Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
trunk vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-22741
Sofia-SIP is an open-source SIP User-Agent library, compliant with the IETF RFC3261 specification. In affected versions Sofia-SIP **lacks both message length and attributes length checks** when it handles STUN packets, leading to controllable heap-over-flow. For example, in stun_...
Signalwire Sofia-sip
NA
CVE-2022-45907
In PyTorch before trunk/89695, torch.jit.annotations.parse_type_line can cause arbitrary code execution because eval is used unsafely.
Linuxfoundation Pytorch
NA
CVE-2022-29277
Incorrect pointer checks within the the FwBlockServiceSmm driver can allow arbitrary RAM modifications During review of the FwBlockServiceSmm driver, certain instances of SpiAccessLib could be tricked into writing 0xff to arbitrary system and SMRAM addresses. Fixed in: INTEL Purl...
Amd Genoa Firmware
Amd Hygon 1 Firmware
Amd Hygon 2 Firmware
Amd Hygon 3 Firmware
Amd Milan Firmware
Amd Rome Firmware
Amd Ryzen 5300g Firmware
Amd Ryzen 5300ge Firmware
Amd Ryzen 5600g Firmware
Amd Ryzen 5600ge Firmware
Amd Ryzen 5600x Firmware
Amd Ryzen 5700g Firmware
Amd Ryzen 5700ge Firmware
Amd Ryzen 5800x Firmware
Amd Ryzen 5800x3d Firmware
Amd Ryzen 5900x Firmware
Amd Ryzen 5950x Firmware
Amd Snowy Owl R1000 Firmware
Amd Snowy Owl R2000 Firmware
Amd Snowy Owl V2000 Firmware
Amd Snowy Owl V3000 Firmware
Intel Alder Lake Firmware
2.1
CVSSv2
CVE-2021-42361
The Contact Form Email WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and escaping via the name parameter found in the ~/trunk/cp-admin-int-list.inc.php file which allowed attackers with administrative user access to inject arbi...
Codepeople Contact Form Email
3.5
CVSSv2
CVE-2021-39355
The Indeed Job Importer WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/indeed-job-importer/trunk/indeed-job-importer.php file which allowed attackers with administrative use...
Indeed-job-importer Project Indeed-job-importer
6.8
CVSSv2
CVE-2021-34619
The WooCommerce Stock Manager WordPress plugin is vulnerable to Cross-Site Request Forgery leading to Arbitrary File Upload in versions up to, and including, 2.5.7 due to missing nonce and file validation in the /woocommerce-stock-manager/trunk/admin/views/import-export.php file.
Storeapps Stock Manager For Woocommerce
5
CVSSv2
CVE-2021-27212
In OpenLDAP up to and including 2.4.57 and 2.5.x up to and including 2.5.1alpha, an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_...
Openldap Openldap 2.5.1
Openldap Openldap 2.5.0
Openldap Openldap
Debian Debian Linux 9.0
Debian Debian Linux 10.0
5
CVSSv2
CVE-2020-36221
An integer underflow exists in OpenLDAP prior to 2.4.57 leading to slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck).
Openldap Openldap
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Apple Mac Os X
Apple Mac Os X 10.14.6
Apple Macos
5
CVSSv2
CVE-2020-36222
A flaw exists in OpenLDAP prior to 2.4.57 leading to an assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service.
Openldap Openldap
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Apple Mac Os X
Apple Mac Os X 10.14.6
Apple Macos
5
CVSSv2
CVE-2020-36223
A flaw exists in OpenLDAP prior to 2.4.57 leading to a slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read).
Openldap Openldap
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Apple Mac Os X
Apple Mac Os X 10.14.6
Apple Macos
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27975
CVE-2024-2961
CVE-2024-20380
XML injection
HTML injection
CVE-2024-29204
CVE-2023-51795
memory leak
CVE-2024-3470
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »