CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-23543 – Sandbox Bypass
https://notcve.org/view.php?id=CVE-2021-23543
07 Jan 2022 — All versions of package realms-shim are vulnerable to Sandbox Bypass via a Prototype Pollution attack vector. Todas las versiones del paquete realms-shim son vulnerables a una Omisión del Sandbox por medio de un vector de ataque de Contaminación de Prototipos • https://snyk.io/vuln/SNYK-JS-REALMSSHIM-2309908 • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2021-23594 – Sandbox Bypass
https://notcve.org/view.php?id=CVE-2021-23594
07 Jan 2022 — All versions of package realms-shim are vulnerable to Sandbox Bypass via a Prototype Pollution attack vector. Todas las versiones del paquete realms-shim son vulnerables a la Omisión del Sandbox por medio de un vector de ataque de Contaminación de Prototipos • https://snyk.io/vuln/SNYK-JS-REALMSSHIM-2309907 • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 8.2EPSS: 0%CPEs: 3EXPL: 0CVE-2022-21648 – Sandbox bypass in Latte templates
https://notcve.org/view.php?id=CVE-2022-21648
04 Jan 2022 — Versions since 2.8.0 Latte has included a template sandbox and in affected versions it has been found that a sandbox escape exists allowing for injection into web pages generated from Latte. ... Desde la versión 2.8.0, Latte ha incluido un sandbox de plantillas y en las versiones afectadas se ha encontrado que se presenta un escape del sandbox que permite una inyección en páginas web generadas desde Latte. • https://github.com/nette/latte/commit/9e1b4f7d70f7a9c3fa6753ffa7d7e450a3d4abb0 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-38017 – Debian Security Advisory 5046-1
https://notcve.org/view.php?id=CVE-2021-38017
23 Dec 2021 — Insufficient policy enforcement in iframe sandbox in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Una aplicación inapropiada de políticas en iframe sandbox en Google Chrome versiones anteriores a 96.0.4664.45, permitía a un atacante remoto omitir las restricciones de navegación por medio de una página HTML diseñada Multiple security issues were discovered in Chromium, which could result in the execution of arbit... • https://chromereleases.googleblog.com/2021/11/stable-channel-update-for-desktop.html • CWE-863: Incorrect Authorization •
CVSS: 9.6EPSS: 1%CPEs: 5EXPL: 1CVE-2021-38013 – Debian Security Advisory 5046-1
https://notcve.org/view.php?id=CVE-2021-38013
23 Dec 2021 — Heap buffer overflow in fingerprint recognition in Google Chrome on ChromeOS prior to 96.0.4664.45 allowed a remote attacker who had compromised a WebUI renderer process to potentially perform a sandbox escape via a crafted HTML page. Un desbordamiento del búfer de la pila en fingerprint recognition en Google Chrome en ChromeOS versiones anteriores a 96.0.4664.45, permitía a un atacante remoto que hubiera comprometido un proceso de renderización de la WebUI llevar a cabo potencialmente ... • https://chromereleases.googleblog.com/2021/11/stable-channel-update-for-desktop.html • CWE-787: Out-of-bounds Write •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2021-43543 – Mozilla: Bypass of CSP sandbox directive when embedding
https://notcve.org/view.php?id=CVE-2021-43543
08 Dec 2021 — Documents loaded with the CSP sandbox directive could have escaped the sandbox's script restriction by embedding additional content. ... Los documentos cargados con la directiva CSP sandbox podrían escapar de la restricción de scripts del sandbox al insertar contenido adicional. ... Issues addressed include buffer overflow, bypass, denial of service, and spoofing vulnerabilities. • https://bugzilla.mozilla.org/show_bug.cgi?id=1738418 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2021-23259 – Groovy Sandbox Bypass
https://notcve.org/view.php?id=CVE-2021-23259
02 Dec 2021 — Authenticated users with Administrator or Developer roles may execute OS commands by Groovy Script which uses Groovy lib to render a webpage. The groovy script does not have security restrictions, which will cause attackers to execute arbitrary commands remotely(RCE). Los usuarios autenticados con roles de Administrador o Desarrollador pueden ejecutar comandos del sistema operativo mediante el Script Groovy que usa Groovy lib para renderizar una página web. El script groovy no presenta restricciones de segu... • https://docs.craftercms.org/en/3.1/security/advisory.html#cv-2021120102 • CWE-913: Improper Control of Dynamically-Managed Code Resources •
CVSS: 9.6EPSS: 0%CPEs: 4EXPL: 0CVE-2021-38002 – Debian Security Advisory 5046-1
https://notcve.org/view.php?id=CVE-2021-38002
23 Nov 2021 — Use after free in Web Transport in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Un uso de memoria previamente liberada en Web Transport en Google Chrome versiones anteriores a 95.0.4638.69, permitía a un atacante remoto llevar a cabo un escape de sandbox por medio de una página HTML diseñada Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, ... • https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-34994 – Commvault CommCell DataProvider JavaScript Sandbox Escape Vulnerability
https://notcve.org/view.php?id=CVE-2021-34994
22 Nov 2021 — An attacker can leverage this vulnerability to escape the JavaScript sandbox and execute Java code in the context of NETWORK SERVICE. ... Un atacante puede aprovechar esta vulnerabilidad para escapar del sandbox de JavaScript y ejecutar código Java en el contexto de NETWORK SERVICE. ... An attacker can leverage this vulnerability to escape the JavaScript sandbox and execute Java code in the context of NETWORK SERVICE. • https://www.zerodayinitiative.com/advisories/ZDI-21-1329 • CWE-20: Improper Input Validation CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-28710 – Gentoo Linux Security Advisory 202208-23
https://notcve.org/view.php?id=CVE-2021-28710
21 Nov 2021 — En consecuencia, el huésped es capaz de escribir en las entradas de la tabla de páginas hoja Multiple vulnerabilities have been discovered in Xen, the worst of which could result in remote code execution (guest sandbox escape). Versions less than 4.15.3 are affected. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I7ZGWVVRI4XY2XSTBI3XEMWBXPDVX6OT • CWE-269: Improper Privilege Management •