Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
file file 4.7 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2019-5419
There is a possible denial of service vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive.
Rubyonrails Rails
Debian Debian Linux 8.0
Redhat Software Collections 1.0
Redhat Cloudforms 4.6
Redhat Cloudforms 4.7
Opensuse Leap 15.0
Opensuse Leap 15.1
Fedoraproject Fedora 30
3 Github repositories
7.5
CVSSv3
CVE-2017-16892
In Bftpd prior to 4.7, there is a memory leak in the file rename function.
Bftpd Project Bftpd
7.5
CVSSv3
CVE-2017-1001000
The register_routes function in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php in the REST API in WordPress 4.7.x prior to 4.7.2 does not require an integer identifier, which allows remote malicious users to modify arbitrary pages via a request for wp-json/wp/v...
Wordpress Wordpress 4.7.1
Wordpress Wordpress 4.7
Wordpress Wordpress 4.7.2
1 Nmap script
3 Github repositories
6.5
CVSSv3
CVE-2019-10195
A flaw was found in IPA, all 4.6.x versions prior to 4.6.7, all 4.7.x versions prior to 4.7.4 and all 4.8.x versions prior to 4.8.3, in the way that FreeIPA's batch processing API logged operations. This included passing user passwords in clear text on FreeIPA masters. Batch...
Freeipa Freeipa
Fedoraproject Fedora 30
Fedoraproject Fedora 31
2 Github repositories
6.3
CVSSv3
CVE-2020-10780
Red Hat CloudForms 4.7 and 5 is affected by CSV Injection flaw, a crafted payload stays dormant till a victim export as CSV and opens the file with Excel. Once the victim opens the file, the formula executes, triggering any number of possible events. While this is strictly not an...
Redhat Cloudforms Management Engine 4.7
Redhat Cloudforms Management Engine 5.0
6.1
CVSSv3
CVE-2019-11358
jQuery prior to 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
Jquery Jquery
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Drupal Drupal
Backdropcms Backdrop
Fedoraproject Fedora 28
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Opensuse Leap 15.1
Opensuse Backports Sle 15.0
Netapp Snapcenter -
Netapp Oncommand System Manager
Redhat Cloudforms 4.7
Redhat Virtualization Manager 4.3
Oracle Service Bus 12.1.3.0.0
Oracle Primavera Unifier 16.2
Oracle Jd Edwards Enterpriseone Tools 9.2
Oracle Weblogic Server 12.1.3.0.0
Oracle Service Bus 11.1.1.9.0
Oracle Jdeveloper 11.1.1.9.0
Oracle Primavera Unifier 16.1
150 Github repositories
5.5
CVSSv3
CVE-2020-15250
In JUnit4 from version 4.7 and prior to 4.13.1, the test rule TemporaryFolder contains a local information disclosure vulnerability. On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories...
Junit Junit4
Debian Debian Linux 9.0
Apache Pluto
Oracle Communications Cloud Native Core Policy 1.14.0
6 Github repositories
5.5
CVSSv3
CVE-2020-1472
An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). An attacker who successfully exploited the vulnerability could run a specially crafted...
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012 R2
Microsoft Windows Server 2016 -
Microsoft Windows Server 2012 -
Microsoft Windows Server 2019 -
Microsoft Windows Server 2004 -
Microsoft Windows Server 20h2 -
Microsoft Windows Server 1903
Microsoft Windows Server 1909
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Opensuse Leap 15.1
Opensuse Leap 15.2
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 20.04
Synology Directory Server
Samba Samba
Debian Debian Linux 9.0
Oracle Zfs Storage Appliance Kit 8.8
1 Metasploit module
160 Github repositories
18 Articles
5.5
CVSSv3
CVE-2019-16892
In Rubyzip prior to 1.3.0, a crafted ZIP file can bypass application checks on ZIP entry sizes because data about the uncompressed size can be spoofed. This allows malicious users to cause a denial of service (disk consumption).
Rubyzip Project Rubyzip
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Redhat Cloudforms 4.7
Redhat Cloudforms 5.11
5.5
CVSSv3
CVE-2019-1142
An elevation of privilege vulnerability exists when the .NET Framework common language runtime (CLR) allows file creation in arbitrary locations, aka '.NET Framework Elevation of Privilege Vulnerability'.
Microsoft .net Framework 3.5
Microsoft .net Framework 4.7.2
Microsoft .net Framework 4.6.1
Microsoft .net Framework 4.7
Microsoft .net Framework 4.7.1
Microsoft .net Framework 4.6
Microsoft .net Framework 4.6.2
Microsoft .net Framework 4.8
Microsoft .net Framework 4.5.2
1 Article
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
bypass
open redirect
CVE-2024-4358
CVE-2024-24199
CVE-2024-5550
CVE-2024-5305
CVE-2024-30373
CVE-2024-1800
deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »