CVSS: 9.6EPSS: 1%CPEs: 3EXPL: 0CVE-2020-6461 – chromium-browser: Use after free in storage
https://notcve.org/view.php?id=CVE-2020-6461
30 Apr 2020 — Use after free in storage in Google Chrome prior to 81.0.4044.129 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_27.html • CWE-416: Use After Free •
CVSS: 9.6EPSS: 1%CPEs: 3EXPL: 0CVE-2020-6462 – chromium-browser: Use after free in task scheduling
https://notcve.org/view.php?id=CVE-2020-6462
30 Apr 2020 — Use after free in task scheduling in Google Chrome prior to 81.0.4044.129 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_27.html • CWE-416: Use After Free •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2020-12079
https://notcve.org/view.php?id=CVE-2020-12079
23 Apr 2020 — Beaker before 0.8.9 allows a sandbox escape, enabling system access and code execution. • https://github.com/beakerbrowser/beaker/issues/1519 • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 9.6EPSS: 1%CPEs: 3EXPL: 0CVE-2020-6457 – chromium-browser: Use after free in speech recognizer
https://notcve.org/view.php?id=CVE-2020-6457
21 Apr 2020 — Use after free in speech recognizer in Google Chrome prior to 81.0.4044.113 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_15.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2012-6302
https://notcve.org/view.php?id=CVE-2012-6302
24 Jan 2020 — Soapbox through 0.3.1: Sandbox bypass - runs a second instance of Soapbox within a sandboxed Soapbox. • http://www.openwall.com/lists/oss-security/2012/12/10/1 • CWE-269: Improper Privilege Management •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-16538 – jenkins-script-security-plugin: sandbox protection bypass leads to execute arbitrary code in sandboxed scripts
https://notcve.org/view.php?id=CVE-2019-16538
21 Nov 2019 — A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.67 and earlier related to the handling of default parameter expressions in closures allowed attackers to execute arbitrary code in sandboxed scripts. ... A sandbox bypass flaw was found in the Jenkins Script Security Plugin versions 1.67 and earlier, that are related to the handling of closure default parameter expressions. • http://www.openwall.com/lists/oss-security/2019/11/21/1 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-863: Incorrect Authorization •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0CVE-2019-5870 – chromium-browser: Use-after-free in media
https://notcve.org/view.php?id=CVE-2019-5870
29 Oct 2019 — Use after free in media in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html • CWE-416: Use After Free •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2019-10431 – jenkins-script-security: Sandbox bypass vulnerability in Script Security Plugin
https://notcve.org/view.php?id=CVE-2019-10431
01 Oct 2019 — A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.64 and earlier related to the handling of default parameter expressions in constructors allowed attackers to execute arbitrary code in sandboxed scripts. • http://www.openwall.com/lists/oss-security/2019/10/01/2 • CWE-20: Improper Input Validation CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.8EPSS: 0%CPEs: 22EXPL: 0CVE-2019-12668 – Cisco IOS and IOS XE Software Stored Banner Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2019-12668
25 Sep 2019 — A vulnerability in the web framework code of Cisco IOS and Cisco IOS XE Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of the affected software using the banner parameter. The vulnerability is due to insufficient input validation of the banner parameters that are passed to the web server of the affected software. An attacker could exploit this vulnerability by crafting a banner parameter and saving it. The atta... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-sbxss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2019-10393 – jenkins-script-security-plugin: handling of method names in method call expressions allowed attackers to execute arbitrary code in sandboxed scripts
https://notcve.org/view.php?id=CVE-2019-10393
12 Sep 2019 — A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of method names in method call expressions allowed attackers to execute arbitrary code in sandboxed scripts. • http://www.openwall.com/lists/oss-security/2019/09/12/2 • CWE-94: Improper Control of Generation of Code ('Code Injection') •