Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
element desktop vulnerabilities and exploits
(subscribe to this query)
454
VMScore
CVE-2022-23597
Element Desktop is a Matrix client for desktop platforms with Element Web at its core. Element Desktop prior to 1.9.7 is vulnerable to a remote program execution bug with user interaction. The exploit is non-trivial and requires clicking on a malicious link, followed by another b...
Element Desktop
1 Github repository
436
VMScore
CVE-2019-10092
In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server ...
Apache Http Server
Opensuse Leap 15.0
Opensuse Leap 15.1
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Redhat Software Collection 1.0
Fedoraproject Fedora 30
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.04
Netapp Clustered Data Ontap 9.6
Netapp Clustered Data Ontap
Oracle Enterprise Manager Ops Center 12.3.3
Oracle Secure Global Desktop 5.4
Oracle Enterprise Manager Ops Center 12.4.0
Oracle Secure Global Desktop 5.5
Oracle Communications Element Manager 8.2.0
Oracle Communications Element Manager 8.1.1
Oracle Communications Element Manager 8.1.0
Oracle Communications Element Manager 8.0.0
1 EDB exploit
2 Github repositories
605
VMScore
CVE-2012-3984
Mozilla Firefox prior to 16.0, Thunderbird prior to 16.0, and SeaMonkey prior to 2.13 do not properly handle navigation away from a web page that has a SELECT element's menu active, which allows remote malicious users to spoof page content via vectors involving absolute posi...
Mozilla Firefox
Mozilla Seamonkey
Mozilla Thunderbird
Canonical Ubuntu Linux 10.04
Canonical Ubuntu Linux 11.04
Canonical Ubuntu Linux 11.10
Canonical Ubuntu Linux 12.04
Suse Linux Enterprise Desktop 10
Suse Linux Enterprise Desktop 11
Suse Linux Enterprise Server 10
Suse Linux Enterprise Server 11
384
VMScore
CVE-2018-11101
Open Whisper Signal (aka Signal-Desktop) up to and including 1.10.1 allows XSS via a resource location specified in an attribute of a SCRIPT, IFRAME, or IMG element, leading to JavaScript execution after a reply, a different vulnerability than CVE-2018-10994. The attacker needs t...
Signal Signal-desktop
1 Article
828
VMScore
CVE-2021-28594
Adobe Creative Cloud Desktop Application (installer) version 2.4 (and previous versions) is affected by an Uncontrolled Search Path Element vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the curre...
Adobe Creative Cloud Desktop Application
455
VMScore
CVE-2022-23202
Adobe Creative Cloud Desktop version 2.7.0.13 (and previous versions) is affected by an Uncontrolled Search Path Element vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a ...
Adobe Creative Cloud Desktop Application
668
VMScore
CVE-2018-11236
stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and previous versions, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentiall...
Gnu Glibc
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux Server 7.0
Redhat Virtualization Host 4.0
Oracle Enterprise Communications Broker 3.0.0
Oracle Enterprise Communications Broker 3.1.0
Oracle Communications Session Border Controller 8.1.0
Oracle Communications Session Border Controller 8.2.0
Oracle Communications Session Border Controller 8.0.0
Netapp Data Ontap Edge -
Netapp Element Software Management -
383
VMScore
CVE-2010-2301
Cross-site scripting (XSS) vulnerability in editing/markup.cpp in WebCore in WebKit in Google Chrome prior to 5.0.375.70 allows remote malicious users to inject arbitrary web script or HTML via vectors related to the node.innerHTML property of a TEXTAREA element. NOTE: this might...
Google Chrome
Opensuse Opensuse 11.2
Opensuse Opensuse 11.3
Suse Suse Linux Enterprise Desktop 10
Suse Suse Linux Enterprise Desktop 11
Suse Suse Linux Enterprise Server 10
Suse Suse Linux Enterprise Server 11
383
VMScore
CVE-2009-2472
Mozilla Firefox prior to 3.0.12 does not always use XPCCrossOriginWrapper when required during object construction, which allows remote malicious users to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted document, related to a "cross...
Mozilla Firefox
Fedoraproject Fedora 10
Suse Linux Enterprise Debuginfo 10
Suse Linux Enterprise Debuginfo 11
Opensuse Opensuse 11.0
Opensuse Opensuse 11.1
Suse Linux Enterprise Desktop 10
Suse Linux Enterprise Desktop 11
Suse Linux Enterprise Server 10
Suse Linux Enterprise Server 11
828
VMScore
CVE-2010-1770
WebKit in Apple Safari prior to 5.0 on Mac OS X 10.5 up to and including 10.6 and Windows, Apple Safari prior to 4.1 on Mac OS X 10.4, and Google Chrome prior to 5.0.375.70 does not properly handle a transformation of a text node that has the IBM1147 character set, which allows r...
Apple Safari
Apple Webkit
Google Chrome
Canonical Ubuntu Linux 9.10
Canonical Ubuntu Linux 10.04
Canonical Ubuntu Linux 10.04.4
Canonical Ubuntu Linux 10.10
Opensuse Opensuse 11.2
Opensuse Opensuse 11.3
Suse Suse Linux Enterprise Desktop 10
Suse Suse Linux Enterprise Desktop 11
Suse Suse Linux Enterprise Server 10
Suse Suse Linux Enterprise Server 11
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »