Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
file file 4.1 vulnerabilities and exploits
(subscribe to this query)
9.6
CVSSv3
CVE-2020-26831
SAP BusinessObjects BI Platform (Crystal Report), versions - 4.1, 4.2, 4.3, does not sufficiently validate uploaded XML entities during crystal report generation due to missing XML validation, An attacker with basic privileges can inject some arbitrary XML entities leading to int...
Sap Businessobjects Business Intelligence Platform 4.3
Sap Businessobjects Business Intelligence Platform 4.1
Sap Businessobjects Business Intelligence Platform 4.2
8.8
CVSSv3
CVE-2022-36997
An issue exists in Veritas NetBackup 8.1.x up to and including 8.1.2, 8.2, 8.3.x up to and including 8.3.0.2, 9.x up to and including 9.0.0.1, and 9.1.x up to and including 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could...
Veritas Netbackup 9.1
Veritas Netbackup Appliance 4.0.0.1
Veritas Netbackup Appliance 4.1.0.1
Veritas Flex Appliance 2.0
Veritas Flex Appliance 2.0.1
Veritas Flex Appliance 2.0.2
Veritas Flex Appliance 2.1
Veritas Flex Appliance 1.3
Veritas Netbackup 9.0
Veritas Netbackup 8.2
Veritas Netbackup Appliance 3.3.0.1
Veritas Netbackup Appliance 3.3.0.2
Veritas Netbackup Appliance 3.2
Veritas Netbackup Appliance 3.1.1
Veritas Netbackup Appliance 3.1.2
Veritas Netbackup 9.0.0.1
Veritas Netbackup 9.1.0.1
Veritas Netbackup 8.1.2
Veritas Netbackup 8.1.1
Veritas Netbackup 8.3.0.1
Veritas Netbackup 8.3.0.2
Veritas Netbackup Appliance 4.0
8.8
CVSSv3
CVE-2019-19745
Contao 4.0 up to and including 4.8.5 allows PHP local file inclusion. A back end user with access to the form generator can upload arbitrary files and execute them on the server.
Contao Contao 4.7
Contao Contao
Contao Contao 4.5
Contao Contao 4.6
Contao Contao 4.0
Contao Contao 4.1
Contao Contao 4.2
Contao Contao 4.3
8.8
CVSSv3
CVE-2019-14287
In Sudo prior to 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER=...
Sudo Project Sudo
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Opensuse Leap 15.0
Opensuse Leap 15.1
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.04
Canonical Ubuntu Linux 14.04
Netapp Element Software Management Node -
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Server 5.0
Redhat Enterprise Linux Server Aus 7.2
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux Server Tus 7.2
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux Server Aus 6.6
61 Github repositories
1 Article
8.8
CVSSv3
CVE-2018-13443
EOS.IO jit-wasm 4.1 has a heap-based buffer overflow via a crafted wast file.
Block Jit-wasm 4.1
8.8
CVSSv3
CVE-2019-11339
The studio profile decoder in libavcodec/mpeg4videodec.c in FFmpeg 4.0 prior to 4.0.4 and 4.1 prior to 4.1.2 allows remote malicious users to cause a denial of service (out-of-array access) or possibly have unspecified other impact via crafted MPEG-4 video data.
Ffmpeg Ffmpeg
8.8
CVSSv3
CVE-2017-9111
In OpenEXR 2.2.0, an invalid write of size 8 in the storeSSE function in ImfOptimizedPixelReading.h could cause the application to crash or execute arbitrary code.
Openexr Openexr 2.2.0
8.8
CVSSv3
CVE-2017-9113
In OpenEXR 2.2.0, an invalid write of size 1 in the bufferedReadPixels function in ImfInputFile.cpp could cause the application to crash or execute arbitrary code.
Openexr Openexr 2.2.0
8.8
CVSSv3
CVE-2017-9115
In OpenEXR 2.2.0, an invalid write of size 2 in the = operator function in half.h could cause the application to crash or execute arbitrary code.
Openexr Openexr 2.2.0
8.8
CVSSv3
CVE-2016-2335
The CInArchive::ReadFileItem method in Archive/Udf/UdfIn.cpp in 7zip 9.20 and 15.05 beta and p7zip allows remote malicious users to cause a denial of service (out-of-bounds read) or execute arbitrary code via the PartitionRef field in the Long Allocation Descriptor in a UDF file.
Opensuse Opensuse 13.2
Debian Debian Linux 8.0
Debian Debian Linux 9.0
7-zip 7-zip 9.20
7-zip 7-zip 15.05
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
deserialization
CVE-2024-4541
CVE-2024-3080
CVE-2024-4787
log injection
CVE-2024-5967
inject
CVE-2024-30078
CVE-2024-5899
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »