CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0CVE-2022-0790 – Gentoo Linux Security Advisory 202208-25
https://notcve.org/view.php?id=CVE-2022-0790
28 Mar 2022 — Use after free in Cast UI in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-24783 – Sandbox bypass leading to arbitrary code execution in Deno
https://notcve.org/view.php?id=CVE-2022-24783
25 Mar 2022 — Deno is a runtime for JavaScript and TypeScript. The versions of Deno between release 1.18.0 and 1.20.2 (inclusive) are vulnerable to an attack where a malicious actor controlling the code executed in a Deno runtime could bypass all permission checks and execute arbitrary shell code. This vulnerability does not affect users of Deno Deploy. The vulnerability has been patched in Deno 1.20.3. There is no workaround. • https://github.com/denoland/deno/security/advisories/GHSA-838h-jqp6-cf2f • CWE-269: Improper Privilege Management CWE-863: Incorrect Authorization •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2021-3582 – Gentoo Linux Security Advisory 202208-27
https://notcve.org/view.php?id=CVE-2021-3582
25 Mar 2022 — La mayor amenaza de esta vulnerabilidad es la disponibilidad del sistema Multiple vulnerabilities have been discovered in QEMU, the worst of which could result in remote code execution (guest sandbox escape). • https://bugzilla.redhat.com/show_bug.cgi?id=1966266 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 2CVE-2021-23771 – Sandbox Bypass
https://notcve.org/view.php?id=CVE-2021-23771
17 Mar 2022 — It is vulnerable to Sandbox Escape leading to Prototype pollution. • https://snyk.io/vuln/SNYK-JS-ARGENCODERSNOTEVIL-2388587 • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 3CVE-2021-44964 – lua: use after free allows Sandbox Escape
https://notcve.org/view.php?id=CVE-2021-44964
14 Mar 2022 — Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.0~5.4.3 allows attackers to perform Sandbox Escape via a crafted script file. ... This flaw allows an attacker who can have a malicious script executed by the interpreter, to cause a use-after-free issue that may result in a sandbox escape. • https://github.com/Lua-Project/lua-5.4.4-sandbox-escape-with-new-vulnerability • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 1CVE-2022-26384 – Mozilla: iframe allow-scripts sandbox bypass
https://notcve.org/view.php?id=CVE-2022-26384
11 Mar 2022 — If an attacker could control the contents of an iframe sandboxed with allow-popups but not allow-scripts, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7. Si un atacante pudiera controlar el contenido de un iframe en un espacio aislado con allow-popups pero no con allow-scripts, podría crear un enlace que, a... • https://bugzilla.mozilla.org/show_bug.cgi?id=1744352 • CWE-179: Incorrect Behavior Order: Early Validation •
CVSS: 10.0EPSS: 2%CPEs: 5EXPL: 2CVE-2022-26486 – Mozilla Firefox Use-After-Free Vulnerability
https://notcve.org/view.php?id=CVE-2022-26486
07 Mar 2022 — An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. ... An unexpected message in the WebGPU IPC framework could lead to an exploitable sandbox escape and a use-after-free issue. • https://bugzilla.mozilla.org/show_bug.cgi?id=1758070 • CWE-416: Use After Free •
CVSS: 6.0EPSS: 0%CPEs: 3EXPL: 0CVE-2021-3607 – Gentoo Linux Security Advisory 202208-27
https://notcve.org/view.php?id=CVE-2021-3607
24 Feb 2022 — La mayor amenaza de esta vulnerabilidad es la disponibilidad del sistema Multiple vulnerabilities have been discovered in QEMU, the worst of which could result in remote code execution (guest sandbox escape). • https://bugzilla.redhat.com/show_bug.cgi?id=1973349 • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0CVE-2022-0452 – Debian Security Advisory 5068-1
https://notcve.org/view.php?id=CVE-2022-0452
21 Feb 2022 — Use after free in Safe Browsing in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop.html • CWE-416: Use After Free •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0CVE-2022-0466 – Debian Security Advisory 5068-1
https://notcve.org/view.php?id=CVE-2022-0466
21 Feb 2022 — Inappropriate implementation in Extensions Platform in Google Chrome prior to 98.0.4758.80 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop.html •