CVE-2022-20125
https://notcve.org/view.php?id=CVE-2022-20125
In GBoard, there is a possible way to bypass factory reset protections due to a sandbox escape. ... User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-194402515 En GBoard, se presenta una posible forma de omitir las protecciones de restablecimiento de fábrica debido a un escape del sandbox. • https://source.android.com/security/bulletin/2022-06-01 •
CVE-2022-1853
https://notcve.org/view.php?id=CVE-2022-1853
Use after free in Indexed DB in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2022/05/stable-channel-update-for-desktop_24.html https://crbug.com/1324864 https://security.gentoo.org/glsa/202208-25 • CWE-416: Use After Free •
CVE-2022-1529 – Mozilla Firefox Improper Input Validation Sandbox Escape Vulnerability
https://notcve.org/view.php?id=CVE-2022-1529
This vulnerability allows local attackers to escape the sandbox on affected installations of Mozilla Firefox. ... An attacker can leverage this vulnerability to escape the sandbox and execute arbitrary code in the context of the privileged parent process. • https://bugzilla.mozilla.org/show_bug.cgi?id=1770048 https://www.mozilla.org/security/advisories/mfsa2022-19 https://access.redhat.com/security/cve/CVE-2022-1529 https://bugzilla.redhat.com/show_bug.cgi?id=2089218 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVE-2022-30945 – plugin: Sandbox bypass vulnerability through implicitly allowlisted platform Groovy files in Pipeline: Groovy Plugin
https://notcve.org/view.php?id=CVE-2022-30945
Jenkins Pipeline: Groovy Plugin versiones 2689.v434009a_31b_f1 y anteriores, permite cargar cualquier archivo fuente Groovy en el classpath de Jenkins y de los plugins de Jenkins en pipelines de sandbox A flaw was found in Jenkins Groovy Plugin. ... The intent is to allow Global Shared Libraries to execute without sandbox protection. ... If a suitable Groovy source file is available on the classpath of Jenkins, sandbox protections can be bypassed. • http://www.openwall.com/lists/oss-security/2022/05/17/8 https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-359 https://access.redhat.com/security/cve/CVE-2022-30945 https://bugzilla.redhat.com/show_bug.cgi?id=2119642 • CWE-693: Protection Mechanism Failure •
CVE-2022-29586 – Konica Minolta bizhub MFP Printer Terminal Sandbox Escape
https://notcve.org/view.php?id=CVE-2022-29586
Konica Minolta bizhub MFP devices before 2022-04-14 allow a Sandbox Escape. An attacker must attach a keyboard to a USB port, press F12, and then escape from the kiosk mode. Los dispositivos bizhub MFP de Konica Minolta versiones anteriores a 14-04-2022, permiten un Escape de Sandbox. Un atacante debe conectar un teclado a un puerto USB, presionar F12 y luego escapar del modo kiosco Multiple Konica Minolta bizhub MFP printer terminals suffer from a sandbox escape with root access and have clear-text password vulnerabilities. • https://sec-consult.com/vulnerability-lab https://sec-consult.com/vulnerability-lab/advisory/sandbox-escape-with-root-access-clear-text-passwords-in-konica-minolta-bizhub-mfp-printer-terminals •