Lucene search
K

17 matches found

NVD
NVD
added 2026/06/17 5:16 p.m.12 views

CVE-2025-71323

picklescan before 0.0.33 fails to block the ctypes module, allowing attackers to achieve remote code execution by invoking direct syscalls and accessing raw memory. Attackers can craft malicious pickle files using ctypes.WinDLL to load kernel32.dll and execute arbitrary commands, bypassing sandbo...

9.8CVSS0.00757EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-16904

Malware in sbrugna...

5.3CVSS7.3AI score0.01578EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2023/05/18 7:16 p.m.70 views

CVE-2023-32314

A flaw was found in the vm2 sandbox. When a host object is created based on the specification of Proxy, an attacker can bypass the sandbox protections. This may allow an attacker to run remote code execution on the host running the sandbox. This vulnerability impacts the confidentiality, integrit...

9.8CVSS7.7AI score0.05642EPSS
Exploits1References4
The Hacker News
The Hacker News
added 2023/04/19 4:53 a.m.98 views

Critical Flaws in vm2 JavaScript Library Can Lead to Remote Code Execution

A fresh round of patches has been made available for the vm2 JavaScript library to address two critical flaws that could be exploited to break out of sandbox protections and achieve code execution. Both the flaws – CVE-2023-29199 and CVE-2023-30547 – are rated 9.8 out of 10 on the CVSS scoring...

10CVSS10.2AI score0.72087EPSS
Exploits9
RedhatCVE
RedhatCVE
added 2023/04/18 7:33 a.m.94 views

CVE-2023-30547

A flaw was found in the vm2 sandbox. When exception handling is triggered, an unsanitized host is not managed properly. This issue may allow an attacker to bypass the sandbox protections, which can lead to remote code execution on the hypervisor host or the host that is running the sandbox...

9.8CVSS9.4AI score0.72087EPSS
Exploits5References4
Prion
Prion
added 2023/04/14 7:15 p.m.26 views

Remote code execution

There exists a vulnerability in source code transformer exception sanitization logic of vm2 for versions up to 3.9.15, allowing attackers to bypass handleException and leak unsanitized host exceptions which can be used to escape the sandbox and run arbitrary code in host context. A threat actor c...

7.5CVSS9.7AI score0.03852EPSS
Exploits1References5Affected Software1
Veracode
Veracode
added 2023/04/11 2:50 a.m.28 views

Arbitrary Code Execution

vm2 is vulnerable to Arbitrary Code Execution. The vulnerability exists because the newWrapped function of setup-sandbox.js does not properly handle host objects passed to Error.prepareStackTrace in case of unhandled async errors, which allows an attacker to bypass the sandbox protections and...

10CVSS9.3AI score0.63186EPSS
Exploits1References4Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 5:27 a.m.4 views

SUSE CVE-2014-5206

The doremount function in fs/namespace.c in the Linux kernel through 3.16.1 does not maintain the MNTLOCKREADONLY bit across a remount of a bind mount, which allows local users to bypass an intended read-only restriction and defeat certain sandbox protection mechanisms via a "mount -o remount"...

7.2CVSS6.5AI score0.00368EPSS
Exploits0References4
Veracode
Veracode
added 2022/09/07 4:57 a.m.39 views

Remote Code Execution (RCE)

vm2 is vulnerable to remote code execution. The vulnerability exists in the Object.defineProperties function of setup-sandbox.js, allowing an attacker to bypass the sandbox protections by injecting and executing malicious code on the sandbox host...

10CVSS9.4AI score0.47868EPSS
Exploits2References8Affected Software1
RedHat Linux
RedHat Linux
added 2022/06/01 8:47 p.m.89 views

postgresql: Autovacuum, REINDEX, and others omit "security restricted operation" sandbox

A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pgamcheck commands activated relevant protections too late or no...

8.8CVSS7.1AI score0.12403EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2019/04/26 4:13 p.m.24 views

CVE-2019-9802

If a Sandbox content process is compromised, it can initiate an FTP download which will then use a child process to render the downloaded data. The downloaded data can then be passed to the Chrome process with an arbitrary file length supplied by an attacker, bypassing sandbox protections and all...

7.5CVSS8.7AI score0.01127EPSS
Exploits0
Cvelist
Cvelist
added 2019/04/26 4:13 p.m.23 views

CVE-2019-9802

If a Sandbox content process is compromised, it can initiate an FTP download which will then use a child process to render the downloaded data. The downloaded data can then be passed to the Chrome process with an arbitrary file length supplied by an attacker, bypassing sandbox protections and all...

7.8AI score0.01127EPSS
Exploits0References2
Mozilla
Mozilla
added 2019/03/19 12:0 a.m.169 views

Security vulnerabilities fixed in Firefox 66 — Mozilla

A use-after-free vulnerability can occur when a raw pointer to a DOM element on a page is obtained using JavaScript and the element is then removed while still in use. This results in a potentially exploitable crash. The type inference system allows the compilation of functions that can cause typ...

9.8CVSS0.19762EPSS
Exploits11References24Affected Software1
Prion
Prion
added 2018/06/11 9:29 p.m.13 views

Code injection

The screenshot images displayed in the Activity Stream page displayed when a new tab is opened is created from the meta tags of websites. An issue was discovered where the page could attempt to create these images through "file:" URLs from the local file system. This loading is blocked by the...

5CVSS6.2AI score0.01578EPSS
Exploits0References5Affected Software2
Tenable Nessus
Tenable Nessus
added 2018/01/25 12:0 a.m.34 views

Ubuntu 14.04 LTS / 16.04 LTS : Firefox vulnerabilities (USN-3544-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3544-1 advisory. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could...

10CVSS7.8AI score0.20024EPSS
Exploits0References31
Ubuntu
Ubuntu
added 2018/01/24 8:27 p.m.65 views

USN-3544-1: Firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, spoof the origin in audio capture prompts, trick the user in to providing HTTP...

10CVSS7.7AI score0.20024EPSS
Exploits0
ThreatPost
ThreatPost
added 2014/01/15 11:28 a.m.10 views

Oracle Patches 36 Java Flaws in January 2014 CPU

All has been relatively quiet of late on the Java security front, which is in stark contrast to a year ago when Java was the scourge of the Internet. Vulnerabilities in Java were being exploited at an alarming rate in a number of targeted attacks including watering hole attacks against prominent...

0.1AI score
Exploits0References5
Rows per page
Query Builder