Sandbox Escape Vulnerabilities in Judge0 Expose Systems to Complete Takeover

April 29, 2024 at 06:48AM Multiple critical security flaws were disclosed in the Judge0 open-source online code execution system, posing a risk of code execution on the target system. The flaws allow a sandbox escape and obtaining root permissions. The vulnerabilities, with CVE scores of 10.0 and 9.1, have been addressed in version 1.13.1 released … Read more

Patch Now: CrushFTP Zero-Day Cloud Exploit Targets US Orgs

April 24, 2024 at 09:33AM Security researchers and CrushFTP warn of a critical sandbox escape flaw (CVE-2024-4040) in version 11.1 of the multiprotocol, multiplatform, cloud-based file transfer server. The vulnerability has been actively exploited and potentially politically motivated, leading to intelligence gathering attacks on US organizations. Publicly available exploit code raises high risks, urging immediate … Read more

VMware fixes critical sandbox escape flaws in ESXi, Workstation, and Fusion

March 6, 2024 at 10:49AM VMware released security updates addressing critical sandbox escape vulnerabilities in ESXi, Workstation, Fusion, and Cloud Foundation. The flaws, tracked as CVE-2024-22252, CVE-2024-22253, CVE-2024-22254, and CVE-2024-22255, carry a severity rating and require local administrative privileges for exploitation. VMware recommends removing USB controllers from virtual machines as a mitigation strategy. Older ESXi … Read more