102 matches found
CVE-2021-45464
kvmtool through 39181fc allows an out-of-bounds write, related to virtio/balloon.c and virtio/pci.c. This allows a guest OS user to execute arbitrary code on the host machine...
CVE-2021-45464
kvmtool through 39181fc allows an out-of-bounds write, related to virtio/balloon.c and virtio/pci.c. This allows a guest OS user to execute arbitrary code on the host machine...
Cross site scripting
kvmtool through 39181fc allows an out-of-bounds write, related to virtio/balloon.c and virtio/pci.c. This allows a guest OS user to execute arbitrary code on the host machine...
CVE-2021-45464
kvmtool through 39181fc allows an out-of-bounds write, related to virtio/balloon.c and virtio/pci.c. This allows a guest OS user to execute arbitrary code on the host machine...
CVE-2021-45464
kvmtool through 39181fc allows an out-of-bounds write, related to virtio/balloon.c and virtio/pci.c. This allows a guest OS user to execute arbitrary code on the host machine...
Apache Spark < 2.4.6 RCE (CVE-2020-9480)
In Apache Spark 2.4.5 and earlier, a standalone resource manager's master may be configured to require authentication spark.authenticate via a shared secret. When enabled, however, a specially-crafted RPC to the master can succeed in starting an application's resources on the Spark cluster, even...
Dolibarr ERP and CRM Code Injection
Dolibarr ERP/CRM 9.0.1 provides a module named website that provides for creation of public websites with a WYSIWYG editor. It was identified that the editor also allowed inclusion of dynamic code, which can lead to code execution on the host machine. An attacker has to check a setting on the sam...
Information disclosure
Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software NFVIS could allow an attacker to escape from the guest virtual machine VM to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. For more information about these...
CVE-2022-20779
Cisco NFVIS (Cisco Enterprise NFV Infrastructure Software) has CVE-2022-20779 and related vulnerabilities allowing an attacker to escape a guest VM to the host, inject root-level commands during image registration, or leak host data to VMs. Affected component is the NFVIS image/registration pathw...
CVE-2022-20779 Cisco Enterprise NFV Infrastructure Software Vulnerabilities
Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software NFVIS could allow an attacker to escape from the guest virtual machine VM to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. For more information about these...
Malicious Package
Overview zureexplorer2 is a malicious package. The package enumerates and exfiltrates sensitive information from the host machine. Remediation Avoid using all malicious instances of the zureexplorer2 package. Credit: Snyk Research Team...
Malicious Package
Overview omniprotocol is a malicious package. The package enumerates and exfiltrates sensitive information from the host machine. Remediation Avoid using all malicious instances of the omniprotocol package. Credit: Snyk Research Team...
CVE-2021-23555
A flaw was found in vm2, where the sandbox can be bypassed via direct access to host error objects generated by node internals during the generation of stack traces. This flaw allows an attacker to execute arbitrary code on the host machine...
Sandbox bypass in vm2
The package vm2 before 3.9.6 are vulnerable to Sandbox Bypass via direct access to host error objects generated by node internals during generation of a stacktraces, which can lead to execution of arbitrary code on the host machine...
CVE-2021-23555
The package vm2 before 3.9.6 are vulnerable to Sandbox Bypass via direct access to host error objects generated by node internals during generation of a stacktraces, which can lead to execution of arbitrary code on the host machine...
CVE-2021-23555
The package vm2 before 3.9.6 are vulnerable to Sandbox Bypass via direct access to host error objects generated by node internals during generation of a stacktraces, which can lead to execution of arbitrary code on the host machine...
CVE-2021-23555
The CVE-2021-23555 entry concerns the Node.js vm2 sandbox module (pre-3.9.6) allowing a sandbox bypass via direct access to host error objects generated during stack-trace creation, enabling possible remote arbitrary code execution. Concrete details across connected docs indicate this affects vm2...
py39-unicorn -- sandbox escape and arbitrary code execution vulnerability
jwang-a reports: An issue was discovered in splitregion in uc.c in Unicorn Engine before 2.0.0-rc5. It allows local attackers to escape the sandbox. An attacker must first obtain the ability to execute crafted code in the target sandbox in order to exploit this vulnerability. The specific flaw...
Remote code execution
OctoRPKI does not escape a URI with a filename containing "..", this allows a repository to create a file, ex. rsync://example.org/repo/../../etc/cron.daily/evil.roa, which would then be written to disk outside the base cache folder. This could allow for remote code execution on the host machine...
GHSA-RJF2-J2R6-Q8GR Prototype Pollution in vm2
This affects the package vm2 before 3.9.4. Prototype Pollution attack vector can lead to sandbox escape and execution of arbitrary code on the host machine...