CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2022-23923 – Sandbox Bypass
https://notcve.org/view.php?id=CVE-2022-23923
All versions of package jailed are vulnerable to Sandbox Bypass via an exported alert() method which can access the main application. • https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2441254 https://snyk.io/vuln/SNYK-JS-JAILED-2391490 •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1312
https://notcve.org/view.php?id=CVE-2022-1312
Use after free in storage in Google Chrome prior to 100.0.4896.88 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. • https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_11.html https://crbug.com/1311701 https://security.gentoo.org/glsa/202208-25 • CWE-416: Use After Free •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1309
https://notcve.org/view.php?id=CVE-2022-1309
Insufficient policy enforcement in developer tools in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_11.html https://crbug.com/1106456 https://security.gentoo.org/glsa/202208-25 • CWE-863: Incorrect Authorization •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0CVE-2022-0790
https://notcve.org/view.php?id=CVE-2022-0790
Use after free in Cast UI in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html https://crbug.com/1274077 https://security.gentoo.org/glsa/202208-25 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-24783 – Sandbox bypass leading to arbitrary code execution in Deno
https://notcve.org/view.php?id=CVE-2022-24783
Deno is a runtime for JavaScript and TypeScript. The versions of Deno between release 1.18.0 and 1.20.2 (inclusive) are vulnerable to an attack where a malicious actor controlling the code executed in a Deno runtime could bypass all permission checks and execute arbitrary shell code. This vulnerability does not affect users of Deno Deploy. The vulnerability has been patched in Deno 1.20.3. There is no workaround. • https://github.com/denoland/deno/security/advisories/GHSA-838h-jqp6-cf2f • CWE-269: Improper Privilege Management CWE-863: Incorrect Authorization •