CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-2109 – jenkins-pipeline-groovy-plugin: sandbox protection bypass through default parameter expressions in CPS-transformed methods
https://notcve.org/view.php?id=CVE-2020-2109
Sandbox protection in Jenkins Pipeline: Groovy Plugin 2.78 and earlier can be circumvented through default parameter expressions in CPS-transformed methods. La protección de Sandbox en Jenkins Pipeline: Groovy Plugin versiones 2.78 y anteriores, puede ser omitida mediante expresiones de parámetros predeterminadas en métodos CPS-transformed. • http://www.openwall.com/lists/oss-security/2020/02/12/3 https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1710 https://access.redhat.com/security/cve/CVE-2020-2109 https://bugzilla.redhat.com/show_bug.cgi?id=1819095 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-2110 – jenkins-script-security-plugin: sandbox protection bypass during script compilation phase by applying AST transforming annotations
https://notcve.org/view.php?id=CVE-2020-2110
Sandbox protection in Jenkins Script Security Plugin 1.69 and earlier could be circumvented during the script compilation phase by applying AST transforming annotations to imports or by using them inside of other annotations. La protección de Sandbox en Jenkins Script Security Plugin versiones 1.69 y anteriores, podría omitirse durante la fase de compilación del script mediante la aplicación de anotaciones de transformación AST para las importaciones o al usarlas dentro de otras anotaciones. • http://www.openwall.com/lists/oss-security/2020/02/12/3 https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1713 https://access.redhat.com/security/cve/CVE-2020-2110 https://bugzilla.redhat.com/show_bug.cgi?id=1819093 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2012-6302
https://notcve.org/view.php?id=CVE-2012-6302
Soapbox through 0.3.1: Sandbox bypass - runs a second instance of Soapbox within a sandboxed Soapbox. Soapbox versiones hasta 0.3.1: Omisión de sandbox: ejecuta una segunda instancia de Soapbox dentro de un Soapbox en sandbox. • http://www.openwall.com/lists/oss-security/2012/12/10/1 • CWE-269: Improper Privilege Management •
CVSS: 8.1EPSS: 0%CPEs: 68EXPL: 0CVE-2020-2604 – OpenJDK: Serialization filter changes via jdk.serialFilter property modification (Serialization, 8231422)
https://notcve.org/view.php?id=CVE-2020-2604
., code that comes from the internet) and rely on the Java sandbox for security. ... A process-wide filter could have been modified by setting jdk.serialFilter system property at runtime, possibly leading to a bypass of the intended filter during deserialization. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html https://access.redhat.com/errata/RHSA-2020:0122 https://access.redhat.com/errata/RHSA-2020:0128 https://access.redhat.com/errata/RHSA-2020:0196 https://access.redhat.com/errata/RHSA-2020:0202 https://access.redhat.com/errata/RHSA-2020:0231 https://access.redhat.com/errata/RHSA-2020:0232 https://access.redhat.com/errata/RHSA-2020:0 • CWE-471: Modification of Assumed-Immutable Data (MAID) CWE-502: Deserialization of Untrusted Data •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-19788
https://notcve.org/view.php?id=CVE-2019-19788
Opera for Android before 54.0.2669.49432 is vulnerable to a sandboxed cross-origin iframe bypass attack. By using a service working inside a sandboxed iframe it is possible to bypass the normal sandboxing attributes. ... Opera para Android versiones anteriores a 54.0.2669.49432, es vulnerable a un ataque de omisión de iframe de origen cruzado dentro del sandbox. Al utilizar un servicio que funciona dentro de un iframe del sandbox, es posible omitir los atributos normales del sandbox. • https://security.opera.com/bypass-a-restriction-in-ofa-54-opera-security-advisories •