CVE-2023-50386 – Apache Solr: Backup/Restore APIs allow for deployment of executables in malicious ConfigSets
https://notcve.org/view.php?id=CVE-2023-50386
Execution can further bypass the Java sandbox configured by Solr, ultimately causing arbitrary command execution. • http://www.openwall.com/lists/oss-security/2024/02/09/1 https://solr.apache.org/security.html#cve-2023-50386-apache-solr-backuprestore-apis-allow-for-deployment-of-executables-in-malicious-configsets • CWE-434: Unrestricted Upload of File with Dangerous Type CWE-913: Improper Control of Dynamically-Managed Code Resources •
CVE-2024-23681 – Artemis Java Test Sandbox Libary Load Escape
https://notcve.org/view.php?id=CVE-2024-23681
Artemis Java Test Sandbox versions before 1.11.2 are vulnerable to a sandbox escape when an attacker loads untrusted libraries using System.load or System.loadLibrary. ... Las versiones de Artemis Java Test Sandbox anteriores a 1.11.2 son vulnerables a un escape de la sandbox cuando un atacante carga librerías que no son de confianza utilizando System.load o System.loadLibrary. • https://github.com/advisories/GHSA-98hq-4wmw-98w9 https://github.com/ls1intum/Ares/security/advisories/GHSA-98hq-4wmw-98w9 https://vulncheck.com/advisories/vc-advisory-GHSA-98hq-4wmw-98w9 • CWE-284: Improper Access Control •
CVE-2024-23683 – Artemis Java Test Sandbox InvocationTargetException Subclass Escape
https://notcve.org/view.php?id=CVE-2024-23683
Artemis Java Test Sandbox versions less than 1.7.6 are vulnerable to a sandbox escape when an attacker crafts a special subclass of InvocationTargetException. ... Las versiones de Artemis Java Test Sandbox inferiores a 1.7.6 son vulnerables a un escape de la sandbox cuando un atacante crea una subclase especial de InvocationTargetException. • https://github.com/advisories/GHSA-883x-6fch-6wjx https://github.com/ls1intum/Ares/commit/af4f28a56e2fe600d8750b3b415352a0a3217392 https://github.com/ls1intum/Ares/issues/15#issuecomment-996449371 https://github.com/ls1intum/Ares/releases/tag/1.7.6 https://github.com/ls1intum/Ares/security/advisories/GHSA-883x-6fch-6wjx https://vulncheck.com/advisories/vc-advisory-GHSA-883x-6fch-6wjx •
CVE-2024-23682 – Artemis Java Test Sandbox Class Loading Escape
https://notcve.org/view.php?id=CVE-2024-23682
Artemis Java Test Sandbox versions before 1.8.0 are vulnerable to a sandbox escape when an attacker includes class files in a package that Ares trusts. ... Las versiones de Artemis Java Test Sandbox anteriores a 1.8.0 son vulnerables a un escape de la sandbox cuando un atacante incluye archivos de clase en un paquete en el que Ares confía. • https://github.com/advisories/GHSA-227w-wv4j-67h4 https://github.com/ls1intum/Ares/issues/15 https://github.com/ls1intum/Ares/releases/tag/1.8.0 https://github.com/ls1intum/Ares/security/advisories/GHSA-227w-wv4j-67h4 https://vulncheck.com/advisories/vc-advisory-GHSA-227w-wv4j-67h4 • CWE-501: Trust Boundary Violation CWE-653: Improper Isolation or Compartmentalization •
CVE-2023-6860 – Mozilla: Potential sandbox escape due to <code>VideoBridge</code> lack of texture validation
https://notcve.org/view.php?id=CVE-2023-6860
This could be abused to escape the sandbox. ... Se podría abusar de esto para escapar de la sandbox. ... This could be abused to escape the sandbox. • https://bugzilla.mozilla.org/show_bug.cgi?id=1854669 https://lists.debian.org/debian-lts-announce/2023/12/msg00020.html https://lists.debian.org/debian-lts-announce/2023/12/msg00021.html https://security.gentoo.org/glsa/202401-10 https://www.debian.org/security/2023/dsa-5581 https://www.debian.org/security/2023/dsa-5582 https://www.mozilla.org/security/advisories/mfsa2023-54 https://www.mozilla.org/security/advisories/mfsa2023-55 https://www.mozilla.org/security/advisories/mf • CWE-20: Improper Input Validation •