CVSS: 10.0EPSS: 7%CPEs: 1EXPL: 1CVE-2022-35978 – Lua sandbox escape from mod in Minetest
https://notcve.org/view.php?id=CVE-2022-35978
15 Aug 2022 — Minetest is a free open-source voxel game engine with easy modding and game creation. In **single player**, a mod can set a global setting that controls the Lua script loaded to display the main menu. The script is then loaded as soon as the game session is exited. The Lua environment the menu runs in is not sandboxed and can directly interfere with the user's system. There are currently no known workarounds. • https://github.com/CanVo/CVE-2022-35978-POC • CWE-693: Protection Mechanism Failure •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-26696 – Apple macOS LaunchServices Sandbox Escape Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-26696
15 Aug 2022 — A sandboxed process may be able to circumvent sandbox restrictions. ... Un proceso en sandbox puede ser capaz de omitir las restricciones del sandbox This vulnerability allows remote attackers to escape the sandbox on affected installations of Apple macOS. • https://support.apple.com/en-us/HT213257 •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20302
https://notcve.org/view.php?id=CVE-2022-20302
11 Aug 2022 — In Settings, there is a possible way to bypass factory reset protections due to a sandbox escape. ... User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-200746457 En Settings, se presenta una posible forma de omitir las protecciones de restablecimiento de fábrica debido a un escape de sandbox. • https://source.android.com/security/bulletin/android-13 •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 1CVE-2021-41556
https://notcve.org/view.php?id=CVE-2021-41556
28 Jul 2022 — If a victim executes an attacker-controlled squirrel script, it is possible for the attacker to break out of the squirrel script sandbox even if all dangerous functionality such as File System functions has been disabled. ... Si una víctima ejecuta un script de Squirrel controlado por un atacante, es posible que el atacante salga del sandbox del script de Squirrel incluso si toda la funcionalidad peligrosa, como las funciones del sistema de archivos, ha sido deshabilitada. • https://blog.sonarsource.com/squirrel-vm-sandbox-escape • CWE-125: Out-of-bounds Read •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 2CVE-2019-10761 – Sandbox Bypass
https://notcve.org/view.php?id=CVE-2019-10761
13 Jul 2022 — This affects the package vm2 before 3.6.11. It is possible to trigger a RangeError exception from the host rather than the "sandboxed" context by reaching the stack call limit with an infinite recursion. The returned object is then used to reference the mainModule property of the host code running the script allowing it to spawn a child_process and execute arbitrary code. Esto afecta al paquete vm2 versiones anteriores a 3.6.11. Es posible desencadenar una excepción RangeError desde el host y no desde el co... • https://github.com/ossf-cve-benchmark/CVE-2019-10761 • CWE-674: Uncontrolled Recursion •
CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 1CVE-2022-2010 – Gentoo Linux Security Advisory 202208-25
https://notcve.org/view.php?id=CVE-2022-2010
28 Jun 2022 — Out of bounds read in compositing in Google Chrome prior to 102.0.5005.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Una lectura fuera de límites en compositing Google Chrome versiones anteriores a 102.0.5005.115, permitía a un atacante remoto que hubiera comprometido el proceso de renderización llevar a cabo un escape del sandbox por medio de una página HTML diseñada The code in cc::PaintIm... • https://packetstorm.news/files/id/167719 • CWE-125: Out-of-bounds Read •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2022-20125
https://notcve.org/view.php?id=CVE-2022-20125
15 Jun 2022 — In GBoard, there is a possible way to bypass factory reset protections due to a sandbox escape. ... User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-194402515 En GBoard, se presenta una posible forma de omitir las protecciones de restablecimiento de fábrica debido a un escape del sandbox. • https://source.android.com/security/bulletin/2022-06-01 •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-1853 – Debian Security Advisory 5148-1
https://notcve.org/view.php?id=CVE-2022-1853
28 May 2022 — Use after free in Indexed DB in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2022/05/stable-channel-update-for-desktop_24.html • CWE-416: Use After Free •
CVSS: 10.0EPSS: 6%CPEs: 5EXPL: 0CVE-2022-1529 – Mozilla Firefox Improper Input Validation Sandbox Escape Vulnerability
https://notcve.org/view.php?id=CVE-2022-1529
24 May 2022 — This vulnerability allows local attackers to escape the sandbox on affected installations of Mozilla Firefox. ... An attacker can leverage this vulnerability to escape the sandbox and execute arbitrary code in the context of the privileged parent process. • https://bugzilla.mozilla.org/show_bug.cgi?id=1770048 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-30945 – plugin: Sandbox bypass vulnerability through implicitly allowlisted platform Groovy files in Pipeline: Groovy Plugin
https://notcve.org/view.php?id=CVE-2022-30945
17 May 2022 — Jenkins Pipeline: Groovy Plugin versiones 2689.v434009a_31b_f1 y anteriores, permite cargar cualquier archivo fuente Groovy en el classpath de Jenkins y de los plugins de Jenkins en pipelines de sandbox A flaw was found in Jenkins Groovy Plugin. ... The intent is to allow Global Shared Libraries to execute without sandbox protection. ... If a suitable Groovy source file is available on the classpath of Jenkins, sandbox protections can be bypassed. • http://www.openwall.com/lists/oss-security/2022/05/17/8 • CWE-693: Protection Mechanism Failure •