CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 0CVE-2021-21696 – jenkins: Agent-to-controller access control allowed writing to sensitive directory used by Pipeline: Shared Groovy Libraries Plugin
https://notcve.org/view.php?id=CVE-2021-21696
04 Nov 2021 — Esto resulta en una ejecución de código sin sandbox en el proceso del controlador de Jenkins An incorrect permissions validation vulnerability was found in Jenkins. ... Issues addressed include a bypass vulnerability. • http://www.openwall.com/lists/oss-security/2021/11/04/3 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 1%CPEs: 6EXPL: 0CVE-2021-38503 – Mozilla: iframe sandbox rules did not apply to XSLT stylesheets
https://notcve.org/view.php?id=CVE-2021-38503
03 Nov 2021 — The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame. ... Las reglas del sandbox de iframe no se aplicaban correctamente a las hojas de estilo XSLT, permitiendo a un iframe omitir restricciones como la ejecución de scripts o la navegación por el marco de nivel superior. Esta vulnerabilidad afecta a Firefox versiones anteriores a 94, Thunderbird versiones anteriores a... • https://bugzilla.mozilla.org/show_bug.cgi?id=1729517 • CWE-732: Incorrect Permission Assignment for Critical Resource CWE-863: Incorrect Authorization •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 1CVE-2020-6492
https://notcve.org/view.php?id=CVE-2020-6492
02 Nov 2021 — Use after free in ANGLE in Google Chrome prior to 83.0.4103.97 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Un uso de memoria previamente liberada en ANGLE en Google Chrome versiones anteriores a 83.0.4103.97, permitía a un atacante remoto llevar a cabo potencialmente un escape de sandbox por medio de una página HTML diseñada • https://chromereleases.googleblog.com/2020/06/stable-channel-update-for-desktop.html • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-37994 – Debian Security Advisory 5046-1
https://notcve.org/view.php?id=CVE-2021-37994
02 Nov 2021 — Inappropriate implementation in iFrame Sandbox in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Una implementación inapropiada en iFrame Sandbox en Google Chrome versiones anteriores a 95.0.4638.54, permitía a un atacante remoto omitir las restricciones de navegación por medio de una página HTML diseñada Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, d... • https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_19.html •
CVSS: 9.6EPSS: 2%CPEs: 3EXPL: 0CVE-2021-37981 – Debian Security Advisory 5046-1
https://notcve.org/view.php?id=CVE-2021-37981
02 Nov 2021 — Heap buffer overflow in Skia in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Un desbordamiento del búfer de la pila en Skia en Google Chrome versiones anteriores a 95.0.4638.54, permitía a un atacante remoto que hubiera comprometido el proceso de renderización llevar a cabo potencialmente un escape del sandbox por medio de una página HTML diseñada Multiple se... • https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_19.html • CWE-787: Out-of-bounds Write •
CVSS: 7.4EPSS: 0%CPEs: 5EXPL: 1CVE-2021-37980 – Debian Security Advisory 5046-1
https://notcve.org/view.php?id=CVE-2021-37980
02 Nov 2021 — Inappropriate implementation in Sandbox in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially bypass site isolation via Windows. Una implementación inapropiada de Sandbox en Google Chrome versiones anteriores a 94.0.4606.81, permitía a un atacante remoto omitir potencialmente el aislamiento del sitio por medio de Windows Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information ... • https://github.com/ZeusBox/CVE-2021-37980 •
CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 1CVE-2021-21703 – PHP-FPM memory access in root process leading to privilege escalation
https://notcve.org/view.php?id=CVE-2021-21703
25 Oct 2021 — This vulnerability is hard to exploit as the attack needs to escape the FPM sandbox mechanism. ... Issues addressed include bypass, privilege escalation, and server-side request forgery vulnerabilities. • http://www.openwall.com/lists/oss-security/2021/10/26/7 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-284: Improper Access Control CWE-787: Out-of-bounds Write •
CVSS: 5.3EPSS: 0%CPEs: 7EXPL: 1CVE-2021-42762 – Debian Security Advisory 4995-1
https://notcve.org/view.php?id=CVE-2021-42762
20 Oct 2021 — BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit before 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick host processes into thinking the sandboxed process is not confined by the sandbox, by abusing VFS syscalls that manipulate its filesystem namespace. The impact is limited to host services that create UNIX sockets that WebKit mounts inside its sandbox, and the sandboxed process remains otherwise confined. ... El archivo BubblewrapLauncher... • http://www.openwall.com/lists/oss-security/2021/10/26/9 •
CVSS: 7.1EPSS: 0%CPEs: 22EXPL: 0CVE-2021-35550 – OpenJDK: Weak ciphers preferred over stronger ones for TLS (JSSE, 8264210)
https://notcve.org/view.php?id=CVE-2021-35550
20 Oct 2021 — ., code that comes from the internet) and rely on the Java sandbox for security. ... Nota: Esta vulnerabilidad se aplica a las implantaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start con sandbox o applets Java con sandbox, que cargan y ejecutan código que no es confiable (por ejemplo, código que viene de Internet) y dependen del sandbox de Java para la seguridad. ... An attacker could possibly use this to bypass JAR signature verification. • https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 5.3EPSS: 0%CPEs: 24EXPL: 0CVE-2021-35556 – OpenJDK: Excessive memory allocation in RTFParser (Swing, 8265167)
https://notcve.org/view.php?id=CVE-2021-35556
20 Oct 2021 — ., code that comes from the internet) and rely on the Java sandbox for security. ... Nota: Esta vulnerabilidad se aplica a las implantaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start con sandbox o applets Java con sandbox, que cargan y ejecutan código que no es confiable (por ejemplo, código que viene de Internet) y dependen de la sandbox de Java para la seguridad. ... An attacker could possibly use this to bypass JAR signature verification... • https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html • CWE-770: Allocation of Resources Without Limits or Throttling •