Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dash vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2014-3203
Unity prior to 7.2.1, as used in Ubuntu 14.04, does not properly restrict access to the Dash when the lock screen is active, which allows physically proximate malicious users to bypass the lock screen and execute arbitrary commands, as demonstrated by pressing the SUPER key befor...
Canonical Ubuntu Linux 14.04
Ayatana Project Unity
Ayatana Project Unity 7.1.3
Ayatana Project Unity 7.0.0
Ayatana Project Unity 7.1.2
Ayatana Project Unity 7.1.0
Ayatana Project Unity 7.1.1
Ayatana Project Unity 7.0.1
7.5
CVSSv3
CVE-2022-36064
Shescape is a shell escape package for JavaScript. An Inefficient Regular Expression Complexity vulnerability impacts users that use Shescape to escape arguments for the Unix shells `Bash` and `Dash`, or any not-officially-supported Unix shell; and/or using the `escape` or `escap...
Shescape Project Shescape
8.8
CVSSv3
CVE-2017-17459
http_transport.c in Fossil prior to 2.4, when the SSH sync protocol is used, allows user-assisted remote malicious users to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, ...
Fossil Scm Fossil
9.1
CVSSv3
CVE-2023-26143
Versions of the package blamer prior to 1.0.4 are vulnerable to Arbitrary Argument Injection via the blameByFile() API. The library does not sanitize for user input or validate the given file path conforms to a specific schema, nor does it properly pass command-line flags to the ...
Blamer Project Blamer
7.3
CVSSv3
CVE-2021-43809
`Bundler` is a package for managing application dependencies in Ruby. In `bundler` versions prior to 2.2.33, when working with untrusted and apparently harmless `Gemfile`'s, it is not expected that they lead to execution of external code, unless that's explicit in the r...
Bundler Bundler
7.5
CVSSv3
CVE-2023-34105
SRS is a real-time video server supporting RTMP, WebRTC, HLS, HTTP-FLV, SRT, MPEG-DASH, and GB28181. Prior to versions 5.0.157, 5.0-b1, and 6.0.48, SRS's `api-server` server is vulnerable to a drive-by command injection. An attacker may send a request to the `/api/v1/snapsho...
Ossrs Simple Realtime Server
5.5
CVSSv3
CVE-2022-24725
Shescape is a shell escape package for JavaScript. An issue in versions 1.4.0 to 1.5.1 allows for exposure of the home directory on Unix systems when using Bash with the `escape` or `escapeAll` functions from the _shescape_ API with the `interpolation` option set to `true`. Other...
Shescape Project Shescape
6.5
CVSSv3
CVE-2022-44267
ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parses a PNG image (e.g., for resize), the convert process could be left waiting for stdin input.
Imagemagick Imagemagick 7.1.0-49
4 Github repositories
8.2
CVSSv3
CVE-2019-2498
Vulnerability in the Oracle Partner Management component of Oracle E-Business Suite (subcomponent: Partner Dash board). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unau...
Oracle E-business Suite 12.1.3
Oracle E-business Suite 12.2.5
Oracle E-business Suite 12.2.7
Oracle E-business Suite 12.1.1
Oracle E-business Suite 12.1.2
Oracle E-business Suite 12.2.3
Oracle E-business Suite 12.2.4
Oracle E-business Suite 12.2.6
Oracle E-business Suite 12.2.8
NA
CVE-2015-0219
Django prior to 1.4.18, 1.6.x prior to 1.6.10, and 1.7.x prior to 1.7.3 allows remote malicious users to spoof WSGI headers by using an _ (underscore) character instead of a - (dash) character in an HTTP header, as demonstrated by an X-Auth_User header.
Djangoproject Django 1.6.1
Djangoproject Django 1.6.2
Djangoproject Django 1.6.9
Djangoproject Django 1.7
Djangoproject Django 1.6.5
Djangoproject Django 1.6.6
Djangoproject Django
Djangoproject Django 1.6
Djangoproject Django 1.6.7
Djangoproject Django 1.6.8
Djangoproject Django 1.6.3
Djangoproject Django 1.6.4
Djangoproject Django 1.7.1
Djangoproject Django 1.7.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »