CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 1CVE-2021-41556
https://notcve.org/view.php?id=CVE-2021-41556
sqclass.cpp in Squirrel through 2.2.5 and 3.x through 3.1 allows an out-of-bounds read (in the core interpreter) that can lead to Code Execution. If a victim executes an attacker-controlled squirrel script, it is possible for the attacker to break out of the squirrel script sandbox even if all dangerous functionality such as File System functions has been disabled. An attacker might abuse this bug to target (for example) Cloud services that allow customization via SquirrelScripts, or distribute malware through video games that embed a Squirrel Engine. El archivo sqclass.cpp en Squirrel versiones hasta 2.2.5 y 3.x hasta 3.1 permite una lectura fuera de límites (en el intérprete del núcleo) que puede conllevar a una ejecución de código. Si una víctima ejecuta un script de Squirrel controlado por un atacante, es posible que el atacante salga del sandbox del script de Squirrel incluso si toda la funcionalidad peligrosa, como las funciones del sistema de archivos, ha sido deshabilitada. • http://www.squirrel-lang.org/#download https://blog.sonarsource.com/squirrel-vm-sandbox-escape https://github.com/albertodemichelis/squirrel/commit/23a0620658714b996d20da3d4dd1a0dcf9b0bd98 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BV7SJJ44AGAX4ILIVPREIXPJ2GOG3FKV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M3FQILX7UUEERSDPMZP3MKGTMY2E7ESU • CWE-125: Out-of-bounds Read •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 2CVE-2019-10761 – Sandbox Bypass
https://notcve.org/view.php?id=CVE-2019-10761
This affects the package vm2 before 3.6.11. It is possible to trigger a RangeError exception from the host rather than the "sandboxed" context by reaching the stack call limit with an infinite recursion. The returned object is then used to reference the mainModule property of the host code running the script allowing it to spawn a child_process and execute arbitrary code. Esto afecta al paquete vm2 versiones anteriores a 3.6.11. Es posible desencadenar una excepción RangeError desde el host y no desde el contexto "sandboxed" alcanzando el límite de llamadas de la pila con una recursión infinita. • https://github.com/ossf-cve-benchmark/CVE-2019-10761 https://github.com/patriksimek/vm2/commit/4b22d704e4794af63a5a2d633385fd20948f6f90 https://github.com/patriksimek/vm2/issues/197 https://snyk.io/vuln/SNYK-JS-VM2-473188 • CWE-674: Uncontrolled Recursion •
CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-2010 – Chrome PaintImage Deserialization Out-Of-Bounds Read
https://notcve.org/view.php?id=CVE-2022-2010
Out of bounds read in compositing in Google Chrome prior to 102.0.5005.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2022/06/stable-channel-update-for-desktop.html https://crbug.com/1325298 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4NMJURTG5RO3TGD7ZMIQ6Z4ZZ3SAVYE https://security.gentoo.org/glsa/202208-25 • CWE-125: Out-of-bounds Read •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2022-20125
https://notcve.org/view.php?id=CVE-2022-20125
In GBoard, there is a possible way to bypass factory reset protections due to a sandbox escape. • https://source.android.com/security/bulletin/2022-06-01 •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0CVE-2022-1853
https://notcve.org/view.php?id=CVE-2022-1853
Use after free in Indexed DB in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2022/05/stable-channel-update-for-desktop_24.html https://crbug.com/1324864 https://security.gentoo.org/glsa/202208-25 • CWE-416: Use After Free •