Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
kubernetes engine vulnerabilities and exploits
(subscribe to this query)
7.3
CVSSv3
CVE-2023-24539
Angle brackets (<>) are not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character can result in unexpectedly closing the CSS context and allowing for injection of unexpected HTML, if exe...
Golang Go
1 Github repository
9.8
CVSSv3
CVE-2023-24540
Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during exe...
Golang Go
3 Github repositories
6.5
CVSSv3
CVE-2023-29469
An issue exists in libxml2 prior to 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an...
Xmlsoft Libxml2
Debian Debian Linux 10.0
1 Github repository
6.5
CVSSv3
CVE-2023-28484
In libxml2 prior to 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.
Xmlsoft Libxml2
Debian Debian Linux 10.0
10
CVSSv3
CVE-2023-30547
vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. There exists a vulnerability in exception sanitization of vm2 for versions up to 3.9.16, allowing malicious users to raise an unsanitized host exception inside `handleException()` which ca...
Vm2 Project Vm2
5 Github repositories
10
CVSSv3
CVE-2023-29199
There exists a vulnerability in source code transformer (exception sanitization logic) of vm2 for versions up to 3.9.15, allowing malicious users to bypass `handleException()` and leak unsanitized host exceptions which can be used to escape the sandbox and run arbitrary code in h...
Vm2 Project Vm2
1 Github repository
7.8
CVSSv3
CVE-2023-29491
ncurses prior to 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.
Gnu Ncurses
7.1
CVSSv3
CVE-2023-30630
Dmidecode prior to 3.5 allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible.
Nongnu Dmidecode
5.5
CVSSv3
CVE-2020-24736
Buffer Overflow vulnerability found in SQLite3 v.3.27.1 and before allows a local malicious user to cause a denial of service via a crafted script.
Ghost Sqlite3 3.27.1
9.8
CVSSv3
CVE-2023-29017
vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Prior to version 3.9.15, vm2 was not properly handling host objects passed to `Error.prepareStackTrace` in case of unhandled async errors. A threat actor could bypass the sandbox protectio...
Vm2 Project Vm2
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907
hardcoded
inject
CVE-2024-20359
CVE-2024-2467
CVE-2024-4077
CVE-2024-22391
camera
CVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »