Lucene search
K

335 matches found

Vulnrichment
Vulnrichment
added 2025/03/19 12:0 a.m.5 views

CVE-2025-30259

The WhatsApp cloud service before late 2024 did not block certain crafted PDF content that can defeat a sandbox protection mechanism and consequently allow remote access to messaging applications by third parties, as exploited in the wild in 2024 for installation of Android malware associated wit...

3.5CVSS4.1AI score0.00236EPSS
Exploits0References2
Rosalinux
Rosalinux
added 2025/03/08 9:17 p.m.11 views

Advisory ROSA-SA-2025-2762

Software: python-jinja2 2.7.2 OS: rosa-server79 packageevrstring: python-jinja2-2.7.2-4.0.1.res7 CVE-ID: CVE-2024-56326 BDU-ID: 2025-00113 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the str.format method of the jinja html templating tool is related to the failure to neutralize special element...

7.8CVSS8.1AI score0.005EPSS
Exploits0
Redos
Redos
added 2025/01/21 12:0 a.m.14 views

ROS-20250121-09

Vulnerability of the compiler of the html-template tool jinja is related to the failure to neutralize the special controls when processing f-lines. Exploitation of the vulnerability could allow an attacker to bypass the sandbox protection mechanism, execute arbitrary code, or cause a denial of...

8.8CVSS7.2AI score0.00979EPSS
Exploits0
NVD
NVD
added 2024/11/13 9:15 p.m.20 views

CVE-2024-52554

Jenkins Shared Library Version Override Plugin 17.v786074c9fce7 and earlier declares folder-scoped library overrides as trusted, so that they're not executed in the Script Security sandbox, allowing attackers with Item/Configure permission on a folder to configure a folder-scoped library override...

8.8CVSS0.00518EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/11/13 8:53 p.m.15 views

CVE-2024-52554

Jenkins Shared Library Version Override Plugin 17.v786074c9fce7 and earlier declares folder-scoped library overrides as trusted, so that they're not executed in the Script Security sandbox, allowing attackers with Item/Configure permission on a folder to configure a folder-scoped library override...

6.7AI score0.00518EPSS
Exploits0References1
OSV
OSV
added 2024/07/01 3:32 p.m.16 views

GHSA-JXR4-4PRV-MH83 ejson shell parser in MongoDB Compass maybe bypassed

MongoDB Compass may be susceptible to code injection due to insufficient sandbox protection settings with the usage of ejson shell parser in Compass' connection handling. This issue affects MongoDB Compass versions prior to version 1.42.2...

7CVSS7.2AI score0.0042EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2024/07/01 3:32 p.m.10 views

ejson shell parser in MongoDB Compass maybe bypassed

MongoDB Compass may be susceptible to code injection due to insufficient sandbox protection settings with the usage of ejson shell parser in Compass' connection handling. This issue affects MongoDB Compass versions prior to version 1.42.2...

9.8CVSS7.3AI score0.0042EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2024/07/01 3:15 p.m.42 views

CVE-2024-6376

MongoDB Compass may be susceptible to code injection due to insufficient sandbox protection settings with the usage of ejson shell parser in Compass' connection handling. This issue affects MongoDB Compass versions prior to version 1.42.2...

9.8CVSS0.0042EPSS
Exploits0References1
OSV
OSV
added 2024/07/01 3:15 p.m.3 views

CVE-2024-6376

MongoDB Compass may be susceptible to code injection due to insufficient sandbox protection settings with the usage of ejson shell parser in Compass' connection handling. This issue affects MongoDB Compass versions prior to version 1.42.2...

9.8CVSS5.8AI score
Exploits0References1
Cvelist
Cvelist
added 2024/07/01 2:57 p.m.34 views

CVE-2024-6376 ejson shell parser in MongoDB Compass maybe bypassed

MongoDB Compass may be susceptible to code injection due to insufficient sandbox protection settings with the usage of ejson shell parser in Compass' connection handling. This issue affects MongoDB Compass versions prior to version 1.42.2...

7CVSS0.0042EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/07/01 2:57 p.m.69 views

CVE-2024-6376 ejson shell parser in MongoDB Compass maybe bypassed

MongoDB Compass may be susceptible to code injection due to insufficient sandbox protection settings with the usage of ejson shell parser in Compass' connection handling. This issue affects MongoDB Compass versions prior to version 1.42.2...

7CVSS7.3AI score0.0042EPSS
Exploits0References1
MongoDB
MongoDB
added 2024/07/01 2:56 p.m.33 views

ejson shell parser in MongoDB Compass maybe bypassed

MongoDB Compass may be susceptible to code injection due to insufficient sandbox protection settings with the usage of ejson shell parser in Compass' connection handling. This issue affects MongoDB Compass versions prior to version 1.42.2...

9.8CVSS7.3AI score0.0042EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2024/05/03 3:15 a.m.27 views

CVE-2023-42124

Avast Premium Security Sandbox Protection Incorrect Authorization Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Premium Security. An attacker must first obtain the ability to execute low-privileged code on t...

7.8CVSS5.8AI score0.00278EPSS
Exploits0References1
NVD
NVD
added 2024/05/03 3:15 a.m.24 views

CVE-2023-42125

Avast Premium Security Sandbox Protection Link Following Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Premium Security. An attacker must first obtain the ability to execute low-privileged code on the target...

7.8CVSS7.8AI score0.00396EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/05/03 2:13 a.m.33 views

CVE-2023-42125 Avast Premium Security Sandbox Protection Link Following Privilege Escalation Vulnerability

Avast Premium Security Sandbox Protection Link Following Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Premium Security. An attacker must first obtain the ability to execute low-privileged code on the target...

7.8CVSS8AI score0.00396EPSS
Exploits0References1
CVE
CVE
added 2024/05/03 2:13 a.m.65 views

CVE-2023-42124

CVE-2023-42124 concerns Avast Premium Security. The flaw is in the sandbox feature’s implementation, caused by incorrect authorization, allowing a local attacker who can run low-privileged code to escalate privileges and execute arbitrary code outside the sandbox, at medium integrity and high imp...

7.8CVSS5.8AI score0.00278EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/11/30 12:0 a.m.6 views

PT-2023-9237 · Mongodb · Mongodb Compass

Name of the Vulnerable Software and Affected Versions: MongoDB Compass versions prior to 1.42.2 Description: The issue is related to insufficient sandbox protection settings with the usage of ejson shell parser in Compass' connection handling, which may allow attackers to execute malicious code o...

9.8CVSS7.9AI score0.0042EPSS
Exploits0References22
F5 Networks
F5 Networks
added 2023/02/21 7:57 p.m.71 views

K22141757: Artifex Ghostscript vulnerabilities CVE-2018-18284, CVE-2018-15910, CVE-2018-15911, and CVE-2018-16513

Security Advisory Description CVE-2018-18284 Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator. CVE-2018-15910 In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a...

8.6CVSS7AI score0.16288EPSS
Exploits1
NVD
NVD
added 2023/02/15 2:15 p.m.43 views

CVE-2023-25765

In Jenkins Email Extension Plugin 2.93 and earlier, templates defined inside a folder were not subject to Script Security protection, allowing attackers able to define email templates in folders to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller J...

9.9CVSS9.7AI score0.01095EPSS
Exploits0References2
Prion
Prion
added 2023/02/15 2:15 p.m.31 views

Code injection

In Jenkins Email Extension Plugin 2.93 and earlier, templates defined inside a folder were not subject to Script Security protection, allowing attackers able to define email templates in folders to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller J...

6.5CVSS9.7AI score0.01095EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder