CVSS: 6.2EPSS: 0%CPEs: 4EXPL: 0CVE-2023-28101 – Flatpak metadata with ANSI control codes can cause misleading terminal output
https://notcve.org/view.php?id=CVE-2023-28101
16 Mar 2023 — .` Several vulnerabilities have been found in Flatpack, the worst of which lead to privilege escalation and sandbox escape. • https://github.com/flatpak/flatpak/commit/409e34187de2b2b2c4ef34c79f417be698830f6c • CWE-116: Improper Encoding or Escaping of Output •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-28100 – TIOCLINUX can send commands outside sandbox if running on a virtual console
https://notcve.org/view.php?id=CVE-2023-28100
16 Mar 2023 — Several vulnerabilities have been found in Flatpack, the worst of which lead to privilege escalation and sandbox escape. • https://github.com/flatpak/flatpak/commit/8e63de9a7d3124f91140fc74f8ca9ed73ed53be9 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2023-28154 – webpack JS package <= 5.75.0 - Sandbox Bypass
https://notcve.org/view.php?id=CVE-2023-28154
13 Mar 2023 — The JS package webpack is vulnerable to Sandbox Bypass in versions up to, and including, 5.75.0 due to mishandling magic comments. • https://github.com/webpack/webpack/compare/v5.75.0...v5.76.0 • CWE-269: Improper Privilege Management •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-24422 – jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin
https://notcve.org/view.php?id=CVE-2023-24422
24 Jan 2023 — A sandbox bypass vulnerability involving map constructors in Jenkins Script Security Plugin 1228.vd93135a_2fb_25 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM. • https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-3016 • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 14%CPEs: 1EXPL: 1CVE-2019-13768
https://notcve.org/view.php?id=CVE-2019-13768
02 Jan 2023 — Use after free in FileAPI in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 1CVE-2022-4135 – Google Chromium GPU Heap Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2022-4135
25 Nov 2022 — Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. ... Google Chromium GPU contains a heap buffer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_24.html • CWE-787: Out-of-bounds Write •
CVSS: 9.6EPSS: 0%CPEs: 2EXPL: 0CVE-2022-3890 – Debian Security Advisory 5275-1
https://notcve.org/view.php?id=CVE-2022-3890
09 Nov 2022 — Heap buffer overflow in Crashpad in Google Chrome on Android prior to 107.0.5304.106 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop.html • CWE-787: Out-of-bounds Write •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43401 – jenkins-plugin/script-security: Sandbox bypass vulnerabilities in Jenkins Script Security Plugin
https://notcve.org/view.php?id=CVE-2022-43401
19 Oct 2022 — Una vulnerabilidad de omisión del sandbox que involucra varios moldes llevados a cabo implícitamente por el tiempo de ejecución del lenguaje Groovy en Jenkins Script Security Plugin versiones 1183.v774b_0b_0a_a_451 y anteriores, permite a atacantes con permiso para definir y ejecutar scripts en sandbox, incluyendo Pipelines, omitir la protección del sandbox y ejecutar código arbitrario en el contexto de la JVM del controlador de Jenkins A sandbox bypass vulnerability was found in several Jenkins plug... • http://www.openwall.com/lists/oss-security/2022/10/19/3 • CWE-693: Protection Mechanism Failure •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43402 – jenkins-plugin/workflow-cps: Sandbox bypass vulnerabilities in Pipeline: Groovy Plugin
https://notcve.org/view.php?id=CVE-2022-43402
19 Oct 2022 — Una vulnerabilidad de omisión del sandbox que involucra varios lanzamientos llevados a cabo implícitamente por el tiempo de ejecución del lenguaje Groovy en Jenkins Pipeline: Groovy Plugin versiones 2802.v5ea_628154b_c2 y anteriores, permite a atacantes con permiso para definir y ejecutar scripts con sandbox, incluyendo Pipelines, omitir la protección del sandbox y ejecutar código arbitrario en el contexto de la JVM del controlador de Jenkins A sandbox bypass vulnerability was found in several Jenkin... • http://www.openwall.com/lists/oss-security/2022/10/19/3 • CWE-693: Protection Mechanism Failure •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43403 – jenkins-plugin/script-security: Sandbox bypass vulnerabilities in Jenkins Script Security Plugin
https://notcve.org/view.php?id=CVE-2022-43403
19 Oct 2022 — A sandbox bypass vulnerability involving casting an array-like value to an array type in Jenkins Script Security Plugin 1183.v774b_0b_0a_a_451 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM. Una vulnerabilidad de omisión del sandbox que involucra la fundición de un valor de tipo array a un tipo de array en Jenkins Script Security Plugin versi... • http://www.openwall.com/lists/oss-security/2022/10/19/3 • CWE-693: Protection Mechanism Failure •