CVE-2024-34098 – ZDI-CAN-XXXX: [Pwn2Own] Acrobat sandbox bypass part 1 of 2
https://notcve.org/view.php?id=CVE-2024-34098
Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. • https://helpx.adobe.com/security/products/acrobat/apsb24-29.html • CWE-20: Improper Input Validation •
CVE-2024-34099 – ZDI-CAN-XXXX: [Pwn2Own] Acrobat sandbox bypass part 2 of 2
https://notcve.org/view.php?id=CVE-2024-34099
Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. • https://helpx.adobe.com/security/products/acrobat/apsb24-29.html • CWE-284: Improper Access Control •
CVE-2024-4671 – Google Chromium Visuals Use-After-Free Vulnerability
https://notcve.org/view.php?id=CVE-2024-4671
Use after free in Visuals in Google Chrome prior to 124.0.6367.201 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_9.html https://issues.chromium.org/issues/339266700 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BWFSZNNWSQYDRYKNLBDGEXXKMBXDYQ3F https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FAWEKDQTHPN7NFEMLIWP7YMIZ2DHF36N https://lists.fedoraproject.org/archives/list/ • CWE-416: Use After Free •
CVE-2024-32980 – Spin contains a potential network sandbox escape for specifically configured Spin applications
https://notcve.org/view.php?id=CVE-2024-32980
Spin is the developer tool for building and running serverless applications powered by WebAssembly. Prior to 2.4.3, some specifically configured Spin applications that use `self` requests without a specified URL authority can be induced to make requests to arbitrary hosts via the `Host` HTTP header. The following conditions need to be met for an application to be vulnerable: 1. The environment Spin is deployed in routes requests to the Spin runtime based on the request URL instead of the `Host` header, and leaves the `Host` header set to its original value; 2. The Spin application's component handling the incoming request is configured with an `allow_outbound_hosts` list containing `"self"`; and 3. • https://github.com/fermyon/spin/commit/b3db535c9edb72278d4db3a201f0ed214e561354 https://github.com/fermyon/spin/security/advisories/GHSA-f3h7-gpjj-wcvh • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVE-2024-34347 – @hoppscotch/cli affected by Sandbox Escape in @hoppscotch/js-sandbox leads to RCE
https://notcve.org/view.php?id=CVE-2024-34347
Prior to 0.8.0, the @hoppscotch/js-sandbox package provides a Javascript sandbox that uses the Node.js vm module. ... In the case of @hoppscotch/js-sandbox, multiple references to external objects are passed into the vm context to allow pre-request scripts interactions with environment variables and more. But this also allows the pre-request script to escape the sandbox. ... Antes de 0.8.0, el paquete @hoppscotch/js-sandbox proporciona un entorno limitado de Javascript que utiliza el módulo vm de Node.js. ... En el caso de @hoppscotch/js-sandbox, se pasan múltiples referencias a objetos externos al contexto de la máquina virtual para permitir interacciones de scripts de solicitud previa con variables de entorno y más. • https://github.com/hoppscotch/hoppscotch/commit/22c6eabd133195d22874250a5ae40cb26b851b01 https://github.com/hoppscotch/hoppscotch/security/advisories/GHSA-qmmm-73r2-f8xr • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •