Lucene search
K

11 matches found

Tenable Nessus
Tenable Nessus
added 2023/03/30 12:0 a.m.137 views

Node.js Module vm2 < 3.9.11 Sandbox Breakout

The version of the Node.js module vm2 installed on the remote host is prior to 3.9.11. It is, therefore affected by a sandbox breakout vulnerability. Untrusted code can break out of the sandbox created by the affected vm2 module and execute arbitrary code on the host system. Note that Nessus has...

10CVSS9.2AI score0.47868EPSS
Exploits2References3
The Hacker News
The Hacker News
added 2022/11/15 5:1 p.m.128 views

Critical RCE Flaw Reported in Spotify's Backstage Software Catalog and Developer Platform

Spotify's Backstage has been discovered as vulnerable to a severe security flaw that could be exploited to gain remote code execution by leveraging a recently disclosed bug in a third-party module. The vulnerability CVSS score: 9.8, at its core, takes advantage of a critical sandbox escape in vm2...

10CVSS0.4AI score0.47868EPSS
Exploits2
GithubExploit
GithubExploit
added 2022/11/05 1:28 p.m.610 views

Exploit for Improper Control of Dynamically-Managed Code Resources in Vm2_Project Vm2

Exploit-For-CVE-2022-36067 This repo contains payload for the...

10CVSS9.6AI score0.47868EPSS
Exploits2
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/03 5:7 p.m.33 views

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer operands that use the Box connector may be vulnerable to arbitrary code execution due to [CVE-2022-36067]

Summary Node.js module vm2 is used by the Box connector in IBM App Connect Enterprise Certified Container IntegrationServer operands. IBM App Connect Enterprise Certified Container IntegrationServer operands that use the Box connector may be vulnerable to arbitrary code injection. This bulletin...

10CVSS9.7AI score0.47868EPSS
Exploits2Affected Software1
The Hacker News
The Hacker News
added 2022/10/11 11:28 a.m.171 views

Researchers Detail Critical RCE Flaw Reported in Popular vm2 JavaScript Sandbox

A now-patched security flaw in the vm2 JavaScript sandbox module could be abused by a remote adversary to break out of security barriers and perform arbitrary operations on the underlying machine. "A threat actor can bypass the sandbox protections to gain remote code execution rights on the host...

10CVSS1.5AI score0.47868EPSS
Exploits2
RedHat Linux
RedHat Linux
added 2022/09/12 9:10 p.m.50 views

Critical: Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.1.1 security update and bug fixes

Multicluster Engine for Kubernetes 2.1.1 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

10CVSS7.6AI score0.47868EPSS
Exploits2References3
RedHat Linux
RedHat Linux
added 2022/09/12 9:10 p.m.71 views

Critical: Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.0.2 security and bug fixes

Multicluster Engine for Kubernetes 2.0.2 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

10CVSS7AI score0.47868EPSS
Exploits3References4
Vulnrichment
Vulnrichment
added 2022/09/06 12:0 a.m.4 views

CVE-2022-36067 vm2 vulnerable to Sandbox Escape before v3.9.11

vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. In versions prior to version 3.9.11, a threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. This vulnerability was patched in the release of...

10CVSS10AI score0.47868EPSS
Exploits2References6
Cvelist
Cvelist
added 2022/09/06 12:0 a.m.26 views

CVE-2022-36067 vm2 vulnerable to Sandbox Escape before v3.9.11

vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. In versions prior to version 3.9.11, a threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. This vulnerability was patched in the release of...

10CVSS10AI score0.47868EPSS
Exploits2References6
CVE
CVE
added 2022/09/06 12:0 a.m.316 views

CVE-2022-36067

CVE-2022-36067 (vm2) is a Node.js sandbox vulnerability in the vm2 library. In versions prior to 3.9.11, the sandbox protections can be bypassed, allowing a threat actor to gain remote code execution on the host running the sandbox. The issue has been fixed in vm2 3.9.11. The Initial Description ...

10CVSS10AI score0.47868EPSS
Exploits2References6Affected Software1
OSV
OSV
added 2022/09/06 12:0 a.m.27 views

CVE-2022-36067 vm2 vulnerable to Sandbox Escape before v3.9.11

vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. In versions prior to version 3.9.11, a threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. This vulnerability was patched in the release of...

10CVSS9.9AI score0.47868EPSS
Exploits2References8
Rows per page
Query Builder