CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 1CVE-2021-41556
https://notcve.org/view.php?id=CVE-2021-41556
If a victim executes an attacker-controlled squirrel script, it is possible for the attacker to break out of the squirrel script sandbox even if all dangerous functionality such as File System functions has been disabled. ... Si una víctima ejecuta un script de Squirrel controlado por un atacante, es posible que el atacante salga del sandbox del script de Squirrel incluso si toda la funcionalidad peligrosa, como las funciones del sistema de archivos, ha sido deshabilitada. • http://www.squirrel-lang.org/#download https://blog.sonarsource.com/squirrel-vm-sandbox-escape https://github.com/albertodemichelis/squirrel/commit/23a0620658714b996d20da3d4dd1a0dcf9b0bd98 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BV7SJJ44AGAX4ILIVPREIXPJ2GOG3FKV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M3FQILX7UUEERSDPMZP3MKGTMY2E7ESU • CWE-125: Out-of-bounds Read •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 2CVE-2019-10761 – Sandbox Bypass
https://notcve.org/view.php?id=CVE-2019-10761
This affects the package vm2 before 3.6.11. It is possible to trigger a RangeError exception from the host rather than the "sandboxed" context by reaching the stack call limit with an infinite recursion. The returned object is then used to reference the mainModule property of the host code running the script allowing it to spawn a child_process and execute arbitrary code. Esto afecta al paquete vm2 versiones anteriores a 3.6.11. Es posible desencadenar una excepción RangeError desde el host y no desde el contexto "sandboxed" alcanzando el límite de llamadas de la pila con una recursión infinita. • https://github.com/ossf-cve-benchmark/CVE-2019-10761 https://github.com/patriksimek/vm2/commit/4b22d704e4794af63a5a2d633385fd20948f6f90 https://github.com/patriksimek/vm2/issues/197 https://snyk.io/vuln/SNYK-JS-VM2-473188 • CWE-674: Uncontrolled Recursion •
CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-2010 – Chrome PaintImage Deserialization Out-Of-Bounds Read
https://notcve.org/view.php?id=CVE-2022-2010
Out of bounds read in compositing in Google Chrome prior to 102.0.5005.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Una lectura fuera de límites en compositing Google Chrome versiones anteriores a 102.0.5005.115, permitía a un atacante remoto que hubiera comprometido el proceso de renderización llevar a cabo un escape del sandbox por medio de una página HTML diseñada The code in cc::PaintImageReader::Read (cc::PaintImage*) does not properly check the incoming data when handling embedded image data, resulting in an out-of-bounds copy into the filter bitmap data. • https://chromereleases.googleblog.com/2022/06/stable-channel-update-for-desktop.html https://crbug.com/1325298 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4NMJURTG5RO3TGD7ZMIQ6Z4ZZ3SAVYE https://security.gentoo.org/glsa/202208-25 • CWE-125: Out-of-bounds Read •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2022-20125
https://notcve.org/view.php?id=CVE-2022-20125
In GBoard, there is a possible way to bypass factory reset protections due to a sandbox escape. This could lead to local escalation of privilege if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-194402515 En GBoard, se presenta una posible forma de omitir las protecciones de restablecimiento de fábrica debido a un escape del sandbox. • https://source.android.com/security/bulletin/2022-06-01 •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0CVE-2022-1853
https://notcve.org/view.php?id=CVE-2022-1853
Use after free in Indexed DB in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2022/05/stable-channel-update-for-desktop_24.html https://crbug.com/1324864 https://security.gentoo.org/glsa/202208-25 • CWE-416: Use After Free •