CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6779
https://notcve.org/view.php?id=CVE-2024-6779
Out of bounds memory access in V8 in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop.html https://issues.chromium.org/issues/351327767 •
CVSS: 3.6EPSS: 0%CPEs: 6EXPL: 0CVE-2024-38531 – Nix sandbox escape
https://notcve.org/view.php?id=CVE-2024-38531
Nix is a package manager for Linux and other Unix systems that makes package management reliable and reproducible. A build process has access to and can change the permissions of the build directory. After creating a setuid binary in a globally accessible location, a malicious local user can assume the permissions of a Nix daemon worker and hijack all future builds. This issue was patched in version(s) 2.23.1, 2.22.2, 2.21.3, 2.20.7, 2.19.5 and 2.18.4. Nix es un administrador de paquetes para Linux y otros sistemas Unix que hace que la administración de paquetes sea confiable y reproducible. • https://github.com/NixOS/nix/pull/10501 https://github.com/NixOS/nix/security/advisories/GHSA-q82p-44mg-mgh5 • CWE-278: Insecure Preserved Inherited Permissions •
CVSS: 5.3EPSS: 0%CPEs: -EXPL: 2CVE-2024-28397 – Pyload Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-28397
CVE-2024-28397 is a sandbox escape in js2py versions 0.74 and below. js2py is a popular python package that can evaluate javascript code inside a python interpreter. The vulnerability allows for an attacker to obtain a reference to a python object in the js2py environment enabling them to escape the sandbox, bypass pyimport restrictions and execute arbitrary commands on the host. ... This endpoint was designed to only accept connections from localhost but by manipulating the HOST header we can bypass this restriction in order to access the API to achieve unauthenticated remote code execution. • https://github.com/Marven11/CVE-2024-28397-js2py-Sandbox-Escape https://github.com/CYBER-WARRIOR-SEC/CVE-2024-28397-js2py-Sandbox-Escape https://github.com/Marven11 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 2.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38358 – Symlink bypasses filesystem sandbox in wasmer
https://notcve.org/view.php?id=CVE-2024-38358
Wasmer is a web assembly (wasm) Runtime supporting WASIX, WASI and Emscripten. If the preopened directory has a symlink pointing outside, WASI programs can traverse the symlink and access host filesystem if the caller sets both `oflags::creat` and `rights::fd_write`. Programs can also crash the runtime by creating a symlink pointing outside with `path_symlink` and `path_open`ing the link. This issue has been addressed in commit `b9483d022` which has been included in release version 4.3.2. Users are advised to upgrade. • https://github.com/wasmerio/wasmer/commit/b9483d022c602b994103f78ecfe46f017f8ac662 https://github.com/wasmerio/wasmer/security/advisories/GHSA-55f3-3qvg-8pv5 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-5691 – Mozilla: Sandboxed iframes were able to bypass sandbox restrictions to open a new window
https://notcve.org/view.php?id=CVE-2024-5691
By tricking the browser with a `X-Frame-Options` header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window. ... The Mozilla Foundation Security Advisory describes this flaw as: By tricking the browser with a `X-Frame-Options` header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window. • https://bugzilla.mozilla.org/show_bug.cgi?id=1888695 https://lists.debian.org/debian-lts-announce/2024/06/msg00000.html https://lists.debian.org/debian-lts-announce/2024/06/msg00010.html https://www.mozilla.org/security/advisories/mfsa2024-25 https://www.mozilla.org/security/advisories/mfsa2024-26 https://www.mozilla.org/security/advisories/mfsa2024-28 https://access.redhat.com/security/cve/CVE-2024-5691 https://bugzilla.redhat.com/show_bug.cgi?id=2291397 • CWE-284: Improper Access Control •