Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
debian debian linux 4.0 vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2017-16790
An issue exists in Symfony prior to 2.7.38, 2.8.31, 3.2.14, 3.3.13, 3.4-BETA5, and 4.0-BETA5. When a form is submitted by the user, the request handler classes of the Form component merge POST data and uploaded files data into one array. This big array forms the data that are the...
Sensiolabs Symfony
Debian Debian Linux 9.0
6.5
CVSSv2
CVE-2018-14593
An issue exists in Open Ticket Request System (OTRS) 6.0.x up to and including 6.0.9, 5.0.x up to and including 5.0.28, and 4.0.x up to and including 4.0.30. An attacker who is logged into OTRS as an agent may escalate their privileges by accessing a specially crafted URL.
Otrs Open Ticket Request System
Debian Debian Linux 8.0
Debian Debian Linux 9.0
4.3
CVSSv2
CVE-2018-14395
libavformat/movenc.c in FFmpeg 3.2 and 4.0.2 allows malicious users to cause a denial of service (application crash caused by a divide-by-zero error) with a user crafted audio file when converting to the MOV audio format.
Debian Debian Linux 9.0
Ffmpeg Ffmpeg 3.2
Ffmpeg Ffmpeg 4.0
4.3
CVSSv2
CVE-2018-11039
Spring Framework (versions 5.0.x before 5.0.7, versions 4.3.x before 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-e...
Vmware Spring Framework
Oracle Retail Xstore Point Of Service 7.1
Oracle Weblogic Server 12.1.3.0.0
Oracle Application Testing Suite 12.5.0.3
Oracle Hospitality Guest Access 4.2.0
Oracle Hospitality Guest Access 4.2.1
Oracle Weblogic Server 10.3.6.0.0
Oracle Weblogic Server 12.2.1.3.0
Oracle Enterprise Manager Ops Center 12.3.3
Oracle Primavera P6 Enterprise Project Portfolio Management 18.8
Oracle Application Testing Suite 13.1.0.1
Oracle Application Testing Suite 13.2.0.1
Oracle Application Testing Suite 13.3.0.1
Oracle Communications Diameter Signaling Router
Oracle Communications Performance Intelligence Center
Oracle Communications Services Gatekeeper
Oracle Endeca Information Discovery Integrator 3.1.0
Oracle Endeca Information Discovery Integrator 3.2.0
Oracle Health Sciences Information Manager 3.0
Oracle Healthcare Master Person Index 3.0
Oracle Healthcare Master Person Index 4.0
Oracle Insurance Calculation Engine 10.2
1 Github repository
4.3
CVSSv2
CVE-2018-11040
Spring Framework, versions 5.0.x before 5.0.7 and 4.3.x before 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for...
Vmware Spring Framework
Oracle Flexcube Private Banking 2.2.0.1
Oracle Retail Xstore Point Of Service 7.1
Oracle Application Testing Suite 12.5.0.3
Oracle Hospitality Guest Access 4.2.0
Oracle Hospitality Guest Access 4.2.1
Oracle Weblogic Server 12.2.1.3.0
Oracle Enterprise Manager Ops Center 12.3.3
Oracle Endeca Information Discovery Integrator 3.2.0
Oracle Endeca Information Discovery Integrator 3.1.0
Oracle Agile Product Lifecycle Management 9.3.3
Oracle Agile Product Lifecycle Management 9.3.4
Oracle Agile Product Lifecycle Management 9.3.5
Oracle Application Testing Suite 13.1.0.1
Oracle Application Testing Suite 13.2.0.1
Oracle Application Testing Suite 13.3.0.1
Oracle Communications Online Mediation Controller 6.1
Oracle Communications Services Gatekeeper
Oracle Healthcare Master Person Index 3.0
Oracle Healthcare Master Person Index 4.0
Oracle Insurance Rules Palette 10.0
Oracle Insurance Rules Palette 10.2
4.3
CVSSv2
CVE-2018-12458
An improper integer type in the mpeg4_encode_gop_header function in libavcodec/mpeg4videoenc.c in FFmpeg 2.8 and 4.0 may trigger an assertion violation while converting a crafted AVI file to MPEG4, leading to a denial of service.
Ffmpeg Ffmpeg 2.8
Ffmpeg Ffmpeg 4.0
Debian Debian Linux 9.0
5.8
CVSSv2
CVE-2018-11408
The security handlers in the Security component in Symfony in 2.7.x prior to 2.7.48, 2.8.x prior to 2.8.41, 3.3.x prior to 3.3.17, 3.4.x prior to 3.4.11, and 4.0.x prior to 4.0.11 have an Open redirect vulnerability when security.http_utils is inlined by a container. NOTE: this i...
Sensiolabs Symfony
Debian Debian Linux 8.0
6.8
CVSSv2
CVE-2018-11385
An issue exists in the Security component in Symfony 2.7.x prior to 2.7.48, 2.8.x prior to 2.8.41, 3.3.x prior to 3.3.17, 3.4.x prior to 3.4.11, and 4.0.x prior to 4.0.11. A session fixation vulnerability within the "Guard" login feature may allow an malicious user to i...
Sensiolabs Symfony
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Fedoraproject Fedora 28
4.3
CVSSv2
CVE-2018-11386
An issue exists in the HttpFoundation component in Symfony 2.7.x prior to 2.7.48, 2.8.x prior to 2.8.41, 3.3.x prior to 3.3.17, 3.4.x prior to 3.4.11, and 4.0.x prior to 4.0.11. The PDOSessionHandler class allows storing sessions on a PDO connection. Under some configurations and...
Sensiolabs Symfony
Debian Debian Linux 9.0
6.8
CVSSv2
CVE-2018-11406
An issue exists in the Security component in Symfony 2.7.x prior to 2.7.48, 2.8.x prior to 2.8.41, 3.3.x prior to 3.3.17, 3.4.x prior to 3.4.11, and 4.0.x prior to 4.0.11. By default, a user's session is invalidated when the user is logged out. This behavior can be disabled ...
Sensiolabs Symfony
Debian Debian Linux 9.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-36920
buffer overflow
CVE-2024-36913
CVE-2024-5497
CVE-2024-23917
CVE-2024-4956
server-side request forgery
CVE-2024-35468
SSTI
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »