PT-2025-50734

Name of the Vulnerable Software and Affected Versions Sandboxie versions 1.16.6 and below Description Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. The SYSTEM-level service SbieSvc.exe exposes the SbieIniServer::RC4Crypt function to...

CVE-2023-5369

Before correction, the copyfilerange system call checked only for the CAPREAD and CAPWRITE capabilities on the input and output file descriptors, respectively. Using an offset is logically equivalent to seeking, and the system call must additionally require the CAPSEEK capability. This incorrect...

CVE-2023-5369

Before correction, the copyfilerange system call checked only for the CAPREAD and CAPWRITE capabilities on the input and output file descriptors, respectively. Using an offset is logically equivalent to seeking, and the system call must additionally require the CAPSEEK capability. This incorrect...

CVE-2023-5369 copy_file_range insufficient capability rights check

Before correction, the copyfilerange system call checked only for the CAPREAD and CAPWRITE capabilities on the input and output file descriptors, respectively. Using an offset is logically equivalent to seeking, and the system call must additionally require the CAPSEEK capability. This incorrect...

CVE-2023-5369 copy_file_range insufficient capability rights check

Before correction, the copyfilerange system call checked only for the CAPREAD and CAPWRITE capabilities on the input and output file descriptors, respectively. Using an offset is logically equivalent to seeking, and the system call must additionally require the CAPSEEK capability. This incorrect...

FreeBSD : FreeBSD -- copy_file_range insufficient capability rights check (e261e71c-6250-11ee-8e38-002590c1f29c)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the e261e71c-6250-11ee-8e38-002590c1f29c advisory. - Before correction, the copyfilerange system call checked only for the CAPREAD and CAPWRITE capabiliti...

PT-2023-32072 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue arises from an incorrect privilege check in the copy file range system call, which only verifies the CAP READ and CAP WRITE capabilities on the input and output file...

CVE-2023-32364

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Ventura 13.5. A sandboxed process may be able to circumvent sandbox restrictions...

CVE-2020-27935

Multiple issues were addressed with improved logic. This issue is fixed in iOS 14.2 and iPadOS 14.2, macOS Big Sur 11.0.1, watchOS 7.1, tvOS 14.2. A sandboxed process may be able to circumvent sandbox restrictions...

Debian DSA-4830-1 : flatpak - security update

Simon McVittie discovered a bug in the flatpak-portal service that can allow sandboxed applications to execute arbitrary code on the host system a sandbox escape. The Flatpak portal D-Bus service flatpak-portal, also known by its D-Bus service name org.freedesktop.portal.Flatpak allows apps in a...

Windows NTFS Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when reparse points are created by sandboxed processes allowing sandbox escape. An attacker who successfully exploited the vulnerability could use the sandbox escape to elevate privileges on an affected system. To exploit the vulnerability, an attack...

PT-2019-3037 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to an elevation of privilege vulnerability that exists when reparse points are created by sandboxed processes, allowing sandbox escape. This could enable an attacker to...

Google Enables 'Site Isolation' Feature By Default For Chrome Desktop Users

Google has by default enabled a security feature called "Site Isolation" in its web browser with the release of Chrome 67 for all desktop users to help them protect against many online threats, including Spectre and Meltdown attack. Site Isolation is a feature of the Google Chrome web browser tha...

Google Chrome < 20.0.1132.43 Multiple Vulnerabilities

Binary data 800967.prm...

CVE-2012-2816

Google Chrome before 20.0.1132.43 on Windows does not properly isolate sandboxed processes, which might allow remote attackers to cause a denial of service process interference via unspecified vectors...

I Have Only One Security Prediction for 2010

Instead of the usual top ten lists that are all-too-common with predictions for the new year, I have just one: 2010 will be the year of desktop applications handling untrusted data in sandboxed processes, and it will be about time. Since the release of Windows XP SP2, there have been significantl...

CVE-2007-1400

Plash permits sandboxed processes to open /dev/tty, which allows local users to escape sandbox restrictions and execute arbitrary commands by sending characters to a shell process on the same termimal via the TIOCSTI ioctl...