Page 52 of 369 results (0.061 seconds)

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0

A sandbox bypass vulnerability exists in Script Security Plugin 1.47 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM, if plugins using the Groovy sandbox are installed. • https://access.redhat.com/errata/RHBA-2019:0326 https://access.redhat.com/errata/RHBA-2019:0327 https://jenkins.io/security/advisory/2018-10-29/#SECURITY-1186 • CWE-269: Improper Privilege Management •

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0

A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.59 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java, groovy-cps/lib/src/main/java/com/cloudbees/groovy/cps/SandboxCpsTransformer.java that allows attackers with Job/Configure permission, or unauthorized attackers with SCM commit privileges and corresponding pipelines based on Jenkinsfiles set up in Jenkins, to execute arbitrary code on the Jenkins master JVM Existe una vulnerabilidad de omisión del sandbox en Pipeline: Groovy Plugin 2.59 y anteriores en groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java y groovy-cps/lib/src/main/java/com/cloudbees/groovy/cps/SandboxCpsTransformer.java que permite que los atacantes con el permiso Job/Configure, o atacantes no autorizados con privilegios del commit SCM y las pipelines basadas en Jenkinsfiles establecidas en Jenkins, ejecuten código arbitrario en el maestro JVM de Jenkins. • https://access.redhat.com/errata/RHBA-2019:0326 https://access.redhat.com/errata/RHBA-2019:0327 https://jenkins.io/security/advisory/2018-10-29/#SECURITY-1186 • CWE-269: Improper Privilege Management •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1

Sandboxie 5.26 allows a Sandbox Escape via an "import os" statement, followed by os.system("cmd") or os.system("powershell"), within a .py file. • https://github.com/sandboxescape/Sandboxie-5.26-Sandbox-Escape-Exploit https://github.com/sandboxescape/Sandboxie-5.26-Sandbox-Escape-Exploit/blob/2632a5f7409e52b2e020f5d4467fa019f9095e73/README.doc •

CVSS: 9.6EPSS: 1%CPEs: 5EXPL: 0

Incorrect refcounting in AppCache in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform a sandbox escape via a crafted HTML page. • http://www.securityfocus.com/bid/105666 https://access.redhat.com/errata/RHSA-2018:3004 https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html https://crbug.com/888926 https://security.gentoo.org/glsa/201811-10 https://www.debian.org/security/2018/dsa-4330 https://access.redhat.com/security/cve/CVE-2018-17462 https://bugzilla.redhat.com/show_bug.cgi?id=1640098 • CWE-416: Use After Free •

CVSS: 7.4EPSS: 2%CPEs: 5EXPL: 0

A heap buffer overflow in GPU in Google Chrome prior to 70.0.3538.67 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. • http://www.securityfocus.com/bid/105666 https://access.redhat.com/errata/RHSA-2018:3004 https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html https://crbug.com/877874 https://security.gentoo.org/glsa/201811-10 https://www.debian.org/security/2018/dsa-4330 https://access.redhat.com/security/cve/CVE-2018-17470 https://bugzilla.redhat.com/show_bug.cgi?id=1640106 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •