CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 2CVE-2024-23682 – Artemis Java Test Sandbox Class Loading Escape
https://notcve.org/view.php?id=CVE-2024-23682
19 Jan 2024 — Artemis Java Test Sandbox versions before 1.8.0 are vulnerable to a sandbox escape when an attacker includes class files in a package that Ares trusts. ... Las versiones de Artemis Java Test Sandbox anteriores a 1.8.0 son vulnerables a un escape de la sandbox cuando un atacante incluye archivos de clase en un paquete en el que Ares confía. • https://github.com/advisories/GHSA-227w-wv4j-67h4 • CWE-501: Trust Boundary Violation CWE-653: Improper Isolation or Compartmentalization •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6135 – nss: vulnerable to Minerva side-channel information leak
https://notcve.org/view.php?id=CVE-2023-6135
19 Dec 2023 — An attacker could potentially exploit this issue to escape the sandbox. • https://bugzilla.mozilla.org/show_bug.cgi?id=1853908 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-203: Observable Discrepancy •
CVSS: 10.0EPSS: 1%CPEs: 6EXPL: 0CVE-2023-6864 – Mozilla: Memory safety bugs fixed in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6
https://notcve.org/view.php?id=CVE-2023-6864
19 Dec 2023 — An attacker could potentially exploit this issue to escape the sandbox. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1736385%2C1810805%2C1846328%2C1856090%2C1858033%2C1858509%2C1862089%2C1862777%2C1864015 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 1%CPEs: 6EXPL: 0CVE-2023-6861 – Mozilla: Heap buffer overflow affected <code>nsWindow::PickerOpen(void)</code> in headless mode
https://notcve.org/view.php?id=CVE-2023-6861
19 Dec 2023 — An attacker could potentially exploit this issue to escape the sandbox. • https://bugzilla.mozilla.org/show_bug.cgi?id=1864118 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-6860 – Mozilla: Potential sandbox escape due to <code>VideoBridge</code> lack of texture validation
https://notcve.org/view.php?id=CVE-2023-6860
19 Dec 2023 — This could be abused to escape the sandbox. ... Se podría abusar de esto para escapar de la sandbox. ... This could be abused to escape the sandbox. ... An attacker could potentially exploit this issue to escape the sandbox. • https://bugzilla.mozilla.org/show_bug.cgi?id=1854669 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 0CVE-2023-6857 – Mozilla: Symlinks may resolve to smaller than expected buffers
https://notcve.org/view.php?id=CVE-2023-6857
19 Dec 2023 — An attacker could potentially exploit this issue to escape the sandbox. • https://bugzilla.mozilla.org/show_bug.cgi?id=1796023 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-363: Race Condition Enabling Link Following •
CVSS: 10.0EPSS: 1%CPEs: 6EXPL: 0CVE-2023-6856 – Mozilla: Heap-buffer-overflow affecting WebGL <code>DrawElementsInstanced</code> method with Mesa VM driver
https://notcve.org/view.php?id=CVE-2023-6856
19 Dec 2023 — This issue could allow an attacker to perform remote code execution and sandbox escape. ... This issue could allow an attacker to perform remote code execution and sandbox escape. ... An attacker could potentially exploit this issue to escape the sandbox. • https://bugzilla.mozilla.org/show_bug.cgi?id=1843782 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-44382 – October CMS safe mode bypass using Twig sandbox escape
https://notcve.org/view.php?id=CVE-2023-44382
01 Dec 2023 — An authenticated backend user with the `editor.cms_pages`, `editor.cms_layouts`, or `editor.cms_partials` permissions who would normally not be permitted to provide PHP code to be executed by the CMS due to `cms.safe_mode` being enabled can write specific Twig code to escape the Twig sandbox and execute arbitrary PHP. ... Un usuario backend autenticado con los permisos `editor.cms_pages`, `editor.cms_layouts` o `editor.cms_partials` a quien normalmente no se le permitiría proporcionar código P... • https://github.com/octobercms/october/security/advisories/GHSA-p8q3-h652-65vx • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 17%CPEs: 7EXPL: 0CVE-2023-6345 – Google Skia Integer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2023-6345
29 Nov 2023 — Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High) El desbordamiento de enteros en Skia en Google Chrome anterior a 119.0.6045.199 permitió a un atacante remoto que había comprometido el proceso de renderizado realizar potencialmente un escape de la zona de pruebas a través de un archivo malicioso. ... Google C... • https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop_28.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.7EPSS: 0%CPEs: 6EXPL: 1CVE-2023-5557 – Tracker-miners: sandbox escape
https://notcve.org/view.php?id=CVE-2023-5557
13 Oct 2023 — A weakness in the sandbox allows a maliciously-crafted file to execute code outside the sandbox if the tracker-extract process has first been compromised by a separate vulnerability. ... Una debilidad en la sandbox permite que un archivo creado con fines malintencionados ejecute código fuera de la sandbox si el proceso de extracción del rastreador se ha visto comprometido primero por una vulnerabilidad separada. • https://access.redhat.com/errata/RHSA-2023:7712 • CWE-693: Protection Mechanism Failure •