Lucene search
+L

31 matches found

Veracode
Veracode
added 2023/04/18 10:11 a.m.36 views

Arbitrary Code Execution

vm2 is vulnerable to Arbitrary Code Execution. The vulnerability exists because the transformer function of transformer.js allows remote attackers to bypass handleException and leak unsanitized host exceptions to escape the sandbox and run arbitrary code in the host context...

10CVSS9.3AI score0.03852EPSS
Exploits1References6Affected Software1
NVD
NVD
added 2023/04/17 10:15 p.m.24 views

CVE-2023-30547

vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. There exists a vulnerability in exception sanitization of vm2 for versions up to 3.9.16, allowing attackers to raise an unsanitized host exception inside handleException which can be used to escape the sandbox...

10CVSS9.6AI score0.72087EPSS
Exploits5References4
Prion
Prion
added 2023/04/17 10:15 p.m.39 views

Code injection

vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. There exists a vulnerability in exception sanitization of vm2 for versions up to 3.9.16, allowing attackers to raise an unsanitized host exception inside handleException which can be used to escape the sandbox...

7.5CVSS8.7AI score0.72087EPSS
Exploits5References4Affected Software1
OSV
OSV
added 2023/04/17 9:42 p.m.35 views

CVE-2023-30547 Sandbox Escape in vm2

vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. There exists a vulnerability in exception sanitization of vm2 for versions up to 3.9.16, allowing attackers to raise an unsanitized host exception inside handleException which can be used to escape the sandbox...

9.8CVSS9.2AI score0.72087EPSS
Exploits5References6
Prion
Prion
added 2023/04/14 7:15 p.m.26 views

Remote code execution

There exists a vulnerability in source code transformer exception sanitization logic of vm2 for versions up to 3.9.15, allowing attackers to bypass handleException and leak unsanitized host exceptions which can be used to escape the sandbox and run arbitrary code in host context. A threat actor c...

7.5CVSS9.7AI score0.03852EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2023/04/14 6:37 p.m.28 views

CVE-2023-29199 vm2 Sandbox escape vulnerability

There exists a vulnerability in source code transformer exception sanitization logic of vm2 for versions up to 3.9.15, allowing attackers to bypass handleException and leak unsanitized host exceptions which can be used to escape the sandbox and run arbitrary code in host context. A threat actor c...

9.8CVSS9.6AI score0.03852EPSS
Exploits1References7
Github Security Blog
Github Security Blog
added 2023/04/12 8:42 p.m.46 views

vm2 Sandbox Escape vulnerability

There exists a vulnerability in source code transformer exception sanitization logic of vm2 for versions up to 3.9.15, allowing attackers to bypass handleException and leak unsanitized host exceptions which can be used to escape the sandbox and run arbitrary code in host context. Impact A threat...

10CVSS9.7AI score0.03852EPSS
Exploits1References7Affected Software1
Debian CVE
Debian CVE
added 2019/10/28 12:37 p.m.29 views

CVE-2019-18466

An issue was discovered in Podman in libpod before 1.6.0. It resolves a symlink in the host context during a copy operation from the container to the host, because an undesired glob operation occurs. An attacker could create a container image containing particular symlinks that, when copied by a...

5.8CVSS5.5AI score0.0149EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2015/09/03 6:14 p.m.5 views

spice: memory corruption in worker_update_monitors_config()

A race condition flaw, leading to a heap-based memory corruption, was found in spice's workerupdatemonitorsconfig function, which runs under the QEMU-KVM context on the host. A user in a guest could leverage this flaw to crash the host QEMU-KVM process or, possibly, execute arbitrary code with th...

6.9CVSS7.4AI score0.01144EPSS
Exploits0References4
0day.today
0day.today
added 2015/08/27 12:0 a.m.245 views

QEMU Programmable Interrupt Timer Controller Heap Overflow Exploit

Exploit for multiple platform in category dos / poc Source: https://code.google.com/p/google-security-research/issues/detail?id=419c4 The programmable interrupt timer PIT controller in QEMU does not correctly validate the channel number when performing IO writes to the device controller, allowing...

6.9CVSS0.2AI score0.01594EPSS
Exploits1
Exploit DB
Exploit DB
added 2015/08/27 12:0 a.m.53 views

QEMU - Programmable Interrupt Timer Controller Heap Overflow

Source: https://code.google.com/p/google-security-research/issues/detail?id=419c4 The programmable interrupt timer PIT controller in QEMU does not correctly validate the channel number when performing IO writes to the device controller, allowing both an information disclosure and heap-overflow...

7.4AI score
Exploits0
Rows per page
Query Builder