CVSS: 10.0EPSS: 4%CPEs: 1EXPL: 4CVE-2022-36067 – vm2 vulnerable to Sandbox Escape before v3.9.11
https://notcve.org/view.php?id=CVE-2022-36067
vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. In versions prior to version 3.9.11, a threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. This vulnerability was patched in the release of version 3.9.11 of vm2. There are no known workarounds. vm2 es un sandbox que puede ejecutar código no confiable con los módulos incorporados de Node en la lista blanca. En versiones anteriores a 3.9.11, un actor de la amenaza puede omitir las protecciones del sandbox para conseguir derechos de ejecución de código remoto en el host que ejecuta el sandbox. • https://github.com/Prathamrajgor/Exploit-For-CVE-2022-36067 https://github.com/0x1nsomnia/CVE-2022-36067-vm2-POC-webapp https://github.com/patriksimek/vm2/blob/master/lib/setup-sandbox.js#L71 https://github.com/patriksimek/vm2/commit/d9a7f3cc995d3d861e1380eafb886cb3c5e2b873#diff-b1a515a627d820118e76d0e323fe2f0589ed50a1eacb490f6c3278fe3698f164 https://github.com/patriksimek/vm2/issues/467 https://github.com/patriksimek/vm2/security/advisories/GHSA-mrgp-mrhc-5jrq https://security.netapp.com/advisory/ntap-20221017-0002 https:/&#x • CWE-913: Improper Control of Dynamically-Managed Code Resources •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-35978 – Lua sandbox escape from mod in Minetest
https://notcve.org/view.php?id=CVE-2022-35978
Minetest is a free open-source voxel game engine with easy modding and game creation. In **single player**, a mod can set a global setting that controls the Lua script loaded to display the main menu. The script is then loaded as soon as the game session is exited. The Lua environment the menu runs in is not sandboxed and can directly interfere with the user's system. There are currently no known workarounds. • https://dev.minetest.net/Changelog#5.5.0_.E2.86.92_5.6.0 https://github.com/minetest/minetest/commit/da71e86633d0b27cd02d7aac9fdac625d141ca13 https://github.com/minetest/minetest/security/advisories/GHSA-663q-pcjw-27cc • CWE-693: Protection Mechanism Failure •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-26696 – Apple macOS LaunchServices Sandbox Escape Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-26696
This issue was addressed with improved environment sanitization. This issue is fixed in macOS Monterey 12.4. A sandboxed process may be able to circumvent sandbox restrictions. Se abordó este problema con un saneo del entorno mejorado. Este problema es corregido en macOS Monterey versión 12.4. • https://support.apple.com/en-us/HT213257 •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20302
https://notcve.org/view.php?id=CVE-2022-20302
In Settings, there is a possible way to bypass factory reset protections due to a sandbox escape. • https://source.android.com/security/bulletin/android-13 •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 1CVE-2021-41556
https://notcve.org/view.php?id=CVE-2021-41556
sqclass.cpp in Squirrel through 2.2.5 and 3.x through 3.1 allows an out-of-bounds read (in the core interpreter) that can lead to Code Execution. If a victim executes an attacker-controlled squirrel script, it is possible for the attacker to break out of the squirrel script sandbox even if all dangerous functionality such as File System functions has been disabled. An attacker might abuse this bug to target (for example) Cloud services that allow customization via SquirrelScripts, or distribute malware through video games that embed a Squirrel Engine. El archivo sqclass.cpp en Squirrel versiones hasta 2.2.5 y 3.x hasta 3.1 permite una lectura fuera de límites (en el intérprete del núcleo) que puede conllevar a una ejecución de código. Si una víctima ejecuta un script de Squirrel controlado por un atacante, es posible que el atacante salga del sandbox del script de Squirrel incluso si toda la funcionalidad peligrosa, como las funciones del sistema de archivos, ha sido deshabilitada. • http://www.squirrel-lang.org/#download https://blog.sonarsource.com/squirrel-vm-sandbox-escape https://github.com/albertodemichelis/squirrel/commit/23a0620658714b996d20da3d4dd1a0dcf9b0bd98 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BV7SJJ44AGAX4ILIVPREIXPJ2GOG3FKV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M3FQILX7UUEERSDPMZP3MKGTMY2E7ESU • CWE-125: Out-of-bounds Read •