CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2020-35506 – Gentoo Linux Security Advisory 202208-27
https://notcve.org/view.php?id=CVE-2020-35506
28 May 2021 —  Este fallo permite a un usuario invitado privilegiado bloquear el proceso QEMU en el host, resultando en una denegación de servicio o una posible ejecución de código con los privilegios del proceso QEMU Multiple vulnerabilities have been discovered in QEMU, the worst of which could result in remote code execution (guest sandbox escape). • http://www.openwall.com/lists/oss-security/2021/04/16/3 • CWE-416: Use After Free •
CVSS: 6.0EPSS: 0%CPEs: 3EXPL: 0CVE-2020-35504 – Gentoo Linux Security Advisory 202208-27
https://notcve.org/view.php?id=CVE-2020-35504
28 May 2021 —  La mayor amenaza de esta vulnerabilidad es la disponibilidad del sistema Multiple vulnerabilities have been discovered in QEMU, the worst of which could result in remote code execution (guest sandbox escape). • http://www.openwall.com/lists/oss-security/2021/04/16/3 • CWE-476: NULL Pointer Dereference •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-32629 – Memory access due to code generation flaw in Cranelift module
https://notcve.org/view.php?id=CVE-2021-32629
24 May 2021 — There is a bug in 0.73 of the Cranelift x64 backend that can create a scenario that could result in a potential sandbox escape in a Wasm program. ... Under these circumstances there is a potential sandbox escape when the i32 value is a pointer. ... Bajo estas circunstancias hay un potencial escape de la caja de arena cuando el valor i32 es un puntero. • https://crates.io/crates/cranelift-codegen • CWE-125: Out-of-bounds Read CWE-681: Incorrect Conversion between Numeric Types CWE-788: Access of Memory Location After End of Buffer •
CVSS: 5.2EPSS: 0%CPEs: 2EXPL: 0CVE-2021-21264 – Bypass of fix for CVE-2020-26231, Twig sandbox escape
https://notcve.org/view.php?id=CVE-2021-21264
03 May 2021 — An authenticated backend user with the `cms.manage_pages`, `cms.manage_layouts`, or `cms.manage_partials` permissions who would **normally** not be permitted to provide PHP code to be executed by the CMS due to `cms.enableSafeMode` being enabled is able to write specific Twig code to escape the Twig sandbox and execute arbitrary PHP. ... Un usuario de back-end autenticado con los permisos "cms.manage_pages", "cms.manage_layouts" o "cms.manage_partials" que **normalmente** no podría proporciona... • https://github.com/octobercms/october/security/advisories/GHSA-fcr8-6q7r-m4wg • CWE-862: Missing Authorization •
CVSS: 9.6EPSS: 1%CPEs: 5EXPL: 0CVE-2021-21226 – Debian Security Advisory 4906-1
https://notcve.org/view.php?id=CVE-2021-21226
26 Apr 2021 — Use after free in navigation in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Un uso de la memoria previamente liberada en navigation en Google Chrome versiones anteriores a 90.0.4430.85, permitía a un atacante remoto que había comprometido el proceso del renderizador llevar a cabo potencialmente un escape del sandbox por medio de una página HTML diseñada Mult... • https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_20.html • CWE-416: Use After Free •
CVSS: 9.6EPSS: 2%CPEs: 5EXPL: 0CVE-2021-21223 – Debian Security Advisory 4906-1
https://notcve.org/view.php?id=CVE-2021-21223
26 Apr 2021 — Integer overflow in Mojo in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Un desbordamiento de enteros en Mojo en Google Chrome versiones anteriores a 90.0.4430.85, permitió a un atacante remoto que había comprometido el proceso del renderizador llevar a cabo potencialmente un escape del sandbox por medio de una página HTML diseñada Multiple vulnerabilities ha... • https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_20.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.6EPSS: 0%CPEs: 5EXPL: 0CVE-2021-21207 – Debian Security Advisory 4906-1
https://notcve.org/view.php?id=CVE-2021-21207
26 Apr 2021 — Use after free in IndexedDB in Google Chrome prior to 90.0.4430.72 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. Un uso de la memoria previamente liberada en IndexedDB en Google Chrome versiones anteriores a 90.0.4430.72, permitía a un atacante convencer a un usuario de instalar una extensión maliciosa para llevar a cabo potencialmente un escape del sandbox por medio de una extensi... • https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_14.html • CWE-416: Use After Free •
CVSS: 9.6EPSS: 1%CPEs: 5EXPL: 0CVE-2021-21201 – Debian Security Advisory 4906-1
https://notcve.org/view.php?id=CVE-2021-21201
26 Apr 2021 — Use after free in permissions in Google Chrome prior to 90.0.4430.72 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Un uso de la memoria previamente liberada en permissions en Google Chrome versiones anteriores a 90.0.4430.72, permitía a un atacante remoto que había comprometido el proceso del renderizador llevar a cabo potencialmente un escape del sandbox por medio de una página HTML diseñada Mu... • https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_14.html • CWE-416: Use After Free •
CVSS: 8.6EPSS: 0%CPEs: 5EXPL: 0CVE-2021-21202 – Debian Security Advisory 4906-1
https://notcve.org/view.php?id=CVE-2021-21202
26 Apr 2021 — Use after free in extensions in Google Chrome prior to 90.0.4430.72 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. Un uso de la memoria previamente liberada en extensions de Google Chrome versiones anteriores a 90.0.4430.72, permitía a un atacante convencer a un usuario de instalar una extensión maliciosa para llevar a cabo potencialmente un escape del sandbox por medio de una exten... • https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_14.html • CWE-416: Use After Free •
CVSS: 7.4EPSS: 0%CPEs: 4EXPL: 1CVE-2021-21198 – Debian Security Advisory 4886-1
https://notcve.org/view.php?id=CVE-2021-21198
09 Apr 2021 — Out of bounds read in IPC in Google Chrome prior to 89.0.4389.114 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Una lectura fuera de límites en IPC en Google Chrome versiones anteriores a 89.0.4389.114, permitía a un atacante remoto que había comprometido el proceso del renderizador llevar a cabo potencialmente un escape del sandbox por medio de una página HTML diseñada Multiple vulnerabilities ... • https://packetstorm.news/files/id/162973 • CWE-125: Out-of-bounds Read •