CVSS: 9.6EPSS: 0%CPEs: 3EXPL: 0CVE-2021-30633 – Google Chromium Indexed DB API Use-After-Free Vulnerability
https://notcve.org/view.php?id=CVE-2021-30633
Use after free in Indexed DB API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Un uso de memoria previamente liberada en la API de la base de datos Indexada en Google Chrome versiones anteriores a 93.0.4577.82, permitía a un atacante remoto que hubiera comprometido el proceso del renderizador llevar a cabo potencialmente un escape de sandbox por medio de una página HTML diseñada Google Chromium Indexed DB API contains a use-after-free vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop.html https://crbug.com/1247766 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4DDW7HAHTS3SDVXBQUY4SURELO5D4X7R https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PM7MOYYHJSWLIFZ4TPJTD7MSA3HSSLV2 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-41133 – Sandbox bypass via recent VFS-manipulating syscalls
https://notcve.org/view.php?id=CVE-2021-41133
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.4 and 1.12.0, Flatpak apps with direct access to AF_UNIX sockets such as those used by Wayland, Pipewire or pipewire-pulse can trick portals and other host-OS services into treating the Flatpak app as though it was an ordinary, non-sandboxed host-OS process. They can do this by manipulating the VFS using recent mount-related syscalls that are not blocked by Flatpak's denylist seccomp filter, in order to substitute a crafted `/.flatpak-info` or make that file disappear entirely. Flatpak apps that act as clients for AF_UNIX sockets such as those used by Wayland, Pipewire or pipewire-pulse can escalate the privileges that the corresponding services will believe the Flatpak app has. Note that protocols that operate entirely over the D-Bus session bus (user bus), system bus or accessibility bus are not affected by this. • http://www.openwall.com/lists/oss-security/2021/10/26/9 https://github.com/flatpak/flatpak/commit/1330662f33a55e88bfe18e76de28b7922d91a999 https://github.com/flatpak/flatpak/commit/26b12484eb8a6219b9e7aa287b298a894b2f34ca https://github.com/flatpak/flatpak/commit/462fca2c666e0cd2b60d6d2593a7216a83047aaf https://github.com/flatpak/flatpak/commit/4c34815784e9ffda5733225c7d95824f96375e36 https://github.com/flatpak/flatpak/commit/89ae9fe74c6d445bb1b3a40e568d77cf5de47e48 https://github.com/flatpak/flatpak/commit/9766ee05b1425db397d2cf23afd24c7f6146a69f https://github.c • CWE-20: Improper Input Validation •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 1CVE-2021-32835 – Groovy Sandbox escape in Eclipse Keti
https://notcve.org/view.php?id=CVE-2021-32835
In Keti a sandbox escape vulnerability may lead to post-authentication Remote Code execution. • https://securitylab.github.com/advisories/GHSL-2021-063-eclipse-keti • CWE-693: Protection Mechanism Failure •
CVSS: 7.5EPSS: 0%CPEs: 22EXPL: 0CVE-2021-31010 – Apple iOS, macOS, watchOS Sandbox Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2021-31010
A deserialization issue was addressed through improved validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 12.5.5, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. A sandboxed process may be able to circumvent sandbox restrictions. Apple was aware of a report that this issue may have been actively exploited at the time of release.. Se ha solucionado un problema de deserialización mediante una validación mejorada. • https://support.apple.com/en-us/HT212804 https://support.apple.com/en-us/HT212805 https://support.apple.com/en-us/HT212806 https://support.apple.com/en-us/HT212807 https://support.apple.com/en-us/HT212824 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.6EPSS: 0%CPEs: 4EXPL: 1CVE-2021-30571
https://notcve.org/view.php?id=CVE-2021-30571
Insufficient policy enforcement in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html https://crbug.com/1101897 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5LVY4WIWTVVYKQMROJJS365TZBKEARCF https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPJPUSAWIJMQFBQQQYXAICLI4EKFQOH6 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QW4R2K5HVJ4R6XDZYOJCCFPIN2XHNS3L • CWE-863: Incorrect Authorization •