Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
allegro allegro vulnerabilities and exploits
(subscribe to this query)
6.2
CVSSv2
CVE-2021-42110
An issue exists in Allegro Windows (formerly Popsy Windows) prior to 3.3.4156.1. A standard user can escalate privileges to SYSTEM if the FTP module is installed, because of DLL hijacking.
Allegro Allegro
5.5
CVSSv2
CVE-2021-43978
Allegro WIndows 3.3.4152.0, embeds software administrator database credentials into its binary files, which allows users to access and modify data using the same credentials.
Allegro Allegro 3.3.4152.0
NA
CVE-2023-25392
Allegro Tech BigFlow <1.6 is vulnerable to Missing SSL Certificate Validation.
Allegro Bigflow
NA
CVE-2021-36489
Buffer Overflow vulnerability in Allegro up to and including 5.2.6 allows malicious users to cause a denial of service via crafted PCX/TGA/BMP files to allegro_image addon.
Liballeg Allegro
7.5
CVSSv2
CVE-2000-0470
Allegro RomPager HTTP server allows remote malicious users to cause a denial of service via a malformed authentication request.
Allegro Rom Pager 2.10
1 EDB exploit
10
CVSSv2
CVE-2014-9222
AllegroSoft RomPager 4.34 and previous versions, as used in Huawei Home Gateway products and other vendors and products, allows remote malicious users to gain privileges via a crafted cookie that triggers memory corruption, aka the "Misfortune Cookie" vulnerability.
Allegrosoft Rompager
4 Metasploit modules
1 Nmap script
3 Github repositories
2 Articles
NA
CVE-2024-24595
Allegro AI’s open-source version of ClearML stores passwords in plaintext within the MongoDB instance, resulting in a compromised server leaking all user emails and passwords.
Clear Clearml -
NA
CVE-2024-24592
Lack of authentication in all versions of the fileserver component of Allegro AI’s ClearML platform allows a remote malicious user to arbitrarily access, create, modify and delete files.
Clear Clearml
NA
CVE-2024-24590
Deserialization of untrusted data can occur in versions 0.17.0 to 1.14.2 of the client SDK of Allegro AI’s ClearML platform, enabling a maliciously uploaded artifact to run arbitrary code on an end user’s system when interacted with.
Clear Clearml
NA
CVE-2024-24591
A path traversal vulnerability in versions 1.4.0 to 1.14.1 of the client SDK of Allegro AI’s ClearML platform enables a maliciously uploaded dataset to write local or remote files to an arbitrary location on an end user’s system when interacted with.
Clear Clearml
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »