CVSS: 9.9EPSS: 2%CPEs: 1EXPL: 0CVE-2021-42952 – Zepl Notebook Sandbox Escape
https://notcve.org/view.php?id=CVE-2021-42952
17 Feb 2022 — Zepl Notebooks before 2021-10-25 are affected by a sandbox escape vulnerability. Upon launching Remote Code Execution from the Notebook, users can then use that to subsequently escape the running context sandbox and proceed to access internal Zepl assets including cloud metadata services. Todas las versiones anteriores al 25 de octubre de 2021 de Zepl Notebooks están afectadas por una vulnerabilidad de escape de sandbox. Al iniciar una ejecución de código remota des... • http://zepl.com •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-25183 – workflow-cps-global-lib: Sandbox bypass vulnerability
https://notcve.org/view.php?id=CVE-2022-25183
15 Feb 2022 — Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier uses the names of Pipeline libraries to create cache directories without any sanitization, allowing attackers with Item/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM using specially crafted library names if a global Pipeline library configured to use caching already exists. Jenkins Pipeline: Shared Groovy Libraries Plugin versiones 552.vd9cc05b8a2e1 y anteriores, usan los nombres de l... • https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2586 • CWE-179: Incorrect Behavior Order: Early Validation •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-25182 – workflow-cps-global-lib: Sandbox bypass vulnerability
https://notcve.org/view.php?id=CVE-2022-25182
15 Feb 2022 — A sandbox bypass vulnerability in Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier allows attackers with Item/Configure permission to execute arbitrary code on the Jenkins controller JVM using specially crafted library names if a global Pipeline library is already configured. Una vulnerabilidad de omisión de sandbox en Jenkins Pipeline: Shared Groovy Libraries Plugin versiones 552.vd9cc05b8a2e1 y anteriores, permite a atacantes con permiso Item/Configure ej... • https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2422 • CWE-179: Incorrect Behavior Order: Early Validation •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-25181 – workflow-cps-global-lib: Sandbox bypass vulnerability
https://notcve.org/view.php?id=CVE-2022-25181
15 Feb 2022 — A sandbox bypass vulnerability in Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier allows attackers with Item/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM through crafted SCM contents, if a global Pipeline library already exists. Una vulnerabilidad de omisión de sandbox en Jenkins Pipeline: Shared Groovy Libraries Plugin versiones 552.vd9cc05b8a2e1 y anteriores, permite a atacantes con permiso Item/Configure ej... • https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2441 • CWE-179: Incorrect Behavior Order: Early Validation •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2021-23555 – Sandbox Bypass
https://notcve.org/view.php?id=CVE-2021-23555
11 Feb 2022 — The package vm2 before 3.9.6 are vulnerable to Sandbox Bypass via direct access to host error objects generated by node internals during generation of a stacktraces, which can lead to execution of arbitrary code on the host machine. El paquete vm2 versiones anteriores a 3.9.6, es vulnerable a una Omisión de Sandbox por medio del acceso directo a los objetos de error del host generados por los internos del nodo durante la generación de un stacktrace, lo que puede conllevar a una ejecució... • https://github.com/patriksimek/vm2/commit/532120d5cdec7da8225fc6242e154ebabc63fe4d • CWE-562: Return of Stack Variable Address •
CVSS: 9.6EPSS: 0%CPEs: 4EXPL: 0CVE-2022-0097 – Debian Security Advisory 5046-1
https://notcve.org/view.php?id=CVE-2022-0097
28 Jan 2022 — Inappropriate implementation in DevTools in Google Chrome prior to 97.0.4692.71 allowed an attacker who convinced a user to install a malicious extension to to potentially allow extension to escape the sandbox via a crafted HTML page. Una implementación inapropiada en DevTools en Google Chrome versiones anteriores a 97.0.4692.71, permitía a un atacante que convencía a un usuario de instalar una extensión maliciosa permitir potencialmente que la extensión escapara del sandbox por medio d... • https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop.html •
CVSS: 9.6EPSS: 1%CPEs: 1EXPL: 1CVE-2022-0290 – Debian Security Advisory 5054-1
https://notcve.org/view.php?id=CVE-2022-0290
28 Jan 2022 — Use after free in Site isolation in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Un uso de memoria previamente liberada en Site isolation en Google Chrome versiones anteriores a 97.0.4692.99, permitía a un atacante remoto llevar a cabo un escape de sandbox por medio de una página HTML diseñada Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code... • https://packetstorm.news/files/id/166080 • CWE-416: Use After Free •
CVSS: 4.7EPSS: 0%CPEs: 3EXPL: 0CVE-2022-23035 – Gentoo Linux Security Advisory 202208-23
https://notcve.org/view.php?id=CVE-2022-23035
25 Jan 2022 — Al mismo tiempo, los punteros pueden ser borrados (resultando en una desreferencia de NULL) y liberados (resultando en un uso de memoria previamente liberada), mientras que otro código continuaría asumiendo que son válidos Multiple vulnerabilities have been discovered in Xen, the worst of which could result in remote code execution (guest sandbox escape). • http://www.openwall.com/lists/oss-security/2022/01/25/4 • CWE-459: Incomplete Cleanup •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-23034 – Gentoo Linux Security Advisory 202208-23
https://notcve.org/view.php?id=CVE-2022-23034
25 Jan 2022 — Se detecta un desbordamiento de los contadores, resultando en el desencadenamiento de una comprobación de errores del hipervisor Multiple vulnerabilities have been discovered in Xen, the worst of which could result in remote code execution (guest sandbox escape). • http://www.openwall.com/lists/oss-security/2022/01/25/3 • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-23033 – Gentoo Linux Security Advisory 202208-23
https://notcve.org/view.php?id=CVE-2022-23033
25 Jan 2022 — Por ejemplo, un huésped que emite una instrucción de mantenimiento de caché set/way, y luego llama a la hiperllamada XENMEM_decrease_reservation para devolver páginas de memoria a Xen, podría ser capaz de retener el acceso a esas páginas incluso después de que Xen empezara a reusarlas para otros propósitos Multiple vulnerabilities have been discovered in Xen, the worst of which could result in remote code execution (guest sandbox escape). • http://www.openwall.com/lists/oss-security/2022/01/25/2 • CWE-404: Improper Resource Shutdown or Release •