Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
virtualization host vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-24539
Angle brackets (<>) are not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character can result in unexpectedly closing the CSS context and allowing for injection of unexpected HTML, if exe...
Golang Go
1 Github repository
NA
CVE-2023-24540
Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during exe...
Golang Go
3 Github repositories
NA
CVE-2023-29400
Templates containing actions in unquoted HTML attributes (e.g. "attr={{.}}") executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags.
Golang Go
1 Github repository
NA
CVE-2021-26406
Insufficient validation in parsing Owner's Certificate Authority (OCA) certificates in SEV (AMD Secure Encrypted Virtualization) and SEV-ES user application can lead to a host crash potentially resulting in denial of service.
Amd Epyc 7232p Firmware Romepi 1.0.0.a
Amd Epyc 7252 Firmware Romepi 1.0.0.a
Amd Epyc 7262 Firmware Romepi 1.0.0.a
Amd Epyc 7272 Firmware Romepi 1.0.0.a
Amd Epyc 7282 Firmware Romepi 1.0.0.a
Amd Epyc 7302 Firmware Romepi 1.0.0.a
Amd Epyc 7302p Firmware Romepi 1.0.0.a
Amd Epyc 7352 Firmware Romepi 1.0.0.a
Amd Epyc 7402 Firmware Romepi 1.0.0.a
Amd Epyc 7402p Firmware Romepi 1.0.0.a
Amd Epyc 7452 Firmware Romepi 1.0.0.a
Amd Epyc 7502 Firmware Romepi 1.0.0.a
Amd Epyc 7502p Firmware Romepi 1.0.0.a
Amd Epyc 7532 Firmware Romepi 1.0.0.a
Amd Epyc 7542 Firmware Romepi 1.0.0.a
Amd Epyc 7552 Firmware Romepi 1.0.0.a
Amd Epyc 7642 Firmware Romepi 1.0.0.a
Amd Epyc 7662 Firmware Romepi 1.0.0.a
Amd Epyc 7702 Firmware Romepi 1.0.0.a
Amd Epyc 7702p Firmware Romepi 1.0.0.a
Amd Epyc 7742 Firmware Romepi 1.0.0.a
Amd Epyc 7f32 Firmware Romepi 1.0.0.a
NA
CVE-2023-1668
A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols ...
Cloudbase Open Vswitch 3.1.0
Cloudbase Open Vswitch
Debian Debian Linux 11.0
Redhat Virtualization 4.0
Redhat Openshift Container Platform 4.0
Redhat Openstack Platform 16.1
Redhat Openstack Platform 16.2
Redhat Openstack Platform 17.0
Redhat Fast Datapath -
NA
CVE-2023-24534
HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service. Certain unusual patterns of input data can cause the common function used to parse HTTP and MIME headers to allocate substantially more m...
Golang Go
NA
CVE-2023-24536
Multipart form parsing can consume large amounts of CPU and memory when processing form inputs containing very large numbers of parts. This stems from several causes: 1. mime/multipart.Reader.ReadForm limits the total memory a parsed multipart form can consume. ReadForm can under...
Golang Go
NA
CVE-2023-24537
Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow.
Golang Go
NA
CVE-2023-24538
Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the act...
Golang Go
2 Github repositories
NA
CVE-2022-41723
A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.
Golang Go
Golang Go 1.20.0
Golang Http2
Golang Hpack
2 Github repositories
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
CVE-2006-4304
wireless
CVE-2023-23022
local file inclusion
CVE-2024-27058
CVE-2024-33820
open redirect
CVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »