Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
virtualization host vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv3
CVE-2023-2002
A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an malicious user to unauthorized execution of management commands, compromising the confidentiality, integrity, and ava...
Linux Linux Kernel
Debian Debian Linux 10.0
Debian Debian Linux 11.0
1 Github repository
7.8
CVSSv3
CVE-2023-2124
An out-of-bounds memory access flaw was found in the Linux kernel’s XFS file system in how a user restores an XFS image after failure (with a dirty log journal). This flaw allows a local user to crash or potentially escalate their privileges on the system.
Linux Linux Kernel
Debian Debian Linux 11.0
Debian Debian Linux 12.0
Netapp H300s Firmware -
Netapp H410c Firmware -
Netapp H410s Firmware -
Netapp H500s Firmware -
Netapp H700s Firmware -
7.3
CVSSv3
CVE-2023-24539
Angle brackets (<>) are not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character can result in unexpectedly closing the CSS context and allowing for injection of unexpected HTML, if exe...
Golang Go
1 Github repository
9.8
CVSSv3
CVE-2023-24540
Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during exe...
Golang Go
3 Github repositories
7.3
CVSSv3
CVE-2023-29400
Templates containing actions in unquoted HTML attributes (e.g. "attr={{.}}") executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags.
Golang Go
1 Github repository
7.5
CVSSv3
CVE-2021-26406
Insufficient validation in parsing Owner's Certificate Authority (OCA) certificates in SEV (AMD Secure Encrypted Virtualization) and SEV-ES user application can lead to a host crash potentially resulting in denial of service.
Amd Epyc 7232p Firmware Romepi 1.0.0.a
Amd Epyc 7252 Firmware Romepi 1.0.0.a
Amd Epyc 7262 Firmware Romepi 1.0.0.a
Amd Epyc 7272 Firmware Romepi 1.0.0.a
Amd Epyc 7282 Firmware Romepi 1.0.0.a
Amd Epyc 7302 Firmware Romepi 1.0.0.a
Amd Epyc 7302p Firmware Romepi 1.0.0.a
Amd Epyc 7352 Firmware Romepi 1.0.0.a
Amd Epyc 7402 Firmware Romepi 1.0.0.a
Amd Epyc 7402p Firmware Romepi 1.0.0.a
Amd Epyc 7452 Firmware Romepi 1.0.0.a
Amd Epyc 7502 Firmware Romepi 1.0.0.a
Amd Epyc 7502p Firmware Romepi 1.0.0.a
Amd Epyc 7532 Firmware Romepi 1.0.0.a
Amd Epyc 7542 Firmware Romepi 1.0.0.a
Amd Epyc 7552 Firmware Romepi 1.0.0.a
Amd Epyc 7642 Firmware Romepi 1.0.0.a
Amd Epyc 7662 Firmware Romepi 1.0.0.a
Amd Epyc 7702 Firmware Romepi 1.0.0.a
Amd Epyc 7702p Firmware Romepi 1.0.0.a
Amd Epyc 7742 Firmware Romepi 1.0.0.a
Amd Epyc 7f32 Firmware Romepi 1.0.0.a
8.2
CVSSv3
CVE-2023-1668
A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols ...
Cloudbase Open Vswitch 3.1.0
Cloudbase Open Vswitch
Debian Debian Linux 11.0
Redhat Virtualization 4.0
Redhat Openshift Container Platform 4.0
Redhat Openstack Platform 16.1
Redhat Openstack Platform 16.2
Redhat Openstack Platform 17.0
Redhat Fast Datapath -
7.5
CVSSv3
CVE-2023-24534
HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service. Certain unusual patterns of input data can cause the common function used to parse HTTP and MIME headers to allocate substantially more m...
Golang Go
7.5
CVSSv3
CVE-2023-24536
Multipart form parsing can consume large amounts of CPU and memory when processing form inputs containing very large numbers of parts. This stems from several causes: 1. mime/multipart.Reader.ReadForm limits the total memory a parsed multipart form can consume. ReadForm can under...
Golang Go
7.5
CVSSv3
CVE-2023-24537
Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow.
Golang Go
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »