1027 results (0.204 seconds)

CVSS: 8.2EPSS: 0%CPEs: 4EXPL: 0

11 Dec 2024 — An app may be able to break out of its sandbox. macOS Sequoia 15.2 addresses bypass, code execution, and out of bounds access vulnerabilities. • https://support.apple.com/en-us/121837 •

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1

11 Dec 2024 — An app may be able to break out of its sandbox. macOS Sequoia 15.2 addresses bypass, code execution, and out of bounds access vulnerabilities. • https://github.com/wh1te4ever/CVE-2024-54498-PoC •

CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0

11 Dec 2024 — Prior to commit 1d4219c596f4f518798492e48386a20c6e9a2fe6, an attacker can write a malicious docx template containing expressions that escape the JavaScript sandbox to execute arbitrary code on the system. • https://github.com/pwndoc/pwndoc/blob/main/backend/src/lib/report-filters.js#L258-L260 • CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •

CVSS: 8.4EPSS: 0%CPEs: 3EXPL: 0

09 Dec 2024 — Winter CMS prior to versions 1.2.7, 1.1.11, and 1.0.476 allow users with access to the CMS templates sections that modify Twig files to bypass the sandbox placed on Twig files and modify resources such as theme customisation values or modify, or remove, templates in the theme even if not provided direct access via the permissions. ... The maintainers of Winter CMS have significantly increased the scope of the sandbox, effectively making all models and datasources read-only in Twig, in v... • https://github.com/wintercms/winter/commit/fb88e6fabde3b3278ce1844e581c87dcf7daee22 • CWE-184: Incomplete List of Disallowed Inputs •

CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0

04 Dec 2024 — In JetBrains YouTrack before 2024.3.51866 system takeover was possible through path traversal in plugin sandbox En JetBrains YouTrack antes de 2024.3.51866, la toma de control del sistema era posible a través del path traversal en el entorno protegido del complemento • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-23: Relative Path Traversal

CVSS: 9.2EPSS: 0%CPEs: 1EXPL: 0

29 Nov 2024 — An authenticated user (**UserA**) with no privileges is authorized to read all files created in sandbox belonging to other users in the sandbox folders `C:\Sandbox\UserB\xxx`. An authenticated user (**UserA**) with no privileges is authorized to read all files created in sandbox belonging to other users in the sandbox folders `C:\Sandbox\UserB\xxx`. An authenticated attacker who can use `explorer.exe` or `cmd.exe` outside any sandbox can read other users' fil... • https://github.com/sandboxie-plus/Sandboxie/security/advisories/GHSA-4chj-3c28-gvmp • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0

12 Nov 2024 — Inappropriate implementation in Views in Google Chrome on Windows prior to 131.0.6778.69 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2024/11/stable-channel-update-for-desktop_12.html •

CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0

05 Nov 2024 — The cap-std project is organized around the eponymous `cap-std` crate, and develops libraries to make it easy to write capability-based code. cap-std's filesystem sandbox implementation on Windows blocks access to special device filenames such as "COM1", "COM2", "LPT0", "LPT1", and so on, however it did not block access to the special device filenames which use superscript digits, such as "COM¹", "COM²", "LPT⁰", "LPT¹", and so on. Untrusted filesystem paths could bypass the sandbox and ... • https://en.wikipedia.org/wiki/ISO/IEC_8859-1 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.6EPSS: 0%CPEs: 3EXPL: 0

05 Nov 2024 — Wasmtime's filesystem sandbox implementation on Windows blocks access to special device filenames such as "COM1", "COM2", "LPT0", "LPT1", and so on, however it did not block access to the special device filenames which use superscript digits, such as "COM¹", "COM²", "LPT⁰", "LPT¹", and so on. Untrusted Wasm programs that are given access to any filesystem directory could bypass the sandbox and access devices through those special device filenames with superscript digits, and through the... • https://en.wikipedia.org/wiki/ISO/IEC_8859-1 • CWE-67: Improper Handling of Windows Device Names CWE-184: Incomplete List of Disallowed Inputs •

CVSS: 8.4EPSS: 0%CPEs: 7EXPL: 0

31 Oct 2024 — On macOS, built-in builders (such as `builtin:fetchurl`, exposed to users with `import <nix/fetchurl.nix>`) were not executed in the macOS sandbox. Thus, these builders (which are running under the `nixbld*` users) had read access to world-readable paths and write access to world-writable paths outside of the sandbox. ... The Nix sandbox is not primarily intended as a security mechanism, but as an aid to improve reproducibility and purity of Nix builds. • https://github.com/NixOS/nix/commit/597fcc98e18e3178734d06a9e7306250e8cb8d74 • CWE-693: Protection Mechanism Failure •