Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
evergreen vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2015-2203
Evergreen 2.5.9, 2.6.7, and 2.7.4 allows remote authenticated users with STAFF_LOGIN permission to obtain sensitive settings history information by leveraging listing of open-ils.pcrud as a controller in the IDL.
Evergreen-ils Evergreen 2.7.4
Evergreen-ils Evergreen 2.6.7
Evergreen-ils Evergreen 2.5.9
4
CVSSv2
CVE-2013-7435
The open-ils.pcrud endpoint in Evergreen prior to 2.5.9, 2.6.x prior to 2.6.7, and 2.7.x prior to 2.7.4 allows remote malicious users to obtain sensitive settings history information by leveraging lack of user permission for retrieval in fm_IDL.xml.
Evergreen-ils Evergreen
5
CVSSv2
CVE-2015-2204
Evergreen prior to 2.5.9, 2.6.x prior to 2.6.7, and 2.7.x prior to 2.7.4 allows remote malicious users to bypass an intended access restriction and obtain sensitive information about org unit settings by leveraging failure of open-ils.actor.ou_setting.ancestor_default to enforce ...
Evergreen-ils Evergreen
NA
CVE-2023-41127
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Evergreen Content Poster Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social Media allows Stored XSS.This issue affects Evergreen Conten...
Evergreencontentposter Evergreen Content Poster
2.9
CVSSv2
CVE-2014-0131
Use-after-free vulnerability in the skb_segment function in net/core/skbuff.c in the Linux kernel up to and including 3.13.6 allows malicious users to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation.
Linux Linux Kernel
Opensuse Evergreen 11.4
Suse Linux Enterprise Server 11
10
CVSSv2
CVE-2015-5125
Adobe Flash Player prior to 18.0.0.232 on Windows and OS X and prior to 11.2.202.508 on Linux, Adobe AIR prior to 18.0.0.199, Adobe AIR SDK prior to 18.0.0.199, and Adobe AIR SDK & Compiler prior to 18.0.0.199 allow malicious users to cause a denial of service (vector-length ...
Adobe Air Sdk
Adobe Air
Adobe Air Sdk \\& Compiler
Adobe Flash Player
Opensuse Evergreen 11.4
3.6
CVSSv2
CVE-2014-5459
The PEAR_REST class in REST.php in PEAR in PHP up to and including 5.6.0 allows local users to write to arbitrary files via a symlink attack on a (1) rest.cachefile or (2) rest.cacheid file in /tmp/pear/cache/, related to the retrieveCacheFirst and useLocalCache functions.
Php Php
Oracle Solaris 11.2
Opensuse Evergreen 11.4
Opensuse Opensuse 12.3
Opensuse Opensuse 13.1
5
CVSSv2
CVE-2014-9323
The xdr_status_vector function in Firebird prior to 2.1.7 and 2.5.x prior to 2.5.3 SU1 allows remote malicious users to cause a denial of service (NULL pointer dereference, segmentation fault, and crash) via an op_response action with a non-empty status.
Firebirdsql Firebird
Opensuse Evergreen 11.4
Debian Debian Linux 7.0
Debian Debian Linux 8.0
Canonical Ubuntu Linux 14.04
10
CVSSv2
CVE-2014-1553
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox prior to 32.0, Firefox ESR 31.x prior to 31.1, and Thunderbird 31.x prior to 31.1 allow remote malicious users to cause a denial of service (memory corruption and application crash) or possibly execute ...
Opensuse Opensuse 12.3
Opensuse Opensuse 13.1
Opensuse Evergreen 11.4
Mozilla Thunderbird 31.0
Mozilla Firefox 31.0
Mozilla Firefox 30.0
Mozilla Firefox Esr 31.0
Mozilla Firefox
4.3
CVSSv2
CVE-2014-1564
Mozilla Firefox prior to 32.0, Firefox ESR 31.x prior to 31.1, and Thunderbird 31.x prior to 31.1 do not properly initialize memory for GIF rendering, which allows remote malicious users to obtain sensitive information from process memory via crafted web script that interacts wit...
Opensuse Opensuse 12.3
Opensuse Opensuse 13.1
Opensuse Evergreen 11.4
Mozilla Thunderbird 31.0
Mozilla Firefox
Mozilla Firefox 31.0
Mozilla Firefox Esr 31.0
Mozilla Firefox 30.0
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserialization
CVE-2024-4040
cross-site scripting
CVE-2023-25790
CVE-2024-2961
XML external entity
CVE-2024-26926
CVE-2024-32806
CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »