CVSS: 9.6EPSS: 0%CPEs: 3EXPL: 0CVE-2021-37981
https://notcve.org/view.php?id=CVE-2021-37981
Heap buffer overflow in Skia in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Un desbordamiento del búfer de la pila en Skia en Google Chrome versiones anteriores a 95.0.4638.54, permitía a un atacante remoto que hubiera comprometido el proceso de renderización llevar a cabo potencialmente un escape del sandbox por medio de una página HTML diseñada • https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_19.html https://crbug.com/1246631 https://www.debian.org/security/2022/dsa-5046 • CWE-787: Out-of-bounds Write •
CVSS: 7.4EPSS: 0%CPEs: 5EXPL: 1CVE-2021-37980
https://notcve.org/view.php?id=CVE-2021-37980
Inappropriate implementation in Sandbox in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially bypass site isolation via Windows. Una implementación inapropiada de Sandbox en Google Chrome versiones anteriores a 94.0.4606.81, permitía a un atacante remoto omitir potencialmente el aislamiento del sitio por medio de Windows • https://github.com/ZeusBox/CVE-2021-37980 https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop.html https://crbug.com/1254631 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RNARCF5HEZK7GJXZRN5TQ45AQDCRM2WO https://www.debian.org/security/2022/dsa-5046 •
CVSS: 5.3EPSS: 0%CPEs: 7EXPL: 1CVE-2021-42762
https://notcve.org/view.php?id=CVE-2021-42762
BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit before 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick host processes into thinking the sandboxed process is not confined by the sandbox, by abusing VFS syscalls that manipulate its filesystem namespace. The impact is limited to host services that create UNIX sockets that WebKit mounts inside its sandbox, and the sandboxed process remains otherwise confined. ... El archivo BubblewrapLauncher.cpp en WebKitGTK y WPE WebKit versiones anteriores a 2.34.1, permite una omisión limitada del sandbox que permite a un proceso con sandbox engañar a procesos anfitriones para que piensen que el proceso con sandbox no está confinado por la sandbox, al abusar de las llamadas al sistema VFS que manipulan su espacio de nombres del sistema de archivos. El impacto se limita a servicios de host que crean sockets UNIX que WebKit monta dentro de su sandbox, y el proceso con sandbox permanece confinado de otra manera. • http://www.openwall.com/lists/oss-security/2021/10/26/9 http://www.openwall.com/lists/oss-security/2021/10/27/1 http://www.openwall.com/lists/oss-security/2021/10/27/2 http://www.openwall.com/lists/oss-security/2021/10/27/4 https://bugs.webkit.org/show_bug.cgi?id=231479 https://github.com/flatpak/flatpak/security/advisories/GHSA-67h7-w3jq-vh4q https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H6MGXCX7P5AHWOQ6IRT477UKT7IS4DAD https:& •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2021-23449 – Sandbox Bypass
https://notcve.org/view.php?id=CVE-2021-23449
This affects the package vm2 before 3.9.4 via a Prototype Pollution attack vector, which can lead to execution of arbitrary code on the host machine. Esto afecta al paquete vm2 antes de la versión 3.9.4 a través de un vector de ataque de Prototipo de Contaminación, que puede llevar a la ejecución de código arbitrario en la máquina anfitriona • https://github.com/patriksimek/vm2/commit/b4f6e2bd2c4a1ef52fc4483d8e35f28bc4481886 https://github.com/patriksimek/vm2/issues/363 https://github.com/patriksimek/vm2/releases/tag/3.9.4 https://security.netapp.com/advisory/ntap-20211029-0010 https://snyk.io/vuln/SNYK-JS-VM2-1585918 • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 0CVE-2021-40476 – Windows AppContainer Elevation Of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2021-40476
Windows AppContainer Elevation Of Privilege Vulnerability Una vulnerabilidad de Elevación de Privilegios en Windows AppContainer The WSAQuerySocketSecurity API returns full anonymous impersonation tokens for connected peers in an AppContainer leading to a sandbox escape. • http://packetstormsecurity.com/files/164942/Microsoft-Windows-WSAQuerySocketSecurity-AppContainer-Privilege-Escalation.html https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40476 • CWE-522: Insufficiently Protected Credentials •