CVSS: 9.6EPSS: 46%CPEs: 3EXPL: 0CVE-2021-30633 – Google Chromium Indexed DB API Use-After-Free Vulnerability
https://notcve.org/view.php?id=CVE-2021-30633
08 Oct 2021 — Un uso de memoria previamente liberada en la API de la base de datos Indexada en Google Chrome versiones anteriores a 93.0.4577.82, permitía a un atacante remoto que hubiera comprometido el proceso del renderizador llevar a cabo potencialmente un escape de sandbox por medio de una página HTML diseñada Google Chromium Indexed DB API contains a use-after-free vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML... • https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop.html • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-41133 – Sandbox bypass via recent VFS-manipulating syscalls
https://notcve.org/view.php?id=CVE-2021-41133
08 Oct 2021 — Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.4 and 1.12.0, Flatpak apps with direct access to AF_UNIX sockets such as those used by Wayland, Pipewire or pipewire-pulse can trick portals and other host-OS services into treating the Flatpak app as though it was an ordinary, non-sandboxed host-OS process. They can do this by manipulating the VFS using recent mount-related syscalls that are not blocked by Flatpak's denylist seccom... • http://www.openwall.com/lists/oss-security/2021/10/26/9 • CWE-20: Improper Input Validation •
CVSS: 7.6EPSS: 0%CPEs: 5EXPL: 0CVE-2021-28702 – Gentoo Linux Security Advisory 202208-23
https://notcve.org/view.php?id=CVE-2021-28702
06 Oct 2021 — Las subsiguientes DMA o interrupciones del dispositivo tendrán un comportamiento impredecible, que va desde fallos de IOMMU hasta corrupción de memoria Multiple vulnerabilities have been discovered in Xen, the worst of which could result in remote code execution (guest sandbox escape). • http://www.openwall.com/lists/oss-security/2021/10/07/2 • CWE-269: Improper Privilege Management •
CVSS: 9.9EPSS: 2%CPEs: 1EXPL: 1CVE-2021-32835 – Groovy Sandbox escape in Eclipse Keti
https://notcve.org/view.php?id=CVE-2021-32835
09 Sep 2021 — In Keti a sandbox escape vulnerability may lead to post-authentication Remote Code execution. • https://securitylab.github.com/advisories/GHSL-2021-063-eclipse-keti • CWE-693: Protection Mechanism Failure •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2021-28701 – Gentoo Linux Security Advisory 202208-23
https://notcve.org/view.php?id=CVE-2021-28701
08 Sep 2021 — Desafortunadamente, cuando fue preparada la XSA-379, no se advirtió este problema similar Multiple vulnerabilities have been discovered in Xen, the worst of which could result in remote code execution (guest sandbox escape). • http://www.openwall.com/lists/oss-security/2021/09/08/2 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 0CVE-2021-28695 – Gentoo Linux Security Advisory 202208-23
https://notcve.org/view.php?id=CVE-2021-28695
27 Aug 2021 — Multiple vulnerabilities have been discovered in Xen, the worst of which could result in remote code execution (guest sandbox escape). • http://www.openwall.com/lists/oss-security/2021/09/01/1 •
CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 0CVE-2021-28696 – Gentoo Linux Security Advisory 202208-23
https://notcve.org/view.php?id=CVE-2021-28696
27 Aug 2021 — Multiple vulnerabilities have been discovered in Xen, the worst of which could result in remote code execution (guest sandbox escape). • http://www.openwall.com/lists/oss-security/2021/09/01/1 • CWE-863: Incorrect Authorization •
CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 0CVE-2021-28694 – Gentoo Linux Security Advisory 202208-23
https://notcve.org/view.php?id=CVE-2021-28694
27 Aug 2021 — Multiple vulnerabilities have been discovered in Xen, the worst of which could result in remote code execution (guest sandbox escape). • http://www.openwall.com/lists/oss-security/2021/09/01/1 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2021-28697 – Gentoo Linux Security Advisory 202208-23
https://notcve.org/view.php?id=CVE-2021-28697
27 Aug 2021 — Multiple vulnerabilities have been discovered in Xen, the worst of which could result in remote code execution (guest sandbox escape). • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2VQCFAPBNGBBAOMJZG6QBREOG5IIDZID • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-28698 – Gentoo Linux Security Advisory 202208-23
https://notcve.org/view.php?id=CVE-2021-28698
27 Aug 2021 — Multiple vulnerabilities have been discovered in Xen, the worst of which could result in remote code execution (guest sandbox escape). • http://www.openwall.com/lists/oss-security/2021/09/01/2 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •