CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 1CVE-2023-26919
https://notcve.org/view.php?id=CVE-2023-26919
10 Apr 2023 — delight-nashorn-sandbox 0.2.4 and 0.2.5 is vulnerable to sandbox escape. • https://github.com/javadelight/delight-nashorn-sandbox/issues/135 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 10.0EPSS: 59%CPEs: 1EXPL: 4CVE-2023-29017 – vm2 Sandbox Escape vulnerability
https://notcve.org/view.php?id=CVE-2023-29017
06 Apr 2023 — vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Prior to version 3.9.15, vm2 was not properly handling host objects passed to `Error.prepareStackTrace` in case of unhandled async errors. A threat actor could bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. This vulnerability was patched in the release of version 3.9.15 of vm2. There are no known workarounds. • https://github.com/timb-machine-mirrors/seongil-wi-CVE-2023-29017 • CWE-755: Improper Handling of Exceptional Conditions CWE-913: Improper Control of Dynamically-Managed Code Resources •
CVSS: 6.4EPSS: 1%CPEs: 1EXPL: 1CVE-2022-27665
https://notcve.org/view.php?id=CVE-2022-27665
03 Apr 2023 — Reflected XSS (via AngularJS sandbox escape expressions) exists in Progress Ipswitch WS_FTP Server 8.6.0. • https://github.com/dievus/CVE-2022-27665 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.2EPSS: 0%CPEs: 4EXPL: 0CVE-2023-28101 – Flatpak metadata with ANSI control codes can cause misleading terminal output
https://notcve.org/view.php?id=CVE-2023-28101
16 Mar 2023 — .` Several vulnerabilities have been found in Flatpack, the worst of which lead to privilege escalation and sandbox escape. • https://github.com/flatpak/flatpak/commit/409e34187de2b2b2c4ef34c79f417be698830f6c • CWE-116: Improper Encoding or Escaping of Output •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-28100 – TIOCLINUX can send commands outside sandbox if running on a virtual console
https://notcve.org/view.php?id=CVE-2023-28100
16 Mar 2023 — Several vulnerabilities have been found in Flatpack, the worst of which lead to privilege escalation and sandbox escape. • https://github.com/flatpak/flatpak/commit/8e63de9a7d3124f91140fc74f8ca9ed73ed53be9 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 2%CPEs: 1EXPL: 0CVE-2023-28154 – webpack JS package <= 5.75.0 - Sandbox Bypass
https://notcve.org/view.php?id=CVE-2023-28154
13 Mar 2023 — The JS package webpack is vulnerable to Sandbox Bypass in versions up to, and including, 5.75.0 due to mishandling magic comments. • https://github.com/webpack/webpack/compare/v5.75.0...v5.76.0 • CWE-269: Improper Privilege Management •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-24422 – jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin
https://notcve.org/view.php?id=CVE-2023-24422
24 Jan 2023 — A sandbox bypass vulnerability involving map constructors in Jenkins Script Security Plugin 1228.vd93135a_2fb_25 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM. • https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-3016 • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 14%CPEs: 1EXPL: 1CVE-2019-13768
https://notcve.org/view.php?id=CVE-2019-13768
02 Jan 2023 — Use after free in FileAPI in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 1CVE-2022-4135 – Google Chromium GPU Heap Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2022-4135
25 Nov 2022 — Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. ... Google Chromium GPU contains a heap buffer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_24.html • CWE-787: Out-of-bounds Write •
CVSS: 9.6EPSS: 0%CPEs: 2EXPL: 0CVE-2022-3890 – Debian Security Advisory 5275-1
https://notcve.org/view.php?id=CVE-2022-3890
09 Nov 2022 — Heap buffer overflow in Crashpad in Google Chrome on Android prior to 107.0.5304.106 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop.html • CWE-787: Out-of-bounds Write •