CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0CVE-2022-0466 – Debian Security Advisory 5068-1
https://notcve.org/view.php?id=CVE-2022-0466
21 Feb 2022 — Inappropriate implementation in Extensions Platform in Google Chrome prior to 98.0.4758.80 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted HTML page. Una implementación inapropiada de Extensions Platform en Google Chrome versiones anteriores a 98.0.4758.80, permitía que un atacante que convenciera a un usuario de instalar una extensión maliciosa potencialmente llevar a cabo un filtrado de sandbox por ... • https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop.html •
CVSS: 10.0EPSS: 94%CPEs: 6EXPL: 6CVE-2022-0543 – Debian-specific Redis Server Lua Sandbox Escape Vulnerability
https://notcve.org/view.php?id=CVE-2022-0543
18 Feb 2022 — It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution. Se ha detectado que redis, una base de datos persistente de valores clave, debido a un problema de empaquetado, es propenso a un escape del sandbox de Lua (específico de Debian), que podría resultar en una ejecución de código remota Reginaldo Silva discovered that due to a packaging issue, a remo... • http://packetstormsecurity.com/files/166885/Redis-Lua-Sandbox-Escape.html • CWE-862: Missing Authorization •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-3947 – Gentoo Linux Security Advisory 202208-27
https://notcve.org/view.php?id=CVE-2021-3947
18 Feb 2022 — Un usuario malicioso podría usar este fallo conllevando a una divulgación de información confidencial Multiple vulnerabilities have been discovered in QEMU, the worst of which could result in remote code execution (guest sandbox escape). Versions less than 7.0.0 are affected. • https://bugzilla.redhat.com/show_bug.cgi?id=2021869 • CWE-125: Out-of-bounds Read •
CVSS: 9.9EPSS: 2%CPEs: 1EXPL: 0CVE-2021-42952 – Zepl Notebook Sandbox Escape
https://notcve.org/view.php?id=CVE-2021-42952
17 Feb 2022 — Zepl Notebooks before 2021-10-25 are affected by a sandbox escape vulnerability. Upon launching Remote Code Execution from the Notebook, users can then use that to subsequently escape the running context sandbox and proceed to access internal Zepl assets including cloud metadata services. Todas las versiones anteriores al 25 de octubre de 2021 de Zepl Notebooks están afectadas por una vulnerabilidad de escape de sandbox. Al iniciar una ejecución de código remota desde el c... • http://zepl.com •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-25183 – workflow-cps-global-lib: Sandbox bypass vulnerability
https://notcve.org/view.php?id=CVE-2022-25183
15 Feb 2022 — Issues addressed include bypass and denial of service vulnerabilities. • https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2586 • CWE-179: Incorrect Behavior Order: Early Validation •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-25182 – workflow-cps-global-lib: Sandbox bypass vulnerability
https://notcve.org/view.php?id=CVE-2022-25182
15 Feb 2022 — A sandbox bypass vulnerability in Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier allows attackers with Item/Configure permission to execute arbitrary code on the Jenkins controller JVM using specially crafted library names if a global Pipeline library is already configured. Una vulnerabilidad de omisión de sandbox en Jenkins Pipeline: Shared Groovy Libraries Plugin versiones 552.vd9cc05b8a2e1 y anteriores, permite a atacantes con permiso Item/Confi... • https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2422 • CWE-179: Incorrect Behavior Order: Early Validation •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-25181 – workflow-cps-global-lib: Sandbox bypass vulnerability
https://notcve.org/view.php?id=CVE-2022-25181
15 Feb 2022 — A sandbox bypass vulnerability in Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier allows attackers with Item/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM through crafted SCM contents, if a global Pipeline library already exists. Una vulnerabilidad de omisión de sandbox en Jenkins Pipeline: Shared Groovy Libraries Plugin versiones 552.vd9cc05b8a2e1 y anteriores, permite a atacantes con permiso Item/Confi... • https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2441 • CWE-179: Incorrect Behavior Order: Early Validation •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-22759 – Mozilla: Sandboxed iframes could have executed script if the parent appended elements
https://notcve.org/view.php?id=CVE-2022-22759
14 Feb 2022 — If a document created a sandboxed iframe without allow-scripts, and subsequently appended an element to the iframe's document that e.g. had a JavaScript event handler - the event handler would have run despite the iframe's sandbox. ... Si un documento creó un iframe en la sandboxed sin allow-scripts y posteriormente agregó un elemento al documento del iframe que, por ejemplo, tenía un controlador de eventos JavaScript, el controlador de eventos se habría ejecutado a pesar de... • https://bugzilla.mozilla.org/show_bug.cgi?id=1739957 • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2021-23555 – Sandbox Bypass
https://notcve.org/view.php?id=CVE-2021-23555
11 Feb 2022 — The package vm2 before 3.9.6 are vulnerable to Sandbox Bypass via direct access to host error objects generated by node internals during generation of a stacktraces, which can lead to execution of arbitrary code on the host machine. El paquete vm2 versiones anteriores a 3.9.6, es vulnerable a una Omisión de Sandbox por medio del acceso directo a los objetos de error del host generados por los internos del nodo durante la generación de un stacktrace, lo que puede conllevar a una e... • https://github.com/patriksimek/vm2/commit/532120d5cdec7da8225fc6242e154ebabc63fe4d • CWE-562: Return of Stack Variable Address •
CVSS: 9.6EPSS: 1%CPEs: 1EXPL: 1CVE-2022-0290 – Debian Security Advisory 5054-1
https://notcve.org/view.php?id=CVE-2022-0290
28 Jan 2022 — Use after free in Site isolation in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Un uso de memoria previamente liberada en Site isolation en Google Chrome versiones anteriores a 97.0.4692.99, permitía a un atacante remoto llevar a cabo un escape de sandbox por medio de una página HTML diseñada Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code... • https://packetstorm.news/files/id/166080 • CWE-416: Use After Free •