Lucene search
K

102 matches found

NVD
NVD
added 2023/04/15 11:15 p.m.30 views

CVE-2021-45464

kvmtool through 39181fc allows an out-of-bounds write, related to virtio/balloon.c and virtio/pci.c. This allows a guest OS user to execute arbitrary code on the host machine...

8.8CVSS9AI score0.00382EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2023/04/15 11:15 p.m.27 views

CVE-2021-45464

kvmtool through 39181fc allows an out-of-bounds write, related to virtio/balloon.c and virtio/pci.c. This allows a guest OS user to execute arbitrary code on the host machine...

8.8CVSS7.3AI score0.00382EPSS
Exploits1References3
Prion
Prion
added 2023/04/15 11:15 p.m.18 views

Cross site scripting

kvmtool through 39181fc allows an out-of-bounds write, related to virtio/balloon.c and virtio/pci.c. This allows a guest OS user to execute arbitrary code on the host machine...

4.3CVSS8.9AI score0.00382EPSS
Exploits1References4
Cvelist
Cvelist
added 2023/04/15 12:0 a.m.32 views

CVE-2021-45464

kvmtool through 39181fc allows an out-of-bounds write, related to virtio/balloon.c and virtio/pci.c. This allows a guest OS user to execute arbitrary code on the host machine...

9.1AI score0.00382EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2023/04/15 12:0 a.m.4 views

CVE-2021-45464

kvmtool through 39181fc allows an out-of-bounds write, related to virtio/balloon.c and virtio/pci.c. This allows a guest OS user to execute arbitrary code on the host machine...

8.9AI score0.00382EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2023/03/10 12:0 a.m.55 views

Apache Spark < 2.4.6 RCE (CVE-2020-9480)

In Apache Spark 2.4.5 and earlier, a standalone resource manager's master may be configured to require authentication spark.authenticate via a shared secret. When enabled, however, a specially-crafted RPC to the master can succeed in starting an application's resources on the Spark cluster, even...

9.8CVSS7.7AI score0.29157EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2022/05/24 4:51 p.m.22 views

Dolibarr ERP and CRM Code Injection

Dolibarr ERP/CRM 9.0.1 provides a module named website that provides for creation of public websites with a WYSIWYG editor. It was identified that the editor also allowed inclusion of dynamic code, which can lead to code execution on the host machine. An attacker has to check a setting on the sam...

8.5CVSS7.6AI score0.02236EPSS
Exploits1References5Affected Software1
Prion
Prion
added 2022/05/04 5:15 p.m.17 views

Information disclosure

Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software NFVIS could allow an attacker to escape from the guest virtual machine VM to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. For more information about these...

4.3CVSS7.6AI score0.10922EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2022/05/04 5:5 p.m.171 views

CVE-2022-20779

Cisco NFVIS (Cisco Enterprise NFV Infrastructure Software) has CVE-2022-20779 and related vulnerabilities allowing an attacker to escape a guest VM to the host, inject root-level commands during image registration, or leak host data to VMs. Affected component is the NFVIS image/registration pathw...

9.9CVSS9AI score0.10173EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2022/05/04 5:5 p.m.13 views

CVE-2022-20779 Cisco Enterprise NFV Infrastructure Software Vulnerabilities

Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software NFVIS could allow an attacker to escape from the guest virtual machine VM to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. For more information about these...

9.9CVSS7.2AI score0.10173EPSS
Exploits1References2
Snyk
Snyk
added 2022/04/06 10:40 a.m.3 views

Malicious Package

Overview zureexplorer2 is a malicious package. The package enumerates and exfiltrates sensitive information from the host machine. Remediation Avoid using all malicious instances of the zureexplorer2 package. Credit: Snyk Research Team...

9.8CVSS6.6AI score
Exploits0References2
Snyk
Snyk
added 2022/04/06 10:31 a.m.2 views

Malicious Package

Overview omniprotocol is a malicious package. The package enumerates and exfiltrates sensitive information from the host machine. Remediation Avoid using all malicious instances of the omniprotocol package. Credit: Snyk Research Team...

9.8CVSS6.6AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2022/02/14 9:55 a.m.32 views

CVE-2021-23555

A flaw was found in vm2, where the sandbox can be bypassed via direct access to host error objects generated by node internals during the generation of stack traces. This flaw allows an attacker to execute arbitrary code on the host machine...

10CVSS4.6AI score0.02876EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2022/02/12 12:0 a.m.98 views

Sandbox bypass in vm2

The package vm2 before 3.9.6 are vulnerable to Sandbox Bypass via direct access to host error objects generated by node internals during generation of a stacktraces, which can lead to execution of arbitrary code on the host machine...

10CVSS3.7AI score0.02876EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2022/02/11 8:15 p.m.25 views

CVE-2021-23555

The package vm2 before 3.9.6 are vulnerable to Sandbox Bypass via direct access to host error objects generated by node internals during generation of a stacktraces, which can lead to execution of arbitrary code on the host machine...

9.8CVSS9.6AI score
Exploits0References2
NVD
NVD
added 2022/02/11 8:15 p.m.43 views

CVE-2021-23555

The package vm2 before 3.9.6 are vulnerable to Sandbox Bypass via direct access to host error objects generated by node internals during generation of a stacktraces, which can lead to execution of arbitrary code on the host machine...

10CVSS0.02876EPSS
Exploits1References2
CVE
CVE
added 2022/02/11 8:0 p.m.133 views

CVE-2021-23555

The CVE-2021-23555 entry concerns the Node.js vm2 sandbox module (pre-3.9.6) allowing a sandbox bypass via direct access to host error objects generated during stack-trace creation, enabling possible remote arbitrary code execution. Concrete details across connected docs indicate this affects vm2...

10CVSS9.6AI score0.02876EPSS
Exploits1References2Affected Software1
FreeBSD
FreeBSD
added 2021/12/26 12:0 a.m.13 views

py39-unicorn -- sandbox escape and arbitrary code execution vulnerability

jwang-a reports: An issue was discovered in splitregion in uc.c in Unicorn Engine before 2.0.0-rc5. It allows local attackers to escape the sandbox. An attacker must first obtain the ability to execute crafted code in the target sandbox in order to exploit this vulnerability. The specific flaw...

8.1CVSS8.2AI score0.00528EPSS
Exploits0References1
Prion
Prion
added 2021/11/11 10:15 p.m.15 views

Remote code execution

OctoRPKI does not escape a URI with a filename containing "..", this allows a repository to create a file, ex. rsync://example.org/repo/../../etc/cron.daily/evil.roa, which would then be written to disk outside the base cache folder. This could allow for remote code execution on the host machine...

7.5CVSS9.6AI score0.04065EPSS
Exploits0References4Affected Software2
OSV
OSV
added 2021/10/19 3:28 p.m.7 views

GHSA-RJF2-J2R6-Q8GR Prototype Pollution in vm2

This affects the package vm2 before 3.9.4. Prototype Pollution attack vector can lead to sandbox escape and execution of arbitrary code on the host machine...

9.8CVSS7.6AI score0.03476EPSS
Exploits1References7
Rows per page
Query Builder