Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
patch vulnerabilities and exploits
(subscribe to this query)
6.9
CVSSv2
CVE-2008-4966
linux-patch-openswan 2.4.12 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/snap##### and (b) /tmp/nightly##### temporary files, related to the (1) maysnap and (2) maytest scripts.
Openswan Linux-patch-openswan 2.4.12
7.5
CVSSv2
CVE-2005-3315
Multiple SQL injection vulnerabilities in Novell ZENworks Patch Management 6.x prior to 6.2.2.181 allow remote malicious users to execute arbitrary SQL commands via the (1) Direction parameter to computers/default.asp, and the (2) SearchText, (3) StatusFilter, and (4) computerFil...
Novell Zenworks Patch Management Server 6.0.0.52
2 EDB exploits
7.5
CVSSv2
CVE-2006-6450
Multiple SQL injection vulnerabilities in dagent/downloadreport.asp in Novell ZENworks Patch Management (ZPM) prior to 6.3.2.700 allow remote malicious users to execute arbitrary SQL commands via the (1) agentid and (2) pass parameters.
Novell Zenworks Patch Management Server 6.3.2.700
2.1
CVSSv2
CVE-2005-3331
viewpatch in mgdiff 1.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files.
Rogers Software Source Mgdiff Patch Viewer 1.0
9.3
CVSSv2
CVE-2020-12608
An issue exists in SolarWinds MSP PME (Patch Management Engine) Cache Service prior to 1.1.15 in the Advanced Monitoring Agent. There are insecure file permissions for %PROGRAMDATA%\SolarWinds MSP\SolarWinds.MSP.CacheService\config\. This can lead to code execution by changing th...
Solarwinds Managed Service Provider Patch Management Engine
8.5
CVSSv2
CVE-2021-44832
Apache Log4j2 versions 2.0-beta7 up to and including 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the tar...
Apache Log4j 2.0
Apache Log4j
Oracle Weblogic Server 12.2.1.3.0
Oracle Primavera Unifier 18.8
Oracle Weblogic Server 12.2.1.4.0
Oracle Primavera Unifier 19.12
Oracle Weblogic Server 14.1.1.0.0
Oracle Primavera Unifier 20.12
Oracle Communications Interactive Session Recorder 6.3
Oracle Communications Interactive Session Recorder 6.4
Oracle Primavera Gateway
Oracle Retail Assortment Planning 16.0.3
Oracle Primavera Unifier 21.12
Oracle Primavera P6 Enterprise Project Portfolio Management 21.12.0.0
Oracle Primavera P6 Enterprise Project Portfolio Management
Oracle Primavera Gateway 21.12.0
Oracle Retail Fiscal Management 14.2
Oracle Siebel Ui Framework 21.12
Oracle Communications Diameter Signaling Router
Cisco Cloudcenter 4.10.0.16
Fedoraproject Fedora 34
Fedoraproject Fedora 35
34 Github repositories
4 Articles
5.1
CVSSv2
CVE-2021-45046
It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with...
Apache Log4j 2.0
Apache Log4j
Intel Oneapi -
Intel Audio Development Kit -
Intel Datacenter Manager -
Intel System Debugger -
Intel Secure Device Onboard -
Intel Sensor Solution Firmware Development Kit -
Intel Computer Vision Annotation Tool -
Intel Genomics Kernel Library -
Intel System Studio -
Siemens Sppa-t3000 Ses3000 Firmware
Siemens Logo\\! Soft Comfort
Siemens Spectrum Power 4 4.70
Siemens Spectrum Power 4
Siemens Siveillance Control Pro
Siemens Energyip Prepay 3.7
Siemens Energyip Prepay 3.8
Siemens Siveillance Identity 1.6
Siemens Siveillance Identity 1.5
Siemens Siveillance Command
Siemens Sipass Integrated 2.85
193 Github repositories
9 Articles
5
CVSSv2
CVE-2005-4347
The Linux 2.4 kernel patch in kernel-patch-vserver prior to 1.9.5.5 and 2.x prior to 2.3 for Debian GNU/Linux does not correctly set the "chroot barrier" with util-vserver, which allows malicious users to access files on the host system that are outside of the vserver.
Debian Kernel-patch-vserver
Debian Debian Linux 3.0
Debian Debian Linux 3.1
4.3
CVSSv2
CVE-2015-1196
GNU patch 2.7.1 allows remote malicious users to write to arbitrary files via a symlink attack in a patch file.
Opensuse Opensuse 13.2
Opensuse Opensuse 13.1
Oracle Solaris 11.2
Gnu Patch 2.7.1
5
CVSSv2
CVE-2018-6951
An issue exists in GNU patch up to and including 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuit_diff_type function in pch.c, aka a "mangled rename" issue.
Gnu Patch
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 17.10
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-34377
CVE-2024-20859
CVE-2023-49606
inject
arbitrary
CVE-2024-33788
CVE-2024-30973
IDOR
CVE-2024-33907
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »