CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-2134 – jenkins-script-security-plugin: sandbox protection bypass via crafted constructor calls and crafted constructor bodies
https://notcve.org/view.php?id=CVE-2020-2134
Sandbox protection in Jenkins Script Security Plugin 1.70 and earlier could be circumvented through crafted constructor calls and crafted constructor bodies. La protección de Sandbox en Jenkins Script Security Plugin versiones 1.70 y anteriores, podría ser omitida mediante llamadas de constructor diseñadas y cuerpos de constructor diseñados. • http://www.openwall.com/lists/oss-security/2020/03/09/1 https://jenkins.io/security/advisory/2020-03-09/#SECURITY-1754 https://access.redhat.com/security/cve/CVE-2020-2134 https://bugzilla.redhat.com/show_bug.cgi?id=1819091 • CWE-863: Incorrect Authorization •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-2109 – jenkins-pipeline-groovy-plugin: sandbox protection bypass through default parameter expressions in CPS-transformed methods
https://notcve.org/view.php?id=CVE-2020-2109
Sandbox protection in Jenkins Pipeline: Groovy Plugin 2.78 and earlier can be circumvented through default parameter expressions in CPS-transformed methods. La protección de Sandbox en Jenkins Pipeline: Groovy Plugin versiones 2.78 y anteriores, puede ser omitida mediante expresiones de parámetros predeterminadas en métodos CPS-transformed. • http://www.openwall.com/lists/oss-security/2020/02/12/3 https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1710 https://access.redhat.com/security/cve/CVE-2020-2109 https://bugzilla.redhat.com/show_bug.cgi?id=1819095 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-2110 – jenkins-script-security-plugin: sandbox protection bypass during script compilation phase by applying AST transforming annotations
https://notcve.org/view.php?id=CVE-2020-2110
Sandbox protection in Jenkins Script Security Plugin 1.69 and earlier could be circumvented during the script compilation phase by applying AST transforming annotations to imports or by using them inside of other annotations. La protección de Sandbox en Jenkins Script Security Plugin versiones 1.69 y anteriores, podría omitirse durante la fase de compilación del script mediante la aplicación de anotaciones de transformación AST para las importaciones o al usarlas dentro de otras anotaciones. • http://www.openwall.com/lists/oss-security/2020/02/12/3 https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1713 https://access.redhat.com/security/cve/CVE-2020-2110 https://bugzilla.redhat.com/show_bug.cgi?id=1819093 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2012-6302
https://notcve.org/view.php?id=CVE-2012-6302
Soapbox through 0.3.1: Sandbox bypass - runs a second instance of Soapbox within a sandboxed Soapbox. Soapbox versiones hasta 0.3.1: Omisión de sandbox: ejecuta una segunda instancia de Soapbox dentro de un Soapbox en sandbox. • http://www.openwall.com/lists/oss-security/2012/12/10/1 • CWE-269: Improper Privilege Management •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0CVE-2019-5870 – chromium-browser: Use-after-free in media
https://notcve.org/view.php?id=CVE-2019-5870
Use after free in media in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Un uso de la memoria previamente liberada en media en Google Chrome versiones anteriores a 77.0.3865.75, permitió a un atacante remoto potencialmente realizar un escape de sandbox por medio de una página HTML diseñada. • https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html https://crbug.com/999311 https://access.redhat.com/security/cve/CVE-2019-5870 https://bugzilla.redhat.com/show_bug.cgi?id=1762366 • CWE-416: Use After Free •