CVSS: 10.0EPSS: 0%CPEs: 31EXPL: 0CVE-2024-7520 – mozilla: Type confusion in WebAssembly
https://notcve.org/view.php?id=CVE-2024-7520
06 Aug 2024 — An attacker could potentially exploit this issue to escape the sandbox. • https://bugzilla.mozilla.org/show_bug.cgi?id=1903041 •
CVSS: 10.0EPSS: 0%CPEs: 33EXPL: 0CVE-2024-7519 – mozilla: Out of bounds memory access in graphics shared memory handling
https://notcve.org/view.php?id=CVE-2024-7519
06 Aug 2024 — This could be leveraged by an attacker to perform a sandbox escape. ... This could be leveraged by an attacker to perform a sandbox escape. ... This could be leveraged by an attacker to perform a sandbox escape. ... An attacker could potentially exploit this issue to escape the sandbox. • https://bugzilla.mozilla.org/show_bug.cgi?id=1902307 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 31EXPL: 0CVE-2024-7518 – mozilla: Fullscreen notification dialog can be obscured by document content
https://notcve.org/view.php?id=CVE-2024-7518
06 Aug 2024 — An attacker could potentially exploit this issue to escape the sandbox. • https://bugzilla.mozilla.org/show_bug.cgi?id=1875354 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29069 – snapd will follow archived symlinks when unpacking a filesystem
https://notcve.org/view.php?id=CVE-2024-29069
25 Jul 2024 — An attacker who could convince a user to install a malicious snap could use this vulnerability to escape the snap sandbox. • https://github.com/snapcore/snapd/pull/13682 • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 6.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29068 – snapd non-regular file indefinite blocking read
https://notcve.org/view.php?id=CVE-2024-29068
25 Jul 2024 — An attacker who could convince a user to install a malicious snap could use this vulnerability to escape the snap sandbox. • https://github.com/snapcore/snapd/commit/b66fee81606a1c05f965a876ccbaf44174194063 • CWE-20: Improper Input Validation •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1724 – snapd allows $HOME/bin symlink
https://notcve.org/view.php?id=CVE-2024-1724
25 Jul 2024 — In snapd versions prior to 2.62, when using AppArmor for enforcement of sandbox permissions, snapd failed to restrict writes to the $HOME/bin path. In snapd versions prior to 2.62, when using AppArmor for enforcement of sandbox permissions, snapd failed to restrict writes to the $HOME/bin path. ... An attacker who could convince a user to install a malicious snap which used the 'home' plug could use this vulnerability to install arbitrary scripts into the users PATH which may then be run by th... • https://github.com/snapcore/snapd/commit/aa191f97713de8dc3ce3ac818539f0b976eb8ef6 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-7012
https://notcve.org/view.php?id=CVE-2023-7012
16 Jul 2024 — Insufficient data validation in Permission Prompts in Google Chrome prior to 117.0.5938.62 allowed an attacker who convinced a user to install a malicious app to potentially perform a sandbox escape via a malicious file. • https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html • CWE-20: Improper Input Validation CWE-138: Improper Neutralization of Special Elements •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4860
https://notcve.org/view.php?id=CVE-2023-4860
16 Jul 2024 — Inappropriate implementation in Skia in Google Chrome prior to 115.0.5790.98 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2023/07/stable-channel-update-for-desktop.html • CWE-303: Incorrect Implementation of Authentication Algorithm •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0CVE-2019-25154
https://notcve.org/view.php?id=CVE-2019-25154
16 Jul 2024 — Inappropriate implementation in iframe in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6779 – Debian Security Advisory 5732-1
https://notcve.org/view.php?id=CVE-2024-6779
16 Jul 2024 — Out of bounds memory access in V8 in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop.html •