Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vm vulnerabilities and exploits
(subscribe to this query)
10
CVSSv3
CVE-2023-37903
vm2 is an open source vm/sandbox for Node.js. In vm2 for versions up to and including 3.9.19, Node.js custom inspect function allows malicious users to escape the sandbox and run arbitrary code. This may result in Remote Code Execution, assuming the attacker has arbitrary code ex...
Vm2 Project Vm2
1 Github repository
10
CVSSv3
CVE-2023-37466
vm2 is an advanced vm/sandbox for Node.js. The library contains critical security issues and should not be used for production. The maintenance of the project has been discontinued. In vm2 for versions up to 3.9.19, `Promise` handler sanitization can be bypassed with the `@@speci...
Vm2 Project Vm2
1 Github repository
10
CVSSv3
CVE-2021-44228
Apache Log4j2 2.0-beta9 up to and including 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can contr...
Apache Log4j 2.0
Apache Log4j
Siemens Sppa-t3000 Ses3000 Firmware
Siemens Logo\\! Soft Comfort
Siemens Spectrum Power 4 4.70
Siemens Spectrum Power 4
Siemens Siveillance Control Pro
Siemens Energyip Prepay 3.7
Siemens Energyip Prepay 3.8
Siemens Siveillance Identity 1.6
Siemens Siveillance Identity 1.5
Siemens Siveillance Command
Siemens Sipass Integrated 2.85
Siemens Sipass Integrated 2.80
Siemens Head-end System Universal Device Integration System
Siemens Gma-manager
Siemens Energyip 8.5
Siemens Energyip 8.6
Siemens Energyip 8.7
Siemens Energyip 9.0
Siemens Energy Engage 3.1
Siemens E-car Operation Center
2 Metasploit modules
1181 Github repositories
28 Articles
10
CVSSv3
CVE-2020-2021
When Security Assertion Markup Language (SAML) authentication is enabled and the 'Validate Identity Provider Certificate' option is disabled (unchecked), improper verification of signatures in PAN-OS SAML authentication enables an unauthenticated network-based malicious...
Paloaltonetworks Pan-os
3 Github repositories
1 Article
10
CVSSv3
CVE-2016-0898
MySQL for PCF tiles 1.7.x prior to 1.7.10 were discovered to log the AWS access key in plaintext. These credentials were logged to the Service Backup component logs, and not the system log, thus were not exposed outside the Service Backup VM.
Vmware Pivotal Software Mysql 1.7.0
Vmware Pivotal Software Mysql 1.7.0.1
Vmware Pivotal Software Mysql 1.7.0.2
Vmware Pivotal Software Mysql 1.7.0.3
Vmware Pivotal Software Mysql 1.7.0.4
Vmware Pivotal Software Mysql 1.7.1
Vmware Pivotal Software Mysql 1.7.2
Vmware Pivotal Software Mysql 1.7.3
Vmware Pivotal Software Mysql 1.7.4
Vmware Pivotal Software Mysql 1.7.5
Vmware Pivotal Software Mysql 1.7.6
Vmware Pivotal Software Mysql 1.7.7
Vmware Pivotal Software Mysql 1.7.8
Vmware Pivotal Software Mysql 1.7.9
9.9
CVSSv3
CVE-2022-20777
Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an malicious user to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. For more ...
Cisco Enterprise Nfv Infrastructure Software
1 Article
9.9
CVSSv3
CVE-2020-14316
A flaw was found in kubevirt 0.29 and previous versions. Virtual Machine Instances (VMIs) can be used to gain access to the host's filesystem. Successful exploitation allows an malicious user to assume the privileges of the VM process on the host system. In worst-case scenar...
Kubevirt Kubevirt
Redhat Openshift Virtualization 1
9.9
CVSSv3
CVE-2019-10758
mongo-express prior to 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the `toBSON` method. A misuse of the `vm` dependency to perform `exec` commands in a non-safe environment.
Mongo-express Project Mongo-express
3 Github repositories
9.9
CVSSv3
CVE-2018-3110
A vulnerability exists in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle ...
Oracle Database Server 12.1.0.2
Oracle Database Server 12.2.0.1
Oracle Database Server 18
Oracle Database Server 11.2.0.4
1 Article
9.9
CVSSv3
CVE-2018-0238
A vulnerability in the role-based resource checking functionality of the Cisco Unified Computing System (UCS) Director could allow an authenticated, remote malicious user to view unauthorized information for any virtual machine in the UCS Director end-user portal and perform any ...
Cisco Unified Computing System Director 6.5\\(0.1\\)
Cisco Unified Computing System Director 6.5\\(0.0\\)
1 Article
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »