CVSS: 8.8EPSS: 94%CPEs: 2EXPL: 11CVE-2019-1003000 – Jenkins 2.137 and Pipeline Groovy Plugin 2.61 - ACL Bypass and Metaprogramming Remote Code Execution
https://notcve.org/view.php?id=CVE-2019-1003000
22 Jan 2019 — A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java that allows attackers with the ability to provide sandboxed scripts to execute arbitrary code on the Jenkins master JVM. • https://packetstorm.news/files/id/152132 •
CVSS: 8.8EPSS: 93%CPEs: 2EXPL: 4CVE-2019-1003001 – Jenkins 2.137 and Pipeline Groovy Plugin 2.61 - ACL Bypass and Metaprogramming Remote Code Execution
https://notcve.org/view.php?id=CVE-2019-1003001
22 Jan 2019 — A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.61 and earlier in src/main/java/org/jenkinsci/plugins/workflow/cps/CpsFlowDefinition.java, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShellFactory.java that allows attackers with Overall/Read permission to provide a pipeline script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM. • https://packetstorm.news/files/id/152132 •
CVSS: 8.8EPSS: 93%CPEs: 2EXPL: 4CVE-2019-1003002 – Jenkins 2.137 and Pipeline Groovy Plugin 2.61 - ACL Bypass and Metaprogramming Remote Code Execution
https://notcve.org/view.php?id=CVE-2019-1003002
22 Jan 2019 — A sandbox bypass vulnerability exists in Pipeline: Declarative Plugin 1.3.3 and earlier in pipeline-model-definition/src/main/groovy/org/jenkinsci/plugins/pipeline/modeldefinition/parser/Converter.groovy that allows attackers with Overall/Read permission to provide a pipeline script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM. • https://packetstorm.news/files/id/152132 •
CVSS: 9.6EPSS: 0%CPEs: 2EXPL: 0CVE-2017-15402
https://notcve.org/view.php?id=CVE-2017-15402
09 Jan 2019 — Using an ID that can be controlled by a compromised renderer which allows any frame to overwrite the page_state of any other frame in the same process in Navigation in Google Chrome on Chrome OS prior to 62.0.3202.74 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-chrome-os_27.html • CWE-20: Improper Input Validation •
CVSS: 9.9EPSS: 1%CPEs: 1EXPL: 1CVE-2018-18555
https://notcve.org/view.php?id=CVE-2018-18555
17 Dec 2018 — A sandbox escape issue was discovered in VyOS 1.1.8. • https://blog.vyos.io/the-operator-level-is-proved-insecure-and-will-be-removed-in-the-next-releases • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-1000865
https://notcve.org/view.php?id=CVE-2018-1000865
10 Dec 2018 — A sandbox bypass vulnerability exists in Script Security Plugin 1.47 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM, if plugins using the Groovy sandbox are installed. • https://access.redhat.com/errata/RHBA-2019:0326 • CWE-269: Improper Privilege Management •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-1000866
https://notcve.org/view.php?id=CVE-2018-1000866
10 Dec 2018 — A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.59 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java, groovy-cps/lib/src/main/java/com/cloudbees/groovy/cps/SandboxCpsTransformer.java that allows attackers with Job/Configure permission, or unauthorized attackers with SCM commit privileges and corresponding pipelines based on Jenkinsfiles set up in Jenkins, to execute arbitrary code on the Jenkins master JVM Existe una vulnerabilidad de om... • https://access.redhat.com/errata/RHBA-2019:0326 • CWE-269: Improper Privilege Management •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2018-18748
https://notcve.org/view.php?id=CVE-2018-18748
28 Oct 2018 — Sandboxie 5.26 allows a Sandbox Escape via an "import os" statement, followed by os.system("cmd") or os.system("powershell"), within a .py file. • https://github.com/sandboxescape/Sandboxie-5.26-Sandbox-Escape-Exploit •
CVSS: 7.4EPSS: 1%CPEs: 5EXPL: 0CVE-2018-17470 – chromium-browser: Memory corruption in GPU Internals
https://notcve.org/view.php?id=CVE-2018-17470
25 Oct 2018 — A heap buffer overflow in GPU in Google Chrome prior to 70.0.3538.67 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. • http://www.securityfocus.com/bid/105666 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.6EPSS: 2%CPEs: 5EXPL: 0CVE-2018-17462 – chromium-browser: Sandbox escape in AppCache
https://notcve.org/view.php?id=CVE-2018-17462
25 Oct 2018 — Incorrect refcounting in AppCache in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform a sandbox escape via a crafted HTML page. • http://www.securityfocus.com/bid/105666 • CWE-416: Use After Free •