335 matches found
CVE-2025-30259
The WhatsApp cloud service before late 2024 did not block certain crafted PDF content that can defeat a sandbox protection mechanism and consequently allow remote access to messaging applications by third parties, as exploited in the wild in 2024 for installation of Android malware associated wit...
Advisory ROSA-SA-2025-2762
Software: python-jinja2 2.7.2 OS: rosa-server79 packageevrstring: python-jinja2-2.7.2-4.0.1.res7 CVE-ID: CVE-2024-56326 BDU-ID: 2025-00113 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the str.format method of the jinja html templating tool is related to the failure to neutralize special element...
ROS-20250121-09
Vulnerability of the compiler of the html-template tool jinja is related to the failure to neutralize the special controls when processing f-lines. Exploitation of the vulnerability could allow an attacker to bypass the sandbox protection mechanism, execute arbitrary code, or cause a denial of...
CVE-2024-52554
Jenkins Shared Library Version Override Plugin 17.v786074c9fce7 and earlier declares folder-scoped library overrides as trusted, so that they're not executed in the Script Security sandbox, allowing attackers with Item/Configure permission on a folder to configure a folder-scoped library override...
CVE-2024-52554
Jenkins Shared Library Version Override Plugin 17.v786074c9fce7 and earlier declares folder-scoped library overrides as trusted, so that they're not executed in the Script Security sandbox, allowing attackers with Item/Configure permission on a folder to configure a folder-scoped library override...
GHSA-JXR4-4PRV-MH83 ejson shell parser in MongoDB Compass maybe bypassed
MongoDB Compass may be susceptible to code injection due to insufficient sandbox protection settings with the usage of ejson shell parser in Compass' connection handling. This issue affects MongoDB Compass versions prior to version 1.42.2...
ejson shell parser in MongoDB Compass maybe bypassed
MongoDB Compass may be susceptible to code injection due to insufficient sandbox protection settings with the usage of ejson shell parser in Compass' connection handling. This issue affects MongoDB Compass versions prior to version 1.42.2...
CVE-2024-6376
MongoDB Compass may be susceptible to code injection due to insufficient sandbox protection settings with the usage of ejson shell parser in Compass' connection handling. This issue affects MongoDB Compass versions prior to version 1.42.2...
CVE-2024-6376
MongoDB Compass may be susceptible to code injection due to insufficient sandbox protection settings with the usage of ejson shell parser in Compass' connection handling. This issue affects MongoDB Compass versions prior to version 1.42.2...
CVE-2024-6376 ejson shell parser in MongoDB Compass maybe bypassed
MongoDB Compass may be susceptible to code injection due to insufficient sandbox protection settings with the usage of ejson shell parser in Compass' connection handling. This issue affects MongoDB Compass versions prior to version 1.42.2...
CVE-2024-6376 ejson shell parser in MongoDB Compass maybe bypassed
MongoDB Compass may be susceptible to code injection due to insufficient sandbox protection settings with the usage of ejson shell parser in Compass' connection handling. This issue affects MongoDB Compass versions prior to version 1.42.2...
ejson shell parser in MongoDB Compass maybe bypassed
MongoDB Compass may be susceptible to code injection due to insufficient sandbox protection settings with the usage of ejson shell parser in Compass' connection handling. This issue affects MongoDB Compass versions prior to version 1.42.2...
CVE-2023-42124
Avast Premium Security Sandbox Protection Incorrect Authorization Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Premium Security. An attacker must first obtain the ability to execute low-privileged code on t...
CVE-2023-42125
Avast Premium Security Sandbox Protection Link Following Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Premium Security. An attacker must first obtain the ability to execute low-privileged code on the target...
CVE-2023-42125 Avast Premium Security Sandbox Protection Link Following Privilege Escalation Vulnerability
Avast Premium Security Sandbox Protection Link Following Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Premium Security. An attacker must first obtain the ability to execute low-privileged code on the target...
CVE-2023-42124
CVE-2023-42124 concerns Avast Premium Security. The flaw is in the sandbox feature’s implementation, caused by incorrect authorization, allowing a local attacker who can run low-privileged code to escalate privileges and execute arbitrary code outside the sandbox, at medium integrity and high imp...
PT-2023-9237 · Mongodb · Mongodb Compass
Name of the Vulnerable Software and Affected Versions: MongoDB Compass versions prior to 1.42.2 Description: The issue is related to insufficient sandbox protection settings with the usage of ejson shell parser in Compass' connection handling, which may allow attackers to execute malicious code o...
K22141757: Artifex Ghostscript vulnerabilities CVE-2018-18284, CVE-2018-15910, CVE-2018-15911, and CVE-2018-16513
Security Advisory Description CVE-2018-18284 Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator. CVE-2018-15910 In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a...
CVE-2023-25765
In Jenkins Email Extension Plugin 2.93 and earlier, templates defined inside a folder were not subject to Script Security protection, allowing attackers able to define email templates in folders to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller J...
Code injection
In Jenkins Email Extension Plugin 2.93 and earlier, templates defined inside a folder were not subject to Script Security protection, allowing attackers able to define email templates in folders to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller J...