Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bug library project bug library vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2022-24795
yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of `yajl` contain an integer overflow which leads to subsequent heap memory corruption when dealing with large (~2GB) inputs. The reallocation logic at `yajl_buf.c#L64` may...
Yajl-ruby Project Yajl-ruby
9.1
CVSSv3
CVE-2021-41117
keypair is a a RSA PEM key generator written in javascript. keypair implements a lot of cryptographic primitives on its own or by borrowing from other libraries where possible, including node-forge. An issue exists where this library was generating identical RSA keys used in SSH....
Keypair Project Keypair
2 Github repositories
6.5
CVSSv3
CVE-2022-21708
graphql-go is a GraphQL server with a focus on ease of use. In versions before 1.3.0 there exists a DoS vulnerability that is possible due to a bug in the library that would allow an attacker with specifically designed queries to cause stack overflow panics. Any user with access ...
Graphql-go Project Graphql-go
7.5
CVSSv3
CVE-2020-29363
An issue exists in p11-kit 0.23.6 up to and including 0.23.21. A heap-based buffer overflow has been discovered in the RPC protocol used by p11-kit server/remote commands and the client library. When the remote entity supplies a serialized byte array in a CK_ATTRIBUTE, the receiv...
P11-kit Project P11-kit
Debian Debian Linux 10.0
Oracle Communications Cloud Native Core Policy 1.14.0
1 Github repository
7.5
CVSSv3
CVE-2022-21698
client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package in client_golang provides tooling around HTTP servers and clients. In client_golang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounde...
Prometheus Client Golang
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Extra Packages For Enterprise Linux 8.0
Fedoraproject Extra Packages For Enterprise Linux 7.0
Rdo Project Rdo -
Fedoraproject Fedora 37
NA
CVE-2008-2235
OpenSC prior to 0.11.5 uses weak permissions (ADMIN file control information of 00) for the 5015 directory on smart cards and USB crypto tokens running Siemens CardOS M4, which allows physically proximate malicious users to change the PIN.
Opensc-project Opensc 0.11.2
Opensc-project Opensc 0.11.3
Opensc-project Opensc 0.7.0
Opensc-project Opensc 0.8
Opensc-project Opensc 0.9.7
Opensc-project Opensc 0.9.8
Opensc-project Opensc 0.11.4
Opensc-project Opensc 0.8.0.0
Opensc-project Opensc 0.8.1
Opensc-project Opensc 0.3.2
Opensc-project Opensc 0.3.5
Opensc-project Opensc 0.9
Opensc-project Opensc 0.9.6
Opensc-project Opensc 0.11.0
Opensc-project Opensc 0.11.1
Opensc-project Opensc 0.4.0
Opensc-project Opensc 0.6.0
Opensc-project Opensc 0.6.1
7.5
CVSSv3
CVE-2021-3580
A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated ciphertext leading to application crash and denial of service.
Nettle Project Nettle
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 8.0
Debian Debian Linux 9.0
Netapp Ontap Select Deploy Administration Utility -
7.8
CVSSv3
CVE-2021-3156
Sudo prior to 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
Sudo Project Sudo 1.9.5
Sudo Project Sudo
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Netapp Solidfire -
Netapp Hci Management Node -
Netapp Oncommand Unified Manager Core Package -
Mcafee Web Gateway 8.2.17
Mcafee Web Gateway 9.2.8
Mcafee Web Gateway 10.0.4
Synology Diskstation Manager 6.2
Synology Diskstation Manager Unified Controller 3.0
Synology Skynas Firmware -
Synology Vs960hd Firmware -
Beyondtrust Privilege Management For Mac
Beyondtrust Privilege Management For Unix\\/linux
Oracle Micros Compact Workstation 3 Firmware 310
Oracle Micros Es400 Firmware
Oracle Micros Kitchen Display System Firmware 210
Oracle Micros Workstation 5a Firmware 5a
142 Github repositories
1 Article
7.5
CVSSv3
CVE-2021-46828
In libtirpc prior to 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svc_run infinite loop without accepting new connections.
Libtirpc Project Libtirpc
Debian Debian Linux 10.0
Debian Debian Linux 11.0
7.5
CVSSv3
CVE-2022-25314
In Expat (aka libexpat) prior to 2.4.5, there is an integer overflow in copyString.
Libexpat Project Libexpat
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Oracle Http Server 12.2.1.3.0
Oracle Http Server 12.2.1.4.0
Oracle Zfs Storage Appliance Kit 8.8
Siemens Sinema Remote Connect Server
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »