Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

marked 2 project marked 2 vulnerabilities and exploits

(subscribe to this query)
6.5
CVSSv3
CVE-2018-6806
Marked 2 up to and including 2.5.11 allows remote malicious users to read arbitrary files via a crafted HTML document that triggers a redirect to an x-marked://preview?text= URL. The value of the text parameter can include arbitrary JavaScript code, e.g., making XMLHttpRequest ca...
Marked 2 Project Marked 2
6.1
CVSSv3
CVE-2014-3743
Multiple cross-site scripting (XSS) vulnerabilities in the Marked module prior to 0.3.1 for Node.js allow remote malicious users to inject arbitrary web script or HTML via vectors related to (1) gfm codeblocks (language) or (2) javascript url's.
Marked Project Marked
6.1
CVSSv3
CVE-2020-15169
In Action View prior to 5.2.4.4 and 6.0.3.3 there is a potential Cross-Site Scripting (XSS) vulnerability in Action View's translation helpers. Views that allow the user to control the default (not found) value of the `t` and `translate` helpers could be susceptible to XSS a...
Action View Project Action ViewDebian Debian Linux 10.0Fedoraproject Fedora 33
NA
CVE-2006-3805
The Javascript engine in Mozilla Firefox prior to 1.5.0.5, Thunderbird prior to 1.5.0.5, and SeaMonkey prior to 1.0.3 might allow remote malicious users to execute arbitrary code via vectors involving garbage collection that causes deletion of a temporary object that is still bei...
Mozilla Firefox 1.5Mozilla Seamonkey 1.0.2Mozilla Seamonkey 1.0Mozilla Seamonkey 1.0.1Mozilla Firefox 1.5.0.3Mozilla Firefox 1.5.0.4Mozilla Thunderbird 1.5.0.4Mozilla Firefox 1.5.0.1Mozilla Firefox 1.5.0.2Mozilla Thunderbird 1.5Mozilla Thunderbird 1.5.0.2
7.5
CVSSv3
CVE-2021-33193
A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48.
Apache Http ServerFedoraproject Fedora 34Fedoraproject Fedora 35Tenable Tenable.scOracle Zfs Storage Appliance Kit 8.8Oracle Secure Backup
7.5
CVSSv3
CVE-2021-36160
A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive).
Apache Http ServerFedoraproject Fedora 34Fedoraproject Fedora 35Debian Debian Linux 9.0Debian Debian Linux 10.0Debian Debian Linux 11.0Netapp Cloud Backup -Netapp Storagegrid -Netapp Clustered Data Ontap -Oracle Http Server 12.2.1.3.0Oracle Instantis Enterprisetrack 17.1Oracle Instantis Enterprisetrack 17.2Oracle Instantis Enterprisetrack 17.3Oracle Peoplesoft Enterprise Peopletools 8.58Oracle Enterprise Manager Base Platform 13.4.0.0Oracle Http Server 12.2.1.4.0Oracle Zfs Storage Appliance Kit 8.8Oracle Enterprise Manager Base Platform 13.5.0.0Oracle Communications Cloud Native Core Network Function Cloud Native Environment 1.10.0Broadcom Brocade Fabric Operating System Firmware -
7.8
CVSSv3
CVE-2021-3156
Sudo prior to 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
Sudo Project Sudo 1.9.5Sudo Project SudoFedoraproject Fedora 32Fedoraproject Fedora 33Debian Debian Linux 9.0Debian Debian Linux 10.0Netapp Solidfire -Netapp Hci Management Node -Netapp Oncommand Unified Manager Core Package -Mcafee Web Gateway 8.2.17Mcafee Web Gateway 9.2.8Mcafee Web Gateway 10.0.4Synology Diskstation Manager 6.2Synology Diskstation Manager Unified Controller 3.0Synology Skynas Firmware -Synology Vs960hd Firmware -Beyondtrust Privilege Management For MacBeyondtrust Privilege Management For Unix\\/linuxOracle Micros Compact Workstation 3 Firmware 310Oracle Micros Es400 FirmwareOracle Micros Kitchen Display System Firmware 210Oracle Micros Workstation 5a Firmware 5a
9.8
CVSSv3
CVE-2021-39275
ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and previous versions.
Apache Http ServerFedoraproject Fedora 34Fedoraproject Fedora 35Debian Debian Linux 9.0Debian Debian Linux 10.0Debian Debian Linux 11.0Netapp Cloud Backup -Netapp Storagegrid -Netapp Clustered Data Ontap -Oracle Http Server 12.2.1.3.0Oracle Instantis Enterprisetrack 17.1Oracle Instantis Enterprisetrack 17.2Oracle Instantis Enterprisetrack 17.3Oracle Http Server 12.2.1.4.0Oracle Zfs Storage Appliance Kit 8.8Siemens Sinema Server 14.0Siemens Sinec Nms
9
CVSSv3
CVE-2021-40438
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and previous versions.
Apache Http ServerFedoraproject Fedora 34Fedoraproject Fedora 35Debian Debian Linux 9.0Debian Debian Linux 10.0Debian Debian Linux 11.0Netapp Cloud Backup -Netapp Storagegrid -Netapp Clustered Data Ontap -F5 F5osOracle Http Server 12.2.1.3.0Oracle Instantis Enterprisetrack 17.1Oracle Instantis Enterprisetrack 17.2Oracle Instantis Enterprisetrack 17.3Oracle Http Server 12.2.1.4.0Oracle Enterprise Manager Ops Center 12.4.0.0Oracle Zfs Storage Appliance Kit 8.8Oracle Secure Global Desktop 5.6Siemens Sinema Server 14.0Siemens Sinec Nms
7.5
CVSSv3
CVE-2021-34798
Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and previous versions.
Apache Http ServerFedoraproject Fedora 34Fedoraproject Fedora 35Debian Debian Linux 9.0Debian Debian Linux 10.0Debian Debian Linux 11.0Netapp Cloud Backup -Netapp Storagegrid -Netapp Clustered Data Ontap -Tenable Tenable.scOracle Http Server 12.2.1.3.0Oracle Instantis Enterprisetrack 17.1Oracle Instantis Enterprisetrack 17.2Oracle Instantis Enterprisetrack 17.3Oracle Peoplesoft Enterprise Peopletools 8.58Oracle Enterprise Manager Base Platform 13.4.0.0Oracle Http Server 12.2.1.4.0Oracle Zfs Storage Appliance Kit 8.8Oracle Enterprise Manager Base Platform 13.5.0.0Oracle Communications Cloud Native Core Network Function Cloud Native Environment 1.10.0Broadcom Brocade Fabric Operating System Firmware -Siemens Sinema Server 14.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463CVE-2024-3400deserializationCVE-2024-21788CVE-2023-42433CVE-2024-21841CVE-2024-22095local file inclusionmemory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook