Sandboxie-plus

Sandboxie

18 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7

CVE-2026-34596

Exploit
  • EPSS 0.11%
  • Veröffentlicht 05.05.2026 20:16:38
  • Zuletzt bearbeitet 07.05.2026 19:45:53

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, a Time-of-Check-to-Time-of-Use (TOCTOU) race condition exists during addon installation. When a user installs an addon through the SandMan ...

5.3

CVE-2026-34527

  • EPSS 0.09%
  • Veröffentlicht 05.05.2026 20:16:37
  • Zuletzt bearbeitet 08.05.2026 19:17:20

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, SbieIniServer::HashPassword converts a SHA-1 digest to hexadecimal incorrectly. The high nibble of each byte is shifted right by 8 instead ...

8.8

CVE-2026-34464

Exploit
  • EPSS 0.17%
  • Veröffentlicht 05.05.2026 20:16:37
  • Zuletzt bearbeitet 07.05.2026 19:46:41

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, NamedPipeServer::OpenHandler copies the server field from NAMED_PIPE_OPEN_REQ into a fixed WCHAR pipename[160] stack buffer using wcscat wi...

7.8

CVE-2026-34462

Exploit
  • EPSS 0.17%
  • Veröffentlicht 05.05.2026 20:16:37
  • Zuletzt bearbeitet 07.05.2026 19:47:30

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, several ProcessServer handlers (KillAllHandler, SuspendAllHandler, and RunSandboxedHandler) copy a WCHAR boxname[34] field from request str...

7.8

CVE-2026-34461

Exploit
  • EPSS 0.17%
  • Veröffentlicht 05.05.2026 20:16:37
  • Zuletzt bearbeitet 07.05.2026 19:47:45

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, the SbieIniServer RunSbieCtrl handler contains a stack buffer overflow. The MSGID_SBIE_INI_RUN_SBIE_CTRL message is handled before normal s...

8.8

CVE-2026-34459

Exploit
  • EPSS 0.14%
  • Veröffentlicht 05.05.2026 20:16:37
  • Zuletzt bearbeitet 07.05.2026 19:48:32

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, the SbieSvc proxy service's GetRawInputDeviceInfoSlave handler contains two vulnerabilities that can be chained for sandbox escape. First, ...

8.8

CVE-2026-34458

Exploit
  • EPSS 0.25%
  • Veröffentlicht 05.05.2026 20:16:37
  • Zuletzt bearbeitet 07.05.2026 19:48:58

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, an INI injection vulnerability allows any standard local user to bypass configuration restrictions (EditAdminOnly and ConfigPassword) and i...

6.5

CVE-2026-32603

Exploit
  • EPSS 0.15%
  • Veröffentlicht 05.05.2026 20:16:35
  • Zuletzt bearbeitet 07.05.2026 20:02:30

Sandboxie is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, a local denial of service vulnerability exists in the Sandboxie kernel driver. An unprivileged process running inside a Standard Sandbox can sen...

5.5

CVE-2019-25551

Exploit
  • EPSS 0.17%
  • Veröffentlicht 21.03.2026 12:46:54
  • Zuletzt bearbeitet 23.03.2026 17:06:40

Sandboxie 5.30 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Program Alerts configuration field. Attackers can paste a buffer of 5000 characters into the...

7.5

CVE-2021-47831

  • EPSS 0.33%
  • Veröffentlicht 16.01.2026 19:16:08
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Sandboxie 5.49.7 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the container folder input field. Attackers can paste a large buffer of repeated characters into the Sandbox container folder se...