Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
upgrade tools vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2015-6496
conntrackd in conntrack-tools 1.4.2 and previous versions does not ensure that the optional kernel modules are loaded before using them, which allows remote malicious users to cause a denial of service (crash) via a (1) DCCP, (2) SCTP, or (3) ICMPv6 packet.
Netfilter Conntrack-tools
Debian Debian Linux 8.0
Debian Debian Linux 7.0
5.8
CVSSv2
CVE-2021-40153
squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not validated for traversal outside of the destination directory, and thus allows writing...
Squashfs-tools Project Squashfs-tools 4.5
Fedoraproject Fedora 34
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 8.0
Fedoraproject Fedora 33
NA
CVE-2022-41973
multipath-tools 0.7.7 up to and including 0.9.x prior to 0.9.2 allows local users to obtain root access, as exploited in conjunction with CVE-2022-41974. Local users able to access /dev/shm can change symlinks in multipathd due to incorrect symlink handling, which could lead to c...
Opensvc Multipath-tools
Fedoraproject Fedora 36
Debian Debian Linux 10.0
1 Github repository
7.5
CVSSv2
CVE-2021-42575
The OWASP Java HTML Sanitizer prior to 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.
Owasp Java Html Sanitizer
Oracle Primavera Unifier 18.8
Oracle Primavera Unifier
Oracle Primavera Unifier 19.12
Oracle Primavera Unifier 20.12
Oracle Primavera Unifier 21.12
Oracle Middleware Common Libraries And Tools 12.2.1.4.0
Oracle Middleware Common Libraries And Tools 12.2.1.3.0
5
CVSSv2
CVE-2021-31810
An issue exists in Ruby up to and including 2.6.7, 2.7.x up to and including 2.7.3, and 3.x up to and including 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port. This potentially makes curl extract infor...
Ruby-lang Ruby
Debian Debian Linux 9.0
Oracle Jd Edwards Enterpriseone Tools
NA
CVE-2022-41974
multipath-tools 0.7.0 up to and including 0.9.x prior to 0.9.2 allows local users to obtain root access, as exploited alone or in conjunction with CVE-2022-41973. Local users able to write to UNIX domain sockets can bypass access controls and manipulate the multipath setup. This ...
Opensvc Multipath-tools
Fedoraproject Fedora 36
Debian Debian Linux 10.0
Debian Debian Linux 11.0
1 Github repository
NA
CVE-2023-34059
open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the /dev/uinput file descriptor allowing them to simulate user inputs.
Vmware Open Vm Tools
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Debian Debian Linux 12.0
4.4
CVSSv2
CVE-2021-31799
In RDoc 3.11 up to and including 6.x prior to 6.3.1, as distributed with Ruby up to and including 3.0.1, it is possible to execute arbitrary code via | and tags in a filename.
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Ruby-lang Rdoc
Oracle Jd Edwards Enterpriseone Tools
NA
CVE-2023-2253
A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the all...
Redhat Openshift Container Platform 4.0
Redhat Openshift Developer Tools And Services -
Redhat Openshift Api For Data Protection -
NA
CVE-2022-31676
VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation vulnerability. A malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root user in the virtual machine.
Vmware Tools
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Fedoraproject Fedora 36
Fedoraproject Fedora 37
Netapp Ontap Select Deploy Administration Utility -
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »