CVE-2024-29944 – Mozilla Firefox Exposed Dangerous Function Sandbox Escape Vulnerability
https://notcve.org/view.php?id=CVE-2024-29944
This vulnerability allows remote attackers to escape the sandbox on affected installations of Mozilla Firefox. ... An attacker can leverage this vulnerability to escape the sandbox and execute arbitrary code in the context of the current user at medium integrity. • http://www.openwall.com/lists/oss-security/2024/03/23/1 https://bugzilla.mozilla.org/show_bug.cgi?id=1886852 https://lists.debian.org/debian-lts-announce/2024/03/msg00028.html https://www.mozilla.org/security/advisories/mfsa2024-15 https://www.mozilla.org/security/advisories/mfsa2024-16 https://access.redhat.com/security/cve/CVE-2024-29944 https://bugzilla.redhat.com/show_bug.cgi?id=2271064 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-28116 – Server-Side Template Injection (SSTI) with Grav CMS security sandbox bypass
https://notcve.org/view.php?id=CVE-2024-28116
Grav CMS prior to version 1.7.45 is vulnerable to a Server-Side Template Injection (SSTI), which allows any authenticated user (editor permissions are sufficient) to execute arbitrary code on the remote server bypassing the existing security sandbox. • https://github.com/geniuszlyy/GenGravSSTIExploit https://github.com/akabe1/Graver https://github.com/getgrav/grav/commit/4149c81339274130742831422de2685f298f3a6e https://github.com/getgrav/grav/security/advisories/GHSA-c9gp-64c4-2rrh • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •
CVE-2024-22254 – Out-of-bounds write vulnerability
https://notcve.org/view.php?id=CVE-2024-22254
A malicious actor with privileges within the VMX process may trigger an out-of-bounds write leading to an escape of the sandbox. ... Un actor malicioso con privilegios dentro del proceso VMX puede desencadenar una escritura fuera de los límites que conduzca a un escape del entorno limitado. • https://www.vmware.com/security/advisories/VMSA-2024-0006.html • CWE-787: Out-of-bounds Write •
CVE-2024-23681 – Artemis Java Test Sandbox Libary Load Escape
https://notcve.org/view.php?id=CVE-2024-23681
Artemis Java Test Sandbox versions before 1.11.2 are vulnerable to a sandbox escape when an attacker loads untrusted libraries using System.load or System.loadLibrary. ... Las versiones de Artemis Java Test Sandbox anteriores a 1.11.2 son vulnerables a un escape de la sandbox cuando un atacante carga librerías que no son de confianza utilizando System.load o System.loadLibrary. • https://github.com/advisories/GHSA-98hq-4wmw-98w9 https://github.com/ls1intum/Ares/security/advisories/GHSA-98hq-4wmw-98w9 https://vulncheck.com/advisories/vc-advisory-GHSA-98hq-4wmw-98w9 • CWE-284: Improper Access Control •
CVE-2024-23683 – Artemis Java Test Sandbox InvocationTargetException Subclass Escape
https://notcve.org/view.php?id=CVE-2024-23683
Artemis Java Test Sandbox versions less than 1.7.6 are vulnerable to a sandbox escape when an attacker crafts a special subclass of InvocationTargetException. ... Las versiones de Artemis Java Test Sandbox inferiores a 1.7.6 son vulnerables a un escape de la sandbox cuando un atacante crea una subclase especial de InvocationTargetException. • https://github.com/advisories/GHSA-883x-6fch-6wjx https://github.com/ls1intum/Ares/commit/af4f28a56e2fe600d8750b3b415352a0a3217392 https://github.com/ls1intum/Ares/issues/15#issuecomment-996449371 https://github.com/ls1intum/Ares/releases/tag/1.7.6 https://github.com/ls1intum/Ares/security/advisories/GHSA-883x-6fch-6wjx https://vulncheck.com/advisories/vc-advisory-GHSA-883x-6fch-6wjx •