CVE-2020-12079
https://notcve.org/view.php?id=CVE-2020-12079
Beaker before 0.8.9 allows a sandbox escape, enabling system access and code execution. ... Beaker versiones anteriores a 0.8.9, permite un escape del sandbox, permitiendo acceso al sistema y una ejecución de código. • https://github.com/beakerbrowser/beaker/issues/1519 https://github.com/beakerbrowser/beaker/releases/tag/0.8.9 • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVE-2020-6457 – chromium-browser: Use after free in speech recognizer
https://notcve.org/view.php?id=CVE-2020-6457
Use after free in speech recognizer in Google Chrome prior to 81.0.4044.113 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Un uso de la memoria previamente liberada en speech recognizer en Google Chrome versiones anteriores a la versión 81.0.4044.113, permitió a un atacante remoto llevar a cabo potencialmente un escape del sandbox por medio de una página HTML especialmente diseñada. • https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_15.html https://crbug.com/1067851 https://www.debian.org/security/2020/dsa-4714 https://access.redhat.com/security/cve/CVE-2020-6457 https://bugzilla.redhat.com/show_bug.cgi?id=1824949 • CWE-416: Use After Free •
CVE-2020-2805 – OpenJDK: Incorrect type checks in MethodType.readObject() (Libraries, 8235274)
https://notcve.org/view.php?id=CVE-2020-2805
., code that comes from the internet) and rely on the Java sandbox for security. ... Nota: Esta vulnerabilidad se aplica a las implementaciones de Java, generalmente en clientes que ejecutan aplicaciones Java Web Start dentro del sandbox o applets de Java dentro del sandbox, que cargan y ejecutan código no confiable (por ejemplo, código que proviene de Internet) y confían en el sandbox de Java para la seguridad. ... This flaw allows an untrusted Java application or applet to bypass Java sandbox restrictions. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCW • CWE-20: Improper Input Validation •
CVE-2020-2803 – OpenJDK: Incorrect bounds checks in NIO Buffers (Libraries, 8234841)
https://notcve.org/view.php?id=CVE-2020-2803
., code that comes from the internet) and rely on the Java sandbox for security. ... Nota: Esta vulnerabilidad se aplica a las implementaciones de Java, generalmente en clientes que ejecutan aplicaciones Java Web Start dentro del sandbox o applets de Java dentro del sandbox, que cargan y ejecutan código no confiable (por ejemplo, código que proviene de Internet) y confían en el sandbox de Java para la seguridad. ... This flaw allows an untrusted Java application or applet o bypass Java sandbox restrictions. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCW • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2020-2135 – jenkins-script-security-plugin: sandbox protection bypass leads to arbitrary code execution
https://notcve.org/view.php?id=CVE-2020-2135
Sandbox protection in Jenkins Script Security Plugin 1.70 and earlier could be circumvented through crafted method calls on objects that implement GroovyInterceptable. La protección de Sandbox en Jenkins Script Security Plugin versiones 1.70 y anteriores, podría ser omitida mediante llamadas de método diseñadas sobre objetos que implementan GroovyInterceptable. • http://www.openwall.com/lists/oss-security/2020/03/09/1 https://jenkins.io/security/advisory/2020-03-09/#SECURITY-1754 https://access.redhat.com/security/cve/CVE-2020-2135 https://bugzilla.redhat.com/show_bug.cgi?id=1819078 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-863: Incorrect Authorization •