CVSS: 8.6EPSS: 0%CPEs: 7EXPL: 0CVE-2023-42947
https://notcve.org/view.php?id=CVE-2023-42947
28 Mar 2024 — An app may be able to break out of its sandbox. • https://support.apple.com/en-us/HT214035 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: 32EXPL: 0CVE-2024-29944 – Mozilla Firefox Exposed Dangerous Function Sandbox Escape Vulnerability
https://notcve.org/view.php?id=CVE-2024-29944
22 Mar 2024 — This vulnerability allows remote attackers to escape the sandbox on affected installations of Mozilla Firefox. ... An attacker can leverage this vulnerability to escape the sandbox and execute arbitrary code in the context of the current user at medium integrity. • http://www.openwall.com/lists/oss-security/2024/03/23/1 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-830: Inclusion of Web Functionality from an Untrusted Source •
CVSS: 9.0EPSS: 57%CPEs: 1EXPL: 5CVE-2024-28116 – Server-Side Template Injection (SSTI) with Grav CMS security sandbox bypass
https://notcve.org/view.php?id=CVE-2024-28116
21 Mar 2024 — Grav CMS prior to version 1.7.45 is vulnerable to a Server-Side Template Injection (SSTI), which allows any authenticated user (editor permissions are sufficient) to execute arbitrary code on the remote server bypassing the existing security sandbox. • https://packetstorm.news/files/id/182033 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27102 – Improper isolation of server file access in github.com/pterodactyl/wings
https://notcve.org/view.php?id=CVE-2024-27102
13 Mar 2024 — The full scope of impact is exactly unknown, but reading files outside of a server's base directory (sandbox root) is possible. • https://github.com/pterodactyl/wings/commit/d1c0ca526007113a0f74f56eba99511b4e989287 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-363: Race Condition Enabling Link Following •
CVSS: 6.4EPSS: 0%CPEs: 4EXPL: 0CVE-2024-27297 – Nix Corruption of fixed-output derivations
https://notcve.org/view.php?id=CVE-2024-27297
11 Mar 2024 — It was discovered that insufficient restriction of unix daemon sockets in the GNU Guix functional package manager could result in sandbox bypass. • https://github.com/NixOS/nix/commit/f8170ce9f119e5e6724eb81ff1b5a2d4c0024000 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 8.6EPSS: 0%CPEs: 5EXPL: 0CVE-2024-23278 – Apple Security Advisory 03-07-2024-2
https://notcve.org/view.php?id=CVE-2024-23278
08 Mar 2024 — An app may be able to break out of its sandbox. ... Es posible que una aplicación pueda salir de su zona de pruebas. macOS Sonoma 14.4 addresses buffer overflow, bypass, code execution, out of bounds read, out of bounds write, and spoofing vulnerabilities. • http://seclists.org/fulldisclosure/2024/Mar/21 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 0%CPEs: 5EXPL: 0CVE-2024-0258 – Apple Security Advisory 03-07-2024-2
https://notcve.org/view.php?id=CVE-2024-0258
08 Mar 2024 — An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges. ... Es posible que una aplicación pueda ejecutar código arbitrario fuera de su zona de pruebas o con ciertos privilegios elevados. macOS Sonoma 14.4 addresses buffer overflow, bypass, code execution, out of bounds read, out of bounds write, and spoofing vulnerabilities. • http://seclists.org/fulldisclosure/2024/Mar/21 • CWE-284: Improper Access Control •
CVSS: 8.6EPSS: 0%CPEs: 8EXPL: 0CVE-2024-23246 – Apple Security Advisory 03-07-2024-7
https://notcve.org/view.php?id=CVE-2024-23246
08 Mar 2024 — An app may be able to break out of its sandbox. ... Es posible que una aplicación pueda salir de su zona de pruebas. macOS Sonoma 14.4 addresses buffer overflow, bypass, code execution, out of bounds read, out of bounds write, and spoofing vulnerabilities. • http://seclists.org/fulldisclosure/2024/Mar/21 • CWE-20: Improper Input Validation •
CVSS: 9.0EPSS: 88%CPEs: 2EXPL: 2CVE-2023-50386 – Apache Solr: Backup/Restore APIs allow for deployment of executables in malicious ConfigSets
https://notcve.org/view.php?id=CVE-2023-50386
09 Feb 2024 — Execution can further bypass the Java sandbox configured by Solr, ultimately causing arbitrary command execution. • https://packetstorm.news/files/id/178255 • CWE-434: Unrestricted Upload of File with Dangerous Type CWE-913: Improper Control of Dynamically-Managed Code Resources •
CVSS: 10.0EPSS: 0%CPEs: 40EXPL: 0CVE-2024-20919 – OpenJDK: JVM class file verifier flaw allows unverified bytecode execution (8314295)
https://notcve.org/view.php?id=CVE-2024-20919
24 Jan 2024 — An attacker could possibly use this issue to cause a denial of service, execute arbitrary code or bypass Java sandbox restrictions. ... An attacker could possibly use this issue to bypass Java sandbox restrictions. • https://www.oracle.com/security-alerts/cpujan2024.html • CWE-20: Improper Input Validation •