CVSS: 9.6EPSS: 2%CPEs: 5EXPL: 0CVE-2021-21223 – Debian Security Advisory 4906-1
https://notcve.org/view.php?id=CVE-2021-21223
26 Apr 2021 — Integer overflow in Mojo in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_20.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.6EPSS: 0%CPEs: 5EXPL: 0CVE-2021-21207 – Debian Security Advisory 4906-1
https://notcve.org/view.php?id=CVE-2021-21207
26 Apr 2021 — Use after free in IndexedDB in Google Chrome prior to 90.0.4430.72 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. • https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_14.html • CWE-416: Use After Free •
CVSS: 9.6EPSS: 1%CPEs: 5EXPL: 0CVE-2021-21201 – Debian Security Advisory 4906-1
https://notcve.org/view.php?id=CVE-2021-21201
26 Apr 2021 — Use after free in permissions in Google Chrome prior to 90.0.4430.72 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_14.html • CWE-416: Use After Free •
CVSS: 8.6EPSS: 0%CPEs: 5EXPL: 0CVE-2021-21202 – Debian Security Advisory 4906-1
https://notcve.org/view.php?id=CVE-2021-21202
26 Apr 2021 — Use after free in extensions in Google Chrome prior to 90.0.4430.72 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. • https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_14.html • CWE-416: Use After Free •
CVSS: 7.4EPSS: 0%CPEs: 4EXPL: 1CVE-2021-21198 – Debian Security Advisory 4886-1
https://notcve.org/view.php?id=CVE-2021-21198
09 Apr 2021 — Out of bounds read in IPC in Google Chrome prior to 89.0.4389.114 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. • https://packetstorm.news/files/id/162973 • CWE-125: Out-of-bounds Read •
CVSS: 8.2EPSS: 0%CPEs: 4EXPL: 0CVE-2021-21381 – Sandbox escape via special tokens in .desktop file
https://notcve.org/view.php?id=CVE-2021-21381
11 Mar 2021 — Como solución, evite instalar aplicaciones Flatpak de fuentes no fiables, o compruebe el contenido de los archivos exportados ".desktop" en "exports/share/applications/*.desktop" (normalmente "~/.local/share/flatpak/exports/share/applications/*.desktop" y "/var/lib/flatpak/exports/share/applications/*.desktop") para asegurarse de que los nombres literales de los archivos no siguen "@@" o "@@u" A sandbox escape flaw was found in the way flatpak handled special tokens in ".desktop" files. • https://github.com/flatpak/flatpak/commit/8279c5818425b6812523e3805bbe242fb6a5d961 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-284: Improper Access Control •
CVSS: 9.0EPSS: 10%CPEs: 28EXPL: 0CVE-2020-13936 – Velocity Sandbox Bypass
https://notcve.org/view.php?id=CVE-2020-13936
10 Mar 2021 — An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache Velocity Engine versions up to 2.2. Un atacante que es capaz de modificar las plantillas de Velocity puede ejecutar código Java arbitrario o ejecutar comandos de sistema arbitrarios con los mismos privilegios que la... • http://www.openwall.com/lists/oss-security/2021/03/10/1 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-20263 – Gentoo Linux Security Advisory 202208-27
https://notcve.org/view.php?id=CVE-2021-20263
09 Mar 2021 —  En raras ocasiones, un usuario malicioso podría usar este fallo para elevar sus privilegios dentro del invitado Multiple vulnerabilities have been discovered in QEMU, the worst of which could result in remote code execution (guest sandbox escape). • https://bugzilla.redhat.com/show_bug.cgi?id=1933668 • CWE-281: Improper Preservation of Permissions •
CVSS: 9.6EPSS: 1%CPEs: 4EXPL: 1CVE-2021-21155 – Debian Security Advisory 4858-1
https://notcve.org/view.php?id=CVE-2021-21155
22 Feb 2021 — Heap buffer overflow in Tab Strip in Google Chrome on Windows prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_16.html • CWE-787: Out-of-bounds Write •
CVSS: 9.6EPSS: 1%CPEs: 3EXPL: 1CVE-2021-21154 – Debian Security Advisory 4858-1
https://notcve.org/view.php?id=CVE-2021-21154
22 Feb 2021 — Heap buffer overflow in Tab Strip in Google Chrome prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_16.html • CWE-787: Out-of-bounds Write •