1035 results (0.159 seconds)

CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0

04 Mar 2025 — This could have led to a sandbox escape. This vulnerability affects Firefox < 136, Firefox ESR < 115.21, and Firefox ESR < 128.8. ... This could have led to a sandbox escape. This vulnerability affects Firefox < 136, Firefox ESR < 115.21, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8. • https://bugzilla.mozilla.org/show_bug.cgi?id=1902309 • CWE-416: Use After Free •

CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0

06 Feb 2025 — Sandbox escape in the JavaScript Task feature of Google Cloud Application Integration allows an actor to execute arbitrary unsandboxed code via crafted JavaScript code executed by the Rhino engine. • https://cloud.google.com/application-integration/docs/release-notes#January_23_2025 • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

27 Jan 2025 — An access issue was addressed with additional sandbox restrictions. ... An app may be able to bypass Privacy preferences. macOS Sequoia 15.3 addresses buffer overflow, bypass, code execution, information leakage, integer overflow, null pointer, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities. • https://support.apple.com/en-us/122068 • CWE-862: Missing Authorization •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

27 Jan 2025 — An app may be able to read files outside of its sandbox. macOS Sequoia 15.3 addresses buffer overflow, bypass, code execution, information leakage, integer overflow, null pointer, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities. • https://support.apple.com/en-us/122068 •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

27 Jan 2025 — An access issue was addressed with additional sandbox restrictions. ... An app may be able to access protected user data. macOS Sequoia 15.3 addresses buffer overflow, bypass, code execution, information leakage, integer overflow, null pointer, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities. • https://support.apple.com/en-us/122068 •

CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0

24 Jan 2025 — Prior to version 1.0.6, if an attacker can control the input to the `asteval` library, they can bypass asteval's restrictions and execute arbitrary Python code in the context of the application using the library. • https://github.com/lmfit/asteval/blob/cfb57f0beebe0dc0520a1fbabc35e66060c7ea71/asteval/asteval.py#L507 • CWE-134: Use of Externally-Controlled Format String CWE-749: Exposed Dangerous Method or Function •

CVSS: 8.2EPSS: 0%CPEs: 4EXPL: 0

11 Dec 2024 — An app may be able to break out of its sandbox. macOS Sequoia 15.2 addresses bypass, code execution, and out of bounds access vulnerabilities. • https://support.apple.com/en-us/121837 •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1

11 Dec 2024 — MacOS suffers from a sandbox escape vulnerability due to a type confusion issue in coreaudiod/CoreAudio Framework. • https://packetstorm.news/files/id/188787 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1

11 Dec 2024 — An app may be able to break out of its sandbox. macOS Sequoia 15.2 addresses bypass, code execution, and out of bounds access vulnerabilities. • https://github.com/wh1te4ever/CVE-2024-54498-PoC •

CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0

11 Dec 2024 — Prior to commit 1d4219c596f4f518798492e48386a20c6e9a2fe6, an attacker can write a malicious docx template containing expressions that escape the JavaScript sandbox to execute arbitrary code on the system. • https://github.com/pwndoc/pwndoc/blob/main/backend/src/lib/report-filters.js#L258-L260 • CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •