CVSS: 9.9EPSS: 1%CPEs: 2EXPL: 0CVE-2019-1003034 – jenkins-job-dsl-plugin: Script security sandbox bypass in Job DSL Plugin (SECURITY-1342)
https://notcve.org/view.php?id=CVE-2019-1003034
08 Mar 2019 — A sandbox bypass vulnerability exists in Jenkins Job DSL Plugin 1.71 and earlier in job-dsl-core/src/main/groovy/javaposse/jobdsl/dsl/AbstractDslScriptLoader.groovy, job-dsl-plugin/build.gradle, job-dsl-plugin/src/main/groovy/javaposse/jobdsl/plugin/JobDslWhitelist.groovy, job-dsl-plugin/src/main/groovy/javaposse/jobdsl/plugin/SandboxDslScriptLoader.groovy that allows attackers with control over Job DSL definitions to execute arbitrary code on the Jenkins master JVM. ... Security fix: jenkins-plugin-... • http://www.securityfocus.com/bid/107476 • CWE-20: Improper Input Validation •
CVSS: 9.9EPSS: 93%CPEs: 2EXPL: 3CVE-2019-1003030 – Jenkins Matrix Project Plugin Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-1003030
08 Mar 2019 — A sandbox bypass vulnerability exists in Jenkins Pipeline: Groovy Plugin 2.63 and earlier in pom.xml, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShell.java that allows attackers able to control pipeline scripts to execute arbitrary code on the Jenkins master JVM. ... Security fix: jenkins-plugin-script-security: Sandbox bypass in script security plug-in jenkins-plugin-script-security: Sandbox bypass in script security plug-in jenkins-plugin-script-security: Sandbox byp... • https://packetstorm.news/files/id/159603 • CWE-20: Improper Input Validation CWE-693: Protection Mechanism Failure •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-1003024 – jenkins-plugin-script-security: Sandbox Bypass in Script Security Plugin (SECURITY-1320)
https://notcve.org/view.php?id=CVE-2019-1003024
20 Feb 2019 — A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.52 and earlier in RejectASTTransformsCustomizer.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM. ... Security fix: jenkins-plugin-script-security: Sandbox bypass in script security plug-in jenkins-plugin-script-security: Sandbox bypass in script security plug-in jenkins-plugin-script-securit... • http://www.securityfocus.com/bid/107295 • CWE-96: Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') •
CVSS: 8.2EPSS: 0%CPEs: 11EXPL: 0CVE-2019-8308 – flatpak: potential /proc based sandbox escape
https://notcve.org/view.php?id=CVE-2019-8308
12 Feb 2019 — Issues addressed include a sandbox escape vulnerability. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00088.html • CWE-668: Exposure of Resource to Wrong Sphere CWE-672: Operation on a Resource after Expiration or Release •
CVSS: 9.6EPSS: 1%CPEs: 9EXPL: 0CVE-2019-5759 – chromium-browser: Use after free in HTML select elements
https://notcve.org/view.php?id=CVE-2019-5759
11 Feb 2019 — Incorrect lifetime handling in HTML select elements in Google Chrome on Android and Mac prior to 72.0.3626.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. • http://www.securityfocus.com/bid/106767 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-7289 – Apple Security Advisory 2019-2-07-3
https://notcve.org/view.php?id=CVE-2019-7289
07 Feb 2019 — Shortcuts 2.1.3 for iOS is now available and addresses information disclosure and sandbox escape vulnerabilities. • https://support.apple.com/HT209522 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2019-7290 – Apple Security Advisory 2019-2-07-3
https://notcve.org/view.php?id=CVE-2019-7290
07 Feb 2019 — Shortcuts 2.1.3 for iOS is now available and addresses information disclosure and sandbox escape vulnerabilities. • https://support.apple.com/HT209522 • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-1003006
https://notcve.org/view.php?id=CVE-2019-1003006
06 Feb 2019 — A sandbox bypass vulnerability exists in Jenkins Groovy Plugin 2.0 and earlier in src/main/java/hudson/plugins/groovy/StringScriptSource.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM. • https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1293 • CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 76%CPEs: 1EXPL: 1CVE-2019-1003005 – jenkins-plugin-script-security: Sandbox Bypass in Script Security Plugin (SECURITY-1292)
https://notcve.org/view.php?id=CVE-2019-1003005
06 Feb 2019 — A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.50 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM. ... Security fix: jenkins-plugin-script-security: Sandbox bypass in script security plug-in jenkins-plugin-script-security: Sandbox bypass i... • https://packetstorm.news/files/id/166778 • CWE-96: Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') •
CVSS: 10.0EPSS: 3%CPEs: 18EXPL: 0CVE-2018-18505 – Mozilla: Privilege escalation through IPC channel messages
https://notcve.org/view.php?id=CVE-2018-18505
30 Jan 2019 — This could allow for a sandbox escape through IPC channels due to lack of message validation in the listener process. • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html • CWE-287: Improper Authentication •