Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
arrow vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2019-11404
arrow-kt Arrow prior to 0.9.0 resolved Gradle build artifacts (for compiling and building the published JARs) over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by an MITM attack.
Arrow-kt Arrow
5
CVSSv2
CVE-2019-12408
It exists that the C++ implementation (which underlies the R, Python and Ruby implementations) of Apache Arrow 0.14.0 to 0.14.1 had a uninitialized memory bug when building arrays with null values in some cases. This can lead to uninitialized memory being unintentionally shared i...
Apache Arrow
5
CVSSv2
CVE-2019-12410
While investigating UBSAN errors in https://github.com/apache/arrow/pull/5365 it exists Apache Arrow versions 0.12.0 to 0.14.1, left memory Array data uninitialized when reading RLE null data from parquet. This affected the C++, Python, Ruby and R implementations. The uninitializ...
Apache Arrow
4.3
CVSSv2
CVE-2019-19746
make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fault and out-of-bounds write because of an integer overflow via a large arrow type.
Fig2dev Project Fig2dev 3.2.7b
Fedoraproject Fedora 31
Fedoraproject Fedora 32
NA
CVE-2023-46077
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Arrow Plugins The Awesome Feed – Custom Feed plugin <= 2.2.5 versions.
Arrowplugins The Awesome Feed
NA
CVE-2023-44264
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Arrow Plugins The Awesome Feed – Custom Feed plugin <= 2.2.5 versions.
Arrowplugins The Awesome Feed
NA
CVE-2023-45003
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Arrow Plugins Social Feed | Custom Feed for Social Media Networks plugin <= 2.2.0 versions.
Arrowplugins Social Feed
5
CVSSv2
CVE-2020-3273
A vulnerability in the 802.11 Generic Advertisement Service (GAS) frame processing function of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote malicious user to cause an affected device to reload, resulting in a denial of service (DoS). The vul...
Cisco 5508 Wireless Controller Firmware 8.5\\(151.0\\)
Cisco 5508 Wireless Controller Firmware 8.10\\(204.92\\)
Cisco 5520 Wireless Controller Firmware 8.5\\(151.0\\)
Cisco 5520 Wireless Controller Firmware 8.10\\(204.92\\)
2.1
CVSSv2
CVE-2010-2975
Cisco Unified Wireless Network (UWN) Solution 7.x up to and including 7.0.98.0 does not properly handle multiple SSH sessions, which allows physically proximate malicious users to read a password, related to an "arrow key failure," aka Bug ID CSCtg51544.
Cisco Unified Wireless Network Solution Software 7.0
Cisco Unified Wireless Network Solution Software 7.0.98.0
NA
CVE-2024-32001
SpiceDB is a graph database purpose-built for storing and evaluating access control data. Use of a relation of the form: `relation folder: folder | folder#parent` with an arrow such as `folder->view` can cause LookupSubjects to only return the subjects found under subjects for...
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675
CVE-2024-3400
CVE-2024-23557
mass assignment
CVE-2023-1389
local file inclusion
CVE-2024-32596
file upload
CVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »