Lucene search
K

13 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2024/03/15 1:58 p.m.38 views

Security Bulletin: IBM Instana Observability for Synthetic PoP is affected by vulnerabilities in vm2

Summary Vulnerabilities in vm2 were addressed in IBM Observability with Instana for Synthetic PoP build 256 CVE-2023-37903, CVE-2023-37466 Vulnerability Details CVEID:CVE-2023-37903 DESCRIPTION: Node.js vm2 module could allow a remote attacker to execute arbitrary code on the system, caused by a...

10CVSS10AI score0.0279EPSS
Exploits5Affected Software1
GithubExploit
GithubExploit
added 2023/11/05 11:23 a.m.1224 views

Exploit for OS Command Injection in Vm2_Project Vm2

CVE-2023-37903 Expl...

10CVSS8.7AI score0.0279EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/11 4:26 p.m.72 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to a remote attack and a denial of service due to Node.js modules protobuf.js, vm2 and word-wrap [CVE-2023-36665, CVE-2023-37903, CVE-2023-37466 and CVE-2023-26115]

Summary IBM App Connect Enterprise is vulnerable to a remote attack and a denial of service due to Node.js modules protobuf.js, vm2 and word-wrap CVE-2023-36665, CVE-2023-37903, CVE-2023-37466 and CVE-2023-26115. The fix includes protobuf.js =7.2.4, word-wrap =1.2.5 and vm2 has been removed from...

10CVSS8.5AI score0.0279EPSS
Exploits7Affected Software1
RedHat Linux
RedHat Linux
added 2023/09/05 3:51 p.m.44 views

Critical: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.6.7 security and bug fix updates

Red Hat Advanced Cluster Management for Kubernetes 2.6.7 General Availability release images, which provide security updates and fix bugs. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a...

10CVSS7.2AI score0.0279EPSS
Exploits5References5
RedHat Linux
RedHat Linux
added 2023/09/05 1:4 p.m.61 views

Critical: Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.1.8 security updates and bug fixes

Multicluster Engine for Kubernetes 2.1.8 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

10CVSS7.2AI score0.0279EPSS
Exploits5References5
RedHat Linux
RedHat Linux
added 2023/08/30 2:17 p.m.40 views

Critical: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.8.1 security and bug fix updates

Red Hat Advanced Cluster Management for Kubernetes 2.8.1 General Availability release images, which provide security updates and fix bugs. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a...

10CVSS7AI score0.0279EPSS
Exploits5References6
RedHat Linux
RedHat Linux
added 2023/08/29 4:8 p.m.48 views

Critical: Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.3.1 security updates and bug fixes

Multicluster Engine for Kubernetes 2.3.1 General Availability release images, which contain security updates and fix bugs. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

10CVSS7.2AI score0.0279EPSS
Exploits5References5
RedHat Linux
RedHat Linux
added 2023/08/15 3:12 p.m.51 views

Critical: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.7.7 security and bug fix updates

Red Hat Advanced Cluster Management for Kubernetes 2.7.7 General Availability release images, which provide security updates and fix bugs. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a...

10CVSS7.2AI score0.0279EPSS
Exploits5References4
RedHat Linux
RedHat Linux
added 2023/08/14 7:51 p.m.47 views

Critical: Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.2.7 security updates and bug fixes

Multicluster Engine for Kubernetes 2.2.7 General Availability release images, which provide security updates and fix bugs. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

10CVSS7.1AI score0.0279EPSS
Exploits1References4
CVE
CVE
added 2023/07/21 7:42 p.m.130 views

CVE-2023-37903

CVE-2023-37903 — vm2 (Node.js sandbox) Affected: vm2 versions up to and including 3.9.19, which is an open-source VM/sandbox for Node.js. Root cause: The library’s sandbox escape can be triggered via the Node.js custom inspect function, enabling an attacker to escape the sandbox and execute code ...

10CVSS9.9AI score0.0279EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2023/07/21 7:42 p.m.34 views

CVE-2023-37903 Sandbox Escape in vm2

vm2 is an open source vm/sandbox for Node.js. In vm2 for versions up to and including 3.9.19, Node.js custom inspect function allows attackers to escape the sandbox and run arbitrary code. This may result in Remote Code Execution, assuming the attacker has arbitrary code execution primitive insid...

9.8CVSS8.5AI score0.0279EPSS
Exploits1References5
OpenVAS
OpenVAS
added 2023/07/14 12:0 a.m.34 views

vm2 Sandbox Escape Vulnerability (GHSA-cchq-frgv-rjh5)

vm2 is prone to a sandbox escape vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:vm2project:vm2"; ifdescription...

7.5AI score
Exploits0References2
vulnersOsv
vulnersOsv
added 2023/07/13 5:1 p.m.8 views

2broke2wait (=0.1.0), 2ch-fetcher-with-proxy (>=1.0.0 <=1.0.1) +4099 more potentially affected by CVE-2023-37903 via vm2 (>=1.0.1 <=3.9.19)

vm2 NPM version =1.0.1, =1.0.0, =15.0.0, =5.1.3, =1.0.2, =1.0.1, =0.1.0, =0.1.0, =0.1.0, =0.0.1, =0.2.48, =0.12.5-20190619040852, =0.2.46, =0.24.1-20230627140514 and more Source cves: CVE-2023-37903 Source advisory: OSV:GHSA-G644-9GFX-Q4Q4...

10CVSS7.5AI score0.0279EPSS
Exploits1
Rows per page
Query Builder