CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-28699 – Gentoo Linux Security Advisory 202208-23
https://notcve.org/view.php?id=CVE-2021-28699
27 Aug 2021 — Multiple vulnerabilities have been discovered in Xen, the worst of which could result in remote code execution (guest sandbox escape). • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2VQCFAPBNGBBAOMJZG6QBREOG5IIDZID •
CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 0CVE-2021-28700 – Gentoo Linux Security Advisory 202208-23
https://notcve.org/view.php?id=CVE-2021-28700
27 Aug 2021 — Multiple vulnerabilities have been discovered in Xen, the worst of which could result in remote code execution (guest sandbox escape). • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2VQCFAPBNGBBAOMJZG6QBREOG5IIDZID • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 1%CPEs: 22EXPL: 0CVE-2021-31010 – Apple iOS, macOS, watchOS Sandbox Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2021-31010
24 Aug 2021 — A deserialization issue was addressed through improved validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 12.5.5, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. A sandboxed process may be able to circumvent sandbox restrictions. Apple was aware of a report that this issue may have been actively exploited at the time of release.. Se ha solucionado un problema de deserialización mediante una validación mejorada. • https://support.apple.com/en-us/HT212804 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.6EPSS: 0%CPEs: 4EXPL: 1CVE-2021-30571 – Gentoo Linux Security Advisory 202201-02
https://notcve.org/view.php?id=CVE-2021-30571
03 Aug 2021 — Insufficient policy enforcement in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html • CWE-863: Incorrect Authorization •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 2CVE-2021-30528 – Chrome Sandbox Escape
https://notcve.org/view.php?id=CVE-2021-30528
07 Jun 2021 — Use after free in WebAuthentication in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker who had compromised the renderer process of a user who had saved a credit card in their Google account to potentially exploit heap corruption via a crafted HTML page. Un uso de la memoria previamente liberada en WebAuthentication en Google Chrome en Android anterior a versión 91.0.4472.77, permitía a un atacante remoto que ha comprometido el proceso de renderización de un usuario que ha guardado u... • https://packetstorm.news/files/id/172844 • CWE-416: Use After Free •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2020-35506 – Gentoo Linux Security Advisory 202208-27
https://notcve.org/view.php?id=CVE-2020-35506
28 May 2021 —  Este fallo permite a un usuario invitado privilegiado bloquear el proceso QEMU en el host, resultando en una denegación de servicio o una posible ejecución de código con los privilegios del proceso QEMU Multiple vulnerabilities have been discovered in QEMU, the worst of which could result in remote code execution (guest sandbox escape). • http://www.openwall.com/lists/oss-security/2021/04/16/3 • CWE-416: Use After Free •
CVSS: 6.0EPSS: 0%CPEs: 3EXPL: 0CVE-2020-35504 – Gentoo Linux Security Advisory 202208-27
https://notcve.org/view.php?id=CVE-2020-35504
28 May 2021 —  La mayor amenaza de esta vulnerabilidad es la disponibilidad del sistema Multiple vulnerabilities have been discovered in QEMU, the worst of which could result in remote code execution (guest sandbox escape). • http://www.openwall.com/lists/oss-security/2021/04/16/3 • CWE-476: NULL Pointer Dereference •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-32629 – Memory access due to code generation flaw in Cranelift module
https://notcve.org/view.php?id=CVE-2021-32629
24 May 2021 — There is a bug in 0.73 of the Cranelift x64 backend that can create a scenario that could result in a potential sandbox escape in a Wasm program. ... Under these circumstances there is a potential sandbox escape when the i32 value is a pointer. • https://crates.io/crates/cranelift-codegen • CWE-125: Out-of-bounds Read CWE-681: Incorrect Conversion between Numeric Types CWE-788: Access of Memory Location After End of Buffer •
CVSS: 5.2EPSS: 0%CPEs: 2EXPL: 0CVE-2021-21264 – Bypass of fix for CVE-2020-26231, Twig sandbox escape
https://notcve.org/view.php?id=CVE-2021-21264
03 May 2021 — October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. A bypass of CVE-2020-26231 (fixed in 1.0.470/471 and 1.1.1) was discovered that has the same impact as CVE-2020-26231 & CVE-2020-15247. An authenticated backend user with the `cms.manage_pages`, `cms.manage_layouts`, or `cms.manage_partials` permissions who would **normally** not be permitted to provide PHP code to be executed by the CMS due to `cms.enableSafeMode` being enabled is able to write specific Twig code t... • https://github.com/octobercms/october/security/advisories/GHSA-fcr8-6q7r-m4wg • CWE-862: Missing Authorization •
CVSS: 9.6EPSS: 1%CPEs: 5EXPL: 0CVE-2021-21226 – Debian Security Advisory 4906-1
https://notcve.org/view.php?id=CVE-2021-21226
26 Apr 2021 — Use after free in navigation in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_20.html • CWE-416: Use After Free •