CVSS: 8.2EPSS: 0%CPEs: 11EXPL: 0CVE-2019-8308 – flatpak: potential /proc based sandbox escape
https://notcve.org/view.php?id=CVE-2019-8308
Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /proc in the apply_extra script sandbox, which allows attackers to modify a host-side executable file. Flatpak, en versiones anteriores a la 1.0.7 y en versiones 1.1.x y 1.2.x anteriores a la 1.2.3, expone /proc en el sandbox de script apply_extra, lo que permite que los atacantes modifiquen un archivo ejecutable del lado del host. A flaw was found in flatpak. In certain special cases, installing flatpak applications and runtimes system-wide may allow an attacker to escape the flatpak sandbox. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00088.html https://access.redhat.com/errata/RHSA-2019:0375 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922059 https://github.com/flatpak/flatpak/releases/tag/1.0.7 https://github.com/flatpak/flatpak/releases/tag/1.2.3 https://access.redhat.com/security/cve/CVE-2019-8308 https://bugzilla.redhat.com/show_bug.cgi?id=1675070 • CWE-668: Exposure of Resource to Wrong Sphere CWE-672: Operation on a Resource after Expiration or Release •
CVSS: 9.6EPSS: 2%CPEs: 9EXPL: 0CVE-2019-5759 – chromium-browser: Use after free in HTML select elements
https://notcve.org/view.php?id=CVE-2019-5759
Incorrect lifetime handling in HTML select elements in Google Chrome on Android and Mac prior to 72.0.3626.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. • http://www.securityfocus.com/bid/106767 https://access.redhat.com/errata/RHSA-2019:0309 https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html https://crbug.com/912211 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JVFHYCJGMZQUKYSIE2BXE4NLEGFGUXU5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6 https://www.debian.org/security/2019/dsa-4395 https://access.redhat.com&# • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-1003006
https://notcve.org/view.php?id=CVE-2019-1003006
A sandbox bypass vulnerability exists in Jenkins Groovy Plugin 2.0 and earlier in src/main/java/hudson/plugins/groovy/StringScriptSource.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM. • https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1293 • CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-1003005 – jenkins-plugin-script-security: Sandbox Bypass in Script Security Plugin (SECURITY-1292)
https://notcve.org/view.php?id=CVE-2019-1003005
A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.50 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM. • https://github.com/orangetw/awesome-jenkins-rce-2019 http://packetstormsecurity.com/files/166778/Jenkins-Remote-Code-Execution.html https://access.redhat.com/errata/RHSA-2019:0739 https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1292 https://access.redhat.com/security/cve/CVE-2019-1003005 https://bugzilla.redhat.com/show_bug.cgi?id=1670283 https://jenkins.io/security/advisory/2019-01-08 https://blog.orange.tw/2019/01/hacking-jenkins-part-1-play-with-dynamic-routing.html htt • CWE-96: Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 18EXPL: 0CVE-2018-18505 – Mozilla: Privilege escalation through IPC channel messages
https://notcve.org/view.php?id=CVE-2018-18505
This could allow for a sandbox escape through IPC channels due to lack of message validation in the listener process. • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html http://www.securityfocus.com/bid/106781 https://access.redhat.com/errata/RHSA-2019:0218 https://access.redhat.com/errata/RHSA-2019:0219 https://access.redhat.com/errata/RHSA-2019:0269 https://access.redhat.com/errata/RHSA-2019:0270 https://bugzilla.mozilla.org/show_bug.cgi?id=1087565 https://lists.debian.org/debian-lts-announce/2019/01/msg00025.html https://lists.debian.org/debian-lts-announce/2019/02&# • CWE-287: Improper Authentication •