbox Bypass in versions up to, and including, 5.75.0 due to mishandling magic comments. • https://github.com/webpack/webpack/compare/v5.75.0...v5.76.0 https://github.com/webpack/webpack/pull/16500 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AU7BOXTBK3KDYSWH67ASZ22TUIOZ3X5G https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PPSAXUTXBCCTAHTCX5BUR4YVP25XALQ3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U2AFCM6FFE3LRYI6KNEQWKMXMQOBZQ2D https://access.redhat.com/security/cve/CVE-2023&# • CWE-269: Improper Privilege Management •

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 2

This can be exploited to escape the Vega expression sandbox in order to execute arbitrary JavaScript. • https://github.com/vega/vega/releases/tag/v5.23.0 https://github.com/vega/vega/security/advisories/GHSA-4vq7-882g-wcg4 https://github.dev/vega/vega/blob/72b9b3bbf912212e7879b6acaccc84aff969ef1c/packages/vega-functions/src/functions/scale.js#L36-L37 https://github.dev/vega/vega/blob/72b9b3bbf912212e7879b6acaccc84aff969ef1c/packages/vega-functions/src/scales.js#L6 https://vega.github.io/editor/#/url/vega/N4IgJAzgxgFgpgWwIYgFwhgF0wBwqgegIDc4BzJAOjIEtMYBXAI0poHsDp5kTykSArJQBWENgDsQAGhAATJJhSoA2qHFIEcNCAAaAZT0ACAApsAwtJDEkAGwZwIaZQEYAujMwAnJOIgAzNk8EJ1BMAE8cLXQAoIYbFBkkR3QNNgZ • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •