CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2022-20125
https://notcve.org/view.php?id=CVE-2022-20125
15 Jun 2022 — In GBoard, there is a possible way to bypass factory reset protections due to a sandbox escape. This could lead to local escalation of privilege if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-194402515 En GBoard, se presenta una posible forma de omitir las protecciones de restablecimiento de fábrica ... • https://source.android.com/security/bulletin/2022-06-01 •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-1853 – Debian Security Advisory 5148-1
https://notcve.org/view.php?id=CVE-2022-1853
28 May 2022 — Use after free in Indexed DB in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2022/05/stable-channel-update-for-desktop_24.html • CWE-416: Use After Free •
CVSS: 10.0EPSS: 6%CPEs: 5EXPL: 0CVE-2022-1529 – Mozilla Firefox Improper Input Validation Sandbox Escape Vulnerability
https://notcve.org/view.php?id=CVE-2022-1529
24 May 2022 — This vulnerability allows local attackers to escape the sandbox on affected installations of Mozilla Firefox. ... An attacker can leverage this vulnerability to escape the sandbox and execute arbitrary code in the context of the privileged parent process. • https://bugzilla.mozilla.org/show_bug.cgi?id=1770048 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-30945 – plugin: Sandbox bypass vulnerability through implicitly allowlisted platform Groovy files in Pipeline: Groovy Plugin
https://notcve.org/view.php?id=CVE-2022-30945
17 May 2022 — Jenkins Pipeline: Groovy Plugin versiones 2689.v434009a_31b_f1 y anteriores, permite cargar cualquier archivo fuente Groovy en el classpath de Jenkins y de los plugins de Jenkins en pipelines de sandbox A flaw was found in Jenkins Groovy Plugin. ... The intent is to allow Global Shared Libraries to execute without sandbox protection. ... If a suitable Groovy source file is available on the classpath of Jenkins, sandbox protections can be bypassed. ... Issues addressed include bypass<... • http://www.openwall.com/lists/oss-security/2022/05/17/8 • CWE-693: Protection Mechanism Failure •
CVSS: 7.4EPSS: 0%CPEs: 90EXPL: 1CVE-2022-29586 – Konica Minolta bizhub MFP Printer Terminal Sandbox Escape
https://notcve.org/view.php?id=CVE-2022-29586
13 May 2022 — Konica Minolta bizhub MFP devices before 2022-04-14 allow a Sandbox Escape. An attacker must attach a keyboard to a USB port, press F12, and then escape from the kiosk mode. Los dispositivos bizhub MFP de Konica Minolta versiones anteriores a 14-04-2022, permiten un Escape de Sandbox. Un atacante debe conectar un teclado a un puerto USB, presionar F12 y luego escapar del modo kiosco Multiple Konica Minolta bizhub MFP printer terminals suffer from a sandbox escape
CVSS: 4.7EPSS: 0%CPEs: 90EXPL: 2CVE-2022-29587 – Konica Minolta bizhub MFP Printer Terminal Sandbox Escape
https://notcve.org/view.php?id=CVE-2022-29587
13 May 2022 — Los dispositivos bizhub MFP de Konica Minolta versiones anteriores a 14-04-2022, presentan un navegador interno Chromium que es ejecutado con privilegios de acceso root (también se conoce como super usuario) Multiple Konica Minolta bizhub MFP printer terminals suffer from a sandbox escape with root access and have clear-text password vulnerabilities. • https://sec-consult.com/vulnerability-lab/advisory/sandbox-escape-with-root-access-clear-text-passwords-in-konica-minolta-bizhub-mfp-printer-terminals • CWE-269: Improper Privilege Management •
CVSS: 7.5EPSS: 0%CPEs: 90EXPL: 1CVE-2022-29588 – Konica Minolta bizhub MFP Printer Terminal Sandbox Escape
https://notcve.org/view.php?id=CVE-2022-29588
13 May 2022 — Los dispositivos bizhub MFP de Konica Minolta versiones anteriores a 14-04-2022, usan el almacenamiento de contraseñas en texto sin cifrar para los archivos /var/log/nginx/html/ADMINPASS y /etc/shadow Multiple Konica Minolta bizhub MFP printer terminals suffer from a sandbox escape with root access and have clear-text password vulnerabilities. • http://packetstormsecurity.com/files/167166/Konica-Minolta-bizhub-MFP-Printer-Terminal-Sandbox-Escape.html • CWE-522: Insufficiently Protected Credentials •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-29911 – Mozilla: iframe Sandbox bypass
https://notcve.org/view.php?id=CVE-2022-29911
04 May 2022 — An improper implementation of the new iframe sandbox keyword allow-top-navigation-by-user-activation could lead to script execution without allow-scripts being present. ... Una implementación incorrecta de la nueva palabra clave de iframe sandbox allow-top-navigation-by-user-activation podría provocar la ejecución del script sin que allow-scripts esté presente. ... The Mozilla Foundation Security Advisory describes the issue of Firefox not pr... • https://bugzilla.mozilla.org/show_bug.cgi?id=1761981 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2022-23923 – Sandbox Bypass
https://notcve.org/view.php?id=CVE-2022-23923
01 May 2022 — All versions of package jailed are vulnerable to Sandbox Bypass via an exported alert() method which can access the main application. ... Todas las versiones del paquete jailed son vulnerables a una omisión de Sandbox por medio de un método exportado alert() que puede acceder a la aplicación principal. • https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2441254 •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1309 – Gentoo Linux Security Advisory 202208-25
https://notcve.org/view.php?id=CVE-2022-1309
28 Apr 2022 — Insufficient policy enforcement in developer tools in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Una aplicación insuficiente de políticas en developer tools de Google Chrome versiones anteriores a 100.0.4896.88, permitía a un atacante remoto llevar a cabo un filtrado de sandbox por medio de una página HTML diseñada Multiple vulnerabilities have been found in Chromium and its derivatives, the wors... • https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_11.html • CWE-863: Incorrect Authorization •