Page 30 of 495 results (0.207 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

There is a bug in 0.73 of the Cranelift x64 backend that can create a scenario that could result in a potential sandbox escape in a Wasm program. ... Under these circumstances there is a potential sandbox escape when the i32 value is a pointer. • https://crates.io/crates/cranelift-codegen https://github.com/bytecodealliance/wasmtime/commit/95559c01aaa7c061088a433040f31e8291fb09d0 https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-hpqh-2wqx-7qp5 https://www.fastly.com/security-advisories/memory-access-due-to-code-generation-flaw-in-cranelift-module • CWE-125: Out-of-bounds Read CWE-681: Incorrect Conversion between Numeric Types CWE-788: Access of Memory Location After End of Buffer •

CVSS: 5.2EPSS: 0%CPEs: 2EXPL: 0

A bypass of CVE-2020-26231 (fixed in 1.0.470/471 and 1.1.1) was discovered that has the same impact as CVE-2020-26231 & CVE-2020-15247. An authenticated backend user with the `cms.manage_pages`, `cms.manage_layouts`, or `cms.manage_partials` permissions who would **normally** not be permitted to provide PHP code to be executed by the CMS due to `cms.enableSafeMode` being enabled is able to write specific Twig code to escape the Twig sandbox and execute arbitrary PHP. ... Un usuario de back-end autenticado con los permisos "cms.manage_pages", "cms.manage_layouts" o "cms.manage_partials" que **normalmente** no podría proporcionar código PHP para ser ejecutado por el CMS debido a "cms.enableSafeMode" que está habilitado es capaz de escribir código Twig específico para escapar del sandbox Twig y ejecutar PHP arbitrario. • https://github.com/octobercms/october/security/advisories/GHSA-fcr8-6q7r-m4wg • CWE-862: Missing Authorization •

CVSS: 9.6EPSS: 1%CPEs: 5EXPL: 0

Use after free in navigation in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Un uso de la memoria previamente liberada en navigation en Google Chrome versiones anteriores a 90.0.4430.85, permitía a un atacante remoto que había comprometido el proceso del renderizador llevar a cabo potencialmente un escape del sandbox por medio de una página HTML diseñada • https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_20.html https://crbug.com/1197904 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EAJ42L4JFPBJATCZ7MOZQTUDGV4OEHHG https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U3GZ42MYPGD35V652ZPVPYYS7A7LVXVY https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUZBGKGVZADNA3I24NVG7HAYYUTOSN5A https://security.gentoo.org/glsa/202104-08 https:/ • CWE-416: Use After Free •

CVSS: 9.6EPSS: 1%CPEs: 5EXPL: 0

Integer overflow in Mojo in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Un desbordamiento de enteros en Mojo en Google Chrome versiones anteriores a 90.0.4430.85, permitió a un atacante remoto que había comprometido el proceso del renderizador llevar a cabo potencialmente un escape del sandbox por medio de una página HTML diseñada • https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_20.html https://crbug.com/1195308 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EAJ42L4JFPBJATCZ7MOZQTUDGV4OEHHG https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U3GZ42MYPGD35V652ZPVPYYS7A7LVXVY https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUZBGKGVZADNA3I24NVG7HAYYUTOSN5A https://security.gentoo.org/glsa/202104-08 https:/ • CWE-190: Integer Overflow or Wraparound •

CVSS: 8.6EPSS: 0%CPEs: 5EXPL: 0

Use after free in IndexedDB in Google Chrome prior to 90.0.4430.72 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. Un uso de la memoria previamente liberada en IndexedDB en Google Chrome versiones anteriores a 90.0.4430.72, permitía a un atacante convencer a un usuario de instalar una extensión maliciosa para llevar a cabo potencialmente un escape del sandbox por medio de una extensión de Chrome diseñada • https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_14.html https://crbug.com/1185732 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EAJ42L4JFPBJATCZ7MOZQTUDGV4OEHHG https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U3GZ42MYPGD35V652ZPVPYYS7A7LVXVY https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUZBGKGVZADNA3I24NVG7HAYYUTOSN5A https://security.gentoo.org/glsa/202104-08 https:/ • CWE-416: Use After Free •