Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sandstorm sandstorm vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2017-6199
A remote attacker could bypass the Sandstorm organization restriction before build 0.203 via a comma in an email-address field.
Sandstorm Sandstorm
5.5
CVSSv2
CVE-2017-6201
A Server Side Request Forgery vulnerability exists in the install app process in Sandstorm before build 0.203. A remote attacker may exploit this issue by providing a URL. It could bypass access control such as firewalls that prevent the attackers from accessing the URLs directly...
Sandstorm Sandstorm
6.8
CVSSv2
CVE-2017-6198
The Supervisor in Sandstorm doesn't set and enforce the resource limits of a process. This allows remote malicious users to cause a denial of service by launching a fork bomb in the sandbox, or by using a large amount of disk space.
Sandstorm Sandstorm
4
CVSSv2
CVE-2017-6200
Sandstorm before build 0.203 allows remote malicious users to read any specified file under /etc or /run via the sandbox backup function. The root cause is that the findFilesToZip function doesn't filter Line Feed (\n) characters in a directory name.
Sandstorm Sandstorm
7.8
CVSSv2
CVE-2015-2312
Sandstorm Cap'n Proto prior to 0.4.1.1 and 0.5.x prior to 0.5.1.1 allows remote peers to cause a denial of service (CPU and possibly general resource consumption) via a list with a large number of elements.
Capnproto Capnproto
Capnproto Capnproto 0.5.0.0
Capnproto Capnproto 0.5.1.0
7.5
CVSSv2
CVE-2015-2311
Integer underflow in Sandstorm Cap'n Proto prior to 0.4.1.1 and 0.5.x prior to 0.5.1.1 might allow remote peers to cause a denial of service or possibly obtain sensitive information from memory or execute arbitrary code via a crafted message.
Capnproto Capnproto 0.5.0.0
Capnproto Capnproto 0.5.1.0
Capnproto Capnproto
6.4
CVSSv2
CVE-2015-2310
Integer overflow in layout.c++ in Sandstorm Cap'n Proto prior to 0.4.1.1 and 0.5.x prior to 0.5.1.1 allows remote peers to cause a denial of service or possibly obtain sensitive information from memory via a crafted message, related to pointer validation.
Capnproto Capnproto
7.8
CVSSv2
CVE-2015-2313
Sandstorm Cap'n Proto prior to 0.4.1.1 and 0.5.x prior to 0.5.1.2, when an application invokes the totalSize method on an object reader, allows remote peers to cause a denial of service (CPU consumption) via a crafted small message, which triggers a "tight" for loo...
Capnproto Capnproto 0.5.1.1
Capnproto Capnproto 0.5.0.0
Capnproto Capnproto
Capnproto Capnproto 0.5.1.0
5
CVSSv2
CVE-2017-7892
Sandstorm Cap'n Proto prior to 0.5.3.1 allows remote crashes related to a compiler optimization. A remote attacker can trigger a segfault in a 32-bit libcapnp application because Cap'n Proto relies on pointer arithmetic calculations that overflow. An example compiler wi...
Capnproto Capnproto
2 Github repositories
2.1
CVSSv2
CVE-2019-14337
An issue exists on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is an ability to escape to a shell in the restricted command line interface, as demonstrated by the `/bin/sh -c wget` sequence.
Dlink 6600-ap Firmware 4.2.0.14
Dlink Dwl-3600ap Firmware 4.2.0.14
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »