CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-1853 – Debian Security Advisory 5148-1
https://notcve.org/view.php?id=CVE-2022-1853
28 May 2022 — Use after free in Indexed DB in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2022/05/stable-channel-update-for-desktop_24.html • CWE-416: Use After Free •
CVSS: 10.0EPSS: 6%CPEs: 5EXPL: 0CVE-2022-1529 – Mozilla Firefox Improper Input Validation Sandbox Escape Vulnerability
https://notcve.org/view.php?id=CVE-2022-1529
24 May 2022 — An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process. This vulnerability affects Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox for Android < 100.3.0, and Thunderbird < 91.9.1. Un atacante podría haber enviado un mensaje al proceso principal donde el contenido se usó para realizar un doble índice en un objeto J... • https://bugzilla.mozilla.org/show_bug.cgi?id=1770048 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-30945 – plugin: Sandbox bypass vulnerability through implicitly allowlisted platform Groovy files in Pipeline: Groovy Plugin
https://notcve.org/view.php?id=CVE-2022-30945
17 May 2022 — Jenkins Pipeline: Groovy Plugin 2689.v434009a_31b_f1 and earlier allows loading any Groovy source files on the classpath of Jenkins and Jenkins plugins in sandboxed pipelines. Jenkins Pipeline: Groovy Plugin versiones 2689.v434009a_31b_f1 y anteriores, permite cargar cualquier archivo fuente Groovy en el classpath de Jenkins y de los plugins de Jenkins en pipelines de sandbox A flaw was found in Jenkins Groovy Plugin. The plugin allows pipelines to load Groovy source files. The intent is to allow Global Sha... • http://www.openwall.com/lists/oss-security/2022/05/17/8 • CWE-693: Protection Mechanism Failure •
CVSS: 7.4EPSS: 0%CPEs: 90EXPL: 1CVE-2022-29586 – Konica Minolta bizhub MFP Printer Terminal Sandbox Escape
https://notcve.org/view.php?id=CVE-2022-29586
13 May 2022 — Konica Minolta bizhub MFP devices before 2022-04-14 allow a Sandbox Escape. ... Un atacante debe conectar un teclado a un puerto USB, presionar F12 y luego escapar del modo kiosco Multiple Konica Minolta bizhub MFP printer terminals suffer from a sandbox escape with root access and have clear-text password vulnerabilities. • https://sec-consult.com/vulnerability-lab/advisory/sandbox-escape-with-root-access-clear-text-passwords-in-konica-minolta-bizhub-mfp-printer-terminals •
CVSS: 4.7EPSS: 0%CPEs: 90EXPL: 2CVE-2022-29587 – Konica Minolta bizhub MFP Printer Terminal Sandbox Escape
https://notcve.org/view.php?id=CVE-2022-29587
13 May 2022 — Los dispositivos bizhub MFP de Konica Minolta versiones anteriores a 14-04-2022, presentan un navegador interno Chromium que es ejecutado con privilegios de acceso root (también se conoce como super usuario) Multiple Konica Minolta bizhub MFP printer terminals suffer from a sandbox escape with root access and have clear-text password vulnerabilities. • https://sec-consult.com/vulnerability-lab/advisory/sandbox-escape-with-root-access-clear-text-passwords-in-konica-minolta-bizhub-mfp-printer-terminals • CWE-269: Improper Privilege Management •
CVSS: 7.5EPSS: 0%CPEs: 90EXPL: 1CVE-2022-29588 – Konica Minolta bizhub MFP Printer Terminal Sandbox Escape
https://notcve.org/view.php?id=CVE-2022-29588
13 May 2022 — Los dispositivos bizhub MFP de Konica Minolta versiones anteriores a 14-04-2022, usan el almacenamiento de contraseñas en texto sin cifrar para los archivos /var/log/nginx/html/ADMINPASS y /etc/shadow Multiple Konica Minolta bizhub MFP printer terminals suffer from a sandbox escape with root access and have clear-text password vulnerabilities. • https://packetstorm.news/files/id/167166 • CWE-522: Insufficiently Protected Credentials •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-29911 – Mozilla: iframe Sandbox bypass
https://notcve.org/view.php?id=CVE-2022-29911
04 May 2022 — An improper implementation of the new iframe sandbox keyword allow-top-navigation-by-user-activation could lead to script execution without allow-scripts being present. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100. Una implementación incorrecta de la nueva palabra clave de iframe sandbox allow-top-navigation-by-user-activation podría provocar la ejecución del script sin que allow-scripts esté presente. Esta vulnerabi... • https://bugzilla.mozilla.org/show_bug.cgi?id=1761981 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2022-23923 – Sandbox Bypass
https://notcve.org/view.php?id=CVE-2022-23923
01 May 2022 — All versions of package jailed are vulnerable to Sandbox Bypass via an exported alert() method which can access the main application. • https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2441254 •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1309 – Gentoo Linux Security Advisory 202208-25
https://notcve.org/view.php?id=CVE-2022-1309
28 Apr 2022 — Insufficient policy enforcement in developer tools in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_11.html • CWE-863: Incorrect Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1312 – Gentoo Linux Security Advisory 202208-25
https://notcve.org/view.php?id=CVE-2022-1312
28 Apr 2022 — Use after free in storage in Google Chrome prior to 100.0.4896.88 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. • https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_11.html • CWE-416: Use After Free •