Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mesh project mesh - vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2018-10769
The transferProxy and approveProxy functions of a smart contract implementation for SmartMesh (SMT), an Ethereum ERC20 token, allow malicious users to accomplish an unauthorized transfer of digital assets because replay attacks can occur with the same-named functions (with the sa...
Smartmesh Project Smartmesh -
Ugtoken Project Ugtoken -
Gg Token Project Gg Token -
First Project First -
Mtc Project Mtc -
Mesh Project Mesh -
10
CVSSv2
CVE-2020-27846
A signature verification vulnerability exists in crewjam/saml. This flaw allows an malicious user to bypass SAML Authentication. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Grafana Grafana
Saml Project Saml
Redhat Openshift Container Platform 3.11
Redhat Enterprise Linux 8.0
Redhat Openshift Container Platform 4.0
Redhat Openshift Service Mesh 2.0
Fedoraproject Fedora 32
Fedoraproject Fedora 33
6.5
CVSSv2
CVE-2020-14306
An incorrect access control flaw was found in the operator, openshift-service-mesh/istio-rhel8-operator all versions up to and including 1.1.3. This flaw allows an attacker with a basic level of access to the cluster to deploy a custom gateway/pod to any namespace, potentially ga...
Istio-operator Project Istio-operator
5
CVSSv2
CVE-2020-7662
websocket-extensions npm module before 0.1.4 allows Denial of Service (DoS) via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and s...
Websocket-extensions Project Websocket-extensions
5
CVSSv2
CVE-2020-8124
Insufficient validation and sanitization of user input exists in url-parse npm package version 1.4.4 and previous versions may allow malicious user to bypass security checks.
Url-parse Project Url-parse
6.8
CVSSv2
CVE-2021-43138
In Async prior to 2.6.4 and 3.x prior to 3.2.2, a malicious user can obtain privileges via the mapValues() method, aka lib/internal/iterator.js createObjectIterator prototype pollution.
Async Project Async
Fedoraproject Fedora 36
Fedoraproject Fedora 37
4.3
CVSSv2
CVE-2021-46225
A buffer overflow in the GmfOpenMesh() function of libMeshb v7.61 allows malicious users to cause a Denial of Service (DoS) via a crafted MESH file.
Libmeshb Project Libmeshb 7.61
NA
CVE-2022-24999
qs prior to 6.10.3, as used in Express prior to 4.17.3 and other products, allows malicious users to cause a Node process hang for an Express application because an __ proto__ key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the att...
Qs Project Qs
Qs Project Qs 6.4.0
Qs Project Qs 6.6.0
Openjsf Express
Debian Debian Linux 10.0
3 Github repositories
NA
CVE-2023-26604
systemd prior to 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible sudoers files in which the "systemctl status" command may be executed. Specifically, systemd does not set LESSSECURE to 1, and thus other programs may...
Systemd Project Systemd
6 Github repositories
NA
CVE-2021-4238
Randomly-generated alphanumeric strings contain significantly less entropy than expected. The RandomAlphaNumeric and CryptoRandomAlphaNumeric functions always return strings containing at least one digit from 0 to 9. This significantly reduces the amount of entropy in short strin...
Goutils Project Goutils
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »