Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
virtualization vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-25315
In Expat (aka libexpat) prior to 2.4.5, there is an integer overflow in storeRawNames.
Libexpat Project Libexpat
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Oracle Http Server 12.2.1.3.0
Oracle Http Server 12.2.1.4.0
Oracle Zfs Storage Appliance Kit 8.8
Siemens Sinema Remote Connect Server
9.8
CVSSv3
CVE-2022-25235
xmltok_impl.c in Expat (aka libexpat) prior to 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.
Libexpat Project Libexpat
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Oracle Http Server 12.2.1.3.0
Oracle Http Server 12.2.1.4.0
Oracle Zfs Storage Appliance Kit 8.8
Siemens Sinema Remote Connect Server
9.8
CVSSv3
CVE-2022-25236
xmlparse.c in Expat (aka libexpat) prior to 2.4.5 allows malicious users to insert namespace-separator characters into namespace URIs.
Libexpat Project Libexpat
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Oracle Http Server 12.2.1.3.0
Oracle Http Server 12.2.1.4.0
Oracle Zfs Storage Appliance Kit 8.8
Siemens Sinema Remote Connect Server
9.8
CVSSv3
CVE-2022-23852
Expat (aka libexpat) prior to 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.
Libexpat Project Libexpat
Netapp Oncommand Workflow Automation -
Netapp Clustered Data Ontap -
Tenable Nessus
Debian Debian Linux 9.0
Oracle Communications Metasolv Solution 6.3.1
Siemens Sinema Remote Connect Server
9.8
CVSSv3
CVE-2022-23305
By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows malicious users to manipulate the SQL by ent...
Apache Log4j
Netapp Snapmanager -
Broadcom Brocade Sannav -
Qos Reload4j
Oracle Weblogic Server 12.2.1.3.0
Oracle Business Intelligence 12.2.1.3.0
Oracle Business Process Management Suite 12.2.1.3.0
Oracle Jdeveloper 12.2.1.3.0
Oracle Identity Management Suite 12.2.1.3.0
Oracle Business Intelligence 12.2.1.4.0
Oracle Weblogic Server 12.2.1.4.0
Oracle Weblogic Server 14.1.1.0.0
Oracle Enterprise Manager Base Platform 13.4.0.0
Oracle Communications Network Integrity 7.3.6
Oracle Business Process Management Suite 12.2.1.4.0
Oracle Advanced Supply Chain Planning 12.2
Oracle Advanced Supply Chain Planning 12.1
Oracle Communications Unified Inventory Management 7.4.1
Oracle Enterprise Manager Base Platform 13.5.0.0
Oracle Communications Messaging Server 8.1
Oracle Business Intelligence 5.9.0.0.0
Oracle Healthcare Foundation 8.1.0
1 Github repository
1 Article
9.8
CVSSv3
CVE-2021-43527
NSS (Network Security Services) versions before 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \#7, or PKCS \#12 are likely to be impacted. A...
Mozilla Nss Esr
Mozilla Nss
Netapp Cloud Backup -
Netapp E-series Santricity Os Controller
Oracle Communications Cloud Native Core Network Slice Selection Function 1.8.0
Oracle Communications Cloud Native Core Network Repository Function 1.15.0
Oracle Communications Cloud Native Core Network Repository Function 1.15.1
Oracle Communications Cloud Native Core Binding Support Function 1.11.0
Oracle Communications Policy Management 12.6.0.0.0
Starwindsoftware Starwind Virtual San V8r13
Starwindsoftware Starwind San \\& Nas V8r13
9.8
CVSSv3
CVE-2021-31535
LookupCol.c in X.Org X through X11R7.7 and libX11 prior to 1.7.1 might allow remote malicious users to execute arbitrary code. The libX11 XLookupColor request (intended for server-side color lookup) contains a flaw allowing a client to send color-name requests with a name longer ...
X.org X Window System
X.org Libx11
Fedoraproject Fedora 33
6 Github repositories
9.8
CVSSv3
CVE-2021-20231
A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences.
Gnu Gnutls
Redhat Enterprise Linux 8.0
Fedoraproject Fedora 34
Netapp Active Iq Unified Manager -
Netapp E-series Performance Analyzer -
9.8
CVSSv3
CVE-2021-20232
A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption and other potential consequences.
Gnu Gnutls
Redhat Enterprise Linux 8.0
Fedoraproject Fedora 34
1 Github repository
9.8
CVSSv3
CVE-2019-17006
In Network Security Services (NSS) prior to 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow.
Siemens Ruggedcom Rox Mx5000 Firmware
Siemens Ruggedcom Rox Rx1400 Firmware
Siemens Ruggedcom Rox Rx1500 Firmware
Siemens Ruggedcom Rox Rx1501 Firmware
Siemens Ruggedcom Rox Rx1510 Firmware
Siemens Ruggedcom Rox Rx1511 Firmware
Siemens Ruggedcom Rox Rx1512 Firmware
Siemens Ruggedcom Rox Rx5000 Firmware
Mozilla Network Security Services
Netapp Hci Management Node -
Netapp Solidfire -
Netapp Hci Compute Node -
Netapp Hci Storage Node -
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
injection
CVE-2024-30983
CVE-2023-4235
CVE-2024-21338
privilege
encryption
CVE-2023-4232
CVE-2024-31497
CVE-2024-32341
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »