CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2019-10394 – jenkins-script-security-plugin: handling of property names in property expressions on the left-hand side of assignment expression leads to execute arbitrary code in sandboxed scripts
https://notcve.org/view.php?id=CVE-2019-10394
12 Sep 2019 — A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of property names in property expressions on the left-hand side of assignment expressions allowed attackers to execute arbitrary code in sandboxed scripts. • http://www.openwall.com/lists/oss-security/2019/09/12/2 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2019-10399 – jenkins-script-security-plugin: handling of property names in property expressions in increment and decrement expressions allowed attackers to execute arbitrary code in sandboxed scripts
https://notcve.org/view.php?id=CVE-2019-10399
12 Sep 2019 — A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of property names in property expressions in increment and decrement expressions allowed attackers to execute arbitrary code in sandboxed scripts. • http://www.openwall.com/lists/oss-security/2019/09/12/2 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2019-10400 – jenkins-script-security-plugin: handling of subexpressions in increment and decrement expressions not involving actual assignment allowed attackers to execute arbitrary code in sandboxed scripts
https://notcve.org/view.php?id=CVE-2019-10400
12 Sep 2019 — A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of subexpressions in increment and decrement expressions not involving actual assignment allowed attackers to execute arbitrary code in sandboxed scripts. • http://www.openwall.com/lists/oss-security/2019/09/12/2 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 0CVE-2019-9812 – Mozilla Firefox sync Universal Cross-Site Scripting Sandbox Escape Vulnerability
https://notcve.org/view.php?id=CVE-2019-9812
04 Sep 2019 — Given a compromised sandboxed content process due to a separate vulnerability, it is possible to escape that sandbox by loading accounts.firefox.com in that process and forcing a log-in to a malicious Firefox Sync account. Preference settings that disable the sandbox are then synchronized to the local machine and the compromised browser would restart without the sandbox if a crash is triggered. This vulnerability affects Firefox ESR < 60.9, Firefox ESR < 68.1, and Firefox < 69. Dado un proceso de contenido ... • https://bugzilla.mozilla.org/show_bug.cgi?id=1538008 • CWE-250: Execution with Unnecessary Privileges •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-10390
https://notcve.org/view.php?id=CVE-2019-10390
28 Aug 2019 — A sandbox bypass vulnerability in Jenkins Splunk Plugin 1.7.4 and earlier allowed attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM. • http://www.openwall.com/lists/oss-security/2019/08/28/4 •
CVSS: 8.8EPSS: 2%CPEs: 4EXPL: 2CVE-2019-1170 – Windows NTFS Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2019-1170
14 Aug 2019 — An elevation of privilege vulnerability exists when reparse points are created by sandboxed processes allowing sandbox escape. An elevation of privilege vulnerability exists when reparse points are created by sandboxed processes allowing sandbox escape. An attacker who successfully exploited the vulnerability could use the sandbox escape to elevate privileges on an affected system. An attacker who successfully exploited the vulnerability could use the sandbox escape to elevate pr... • https://packetstorm.news/files/id/154192 • CWE-862: Missing Authorization •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0CVE-2019-5850 – chromium-browser: Use-after-free in offline page fetcher
https://notcve.org/view.php?id=CVE-2019-5850
12 Aug 2019 — Use after free in offline mode in Google Chrome prior to 76.0.3809.87 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2019/07/stable-channel-update-for-desktop_30.html • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-10355 – jenkins-plugin-script-security: Sandbox bypass through type casts in Script Security Plugin
https://notcve.org/view.php?id=CVE-2019-10355
31 Jul 2019 — A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of type casts allowed attackers to execute arbitrary code in sandboxed scripts. • http://www.openwall.com/lists/oss-security/2019/07/31/1 • CWE-704: Incorrect Type Conversion or Cast •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-10356 – jenkins-plugin-script-security: Sandbox bypass through method pointer expressions in Script Security Plugin
https://notcve.org/view.php?id=CVE-2019-10356
31 Jul 2019 — A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of method pointer expressions allowed attackers to execute arbitrary code in sandboxed scripts. • http://www.openwall.com/lists/oss-security/2019/07/31/1 • CWE-20: Improper Input Validation •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 1CVE-2019-14270
https://notcve.org/view.php?id=CVE-2019-14270
25 Jul 2019 — Comodo Antivirus through 12.0.0.6870, Comodo Firewall through 12.0.0.6870, and Comodo Internet Security Premium through 12.0.0.6870, with the Comodo Container feature, are vulnerable to Sandbox Escape. • https://gaissecurity.com/yazi/discovery-of-sandbox-escape-on-comodo-container-antivirus-amp-firewall •