CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-1529 – Mozilla Firefox Improper Input Validation Sandbox Escape Vulnerability
https://notcve.org/view.php?id=CVE-2022-1529
An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process. This vulnerability affects Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox for Android < 100.3.0, and Thunderbird < 91.9.1. Un atacante podría haber enviado un mensaje al proceso principal donde el contenido se usó para realizar un doble índice en un objeto JavaScript, lo que provocó la contaminación del prototipo y, en última instancia, la ejecución de JavaScript controlada por el atacante en el proceso principal privilegiado. Esta vulnerabilidad afecta a Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox para Android < 100.3.0 y Thunderbird < 91.9.1. The Mozilla Foundation Security Advisory describes this flaw as: An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process. • https://bugzilla.mozilla.org/show_bug.cgi?id=1770048 https://www.mozilla.org/security/advisories/mfsa2022-19 https://access.redhat.com/security/cve/CVE-2022-1529 https://bugzilla.redhat.com/show_bug.cgi?id=2089218 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-30945 – plugin: Sandbox bypass vulnerability through implicitly allowlisted platform Groovy files in Pipeline: Groovy Plugin
https://notcve.org/view.php?id=CVE-2022-30945
Jenkins Pipeline: Groovy Plugin 2689.v434009a_31b_f1 and earlier allows loading any Groovy source files on the classpath of Jenkins and Jenkins plugins in sandboxed pipelines. Jenkins Pipeline: Groovy Plugin versiones 2689.v434009a_31b_f1 y anteriores, permite cargar cualquier archivo fuente Groovy en el classpath de Jenkins y de los plugins de Jenkins en pipelines de sandbox A flaw was found in Jenkins Groovy Plugin. The plugin allows pipelines to load Groovy source files. The intent is to allow Global Shared Libraries to execute without sandbox protection. The issue is that the plugin allows any Groovy source files bundled with Jenkins core and plugins to be loaded this way and their methods executed. • http://www.openwall.com/lists/oss-security/2022/05/17/8 https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-359 https://access.redhat.com/security/cve/CVE-2022-30945 https://bugzilla.redhat.com/show_bug.cgi?id=2119642 • CWE-693: Protection Mechanism Failure •
CVSS: 7.4EPSS: 0%CPEs: 90EXPL: 0CVE-2022-29586 – Konica Minolta bizhub MFP Printer Terminal Sandbox Escape
https://notcve.org/view.php?id=CVE-2022-29586
Konica Minolta bizhub MFP devices before 2022-04-14 allow a Sandbox Escape. ... Un atacante debe conectar un teclado a un puerto USB, presionar F12 y luego escapar del modo kiosco Multiple Konica Minolta bizhub MFP printer terminals suffer from a sandbox escape with root access and have clear-text password vulnerabilities. • https://sec-consult.com/vulnerability-lab https://sec-consult.com/vulnerability-lab/advisory/sandbox-escape-with-root-access-clear-text-passwords-in-konica-minolta-bizhub-mfp-printer-terminals •
CVSS: 4.7EPSS: 0%CPEs: 90EXPL: 1CVE-2022-29587 – Konica Minolta bizhub MFP Printer Terminal Sandbox Escape
https://notcve.org/view.php?id=CVE-2022-29587
Los dispositivos bizhub MFP de Konica Minolta versiones anteriores a 14-04-2022, presentan un navegador interno Chromium que es ejecutado con privilegios de acceso root (también se conoce como super usuario) Multiple Konica Minolta bizhub MFP printer terminals suffer from a sandbox escape with root access and have clear-text password vulnerabilities. • https://sec-consult.com/vulnerability-lab https://sec-consult.com/vulnerability-lab/advisory/sandbox-escape-with-root-access-clear-text-passwords-in-konica-minolta-bizhub-mfp-printer-terminals • CWE-269: Improper Privilege Management •
CVSS: 7.5EPSS: 0%CPEs: 90EXPL: 0CVE-2022-29588 – Konica Minolta bizhub MFP Printer Terminal Sandbox Escape
https://notcve.org/view.php?id=CVE-2022-29588
Los dispositivos bizhub MFP de Konica Minolta versiones anteriores a 14-04-2022, usan el almacenamiento de contraseñas en texto sin cifrar para los archivos /var/log/nginx/html/ADMINPASS y /etc/shadow Multiple Konica Minolta bizhub MFP printer terminals suffer from a sandbox escape with root access and have clear-text password vulnerabilities. • http://packetstormsecurity.com/files/167166/Konica-Minolta-bizhub-MFP-Printer-Terminal-Sandbox-Escape.html https://sec-consult.com/vulnerability-lab • CWE-522: Insufficiently Protected Credentials •