Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
report project report vulnerabilities and exploits
(subscribe to this query)
1.9
CVSSv2
CVE-2020-8833
Time-of-check Time-of-use Race Condition vulnerability on crash report ownership change in Apport allows for a possible privilege escalation opportunity. If fs.protected_symlinks is disabled, this can be exploited between the os.open and os.chown calls when the Apport cron script...
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 19.10
Canonical Ubuntu Linux 16.04
Apport Project Apport -
4.3
CVSSv2
CVE-2020-10192
An issue exists in Munkireport prior to 5.3.0.3923. An unauthenticated actor can send a custom XSS payload through the /report/broken_client endpoint. The payload will be executed by any authenticated users browsing the application. This concerns app/views/listings/default.php.
Munkireport Project Munkireport
4.6
CVSSv2
CVE-2019-11484
Kevin Backhouse discovered an integer overflow in bson_ensure_space, as used in whoopsie.
Whoopsie Project Whoopsie -
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.04
Canonical Ubuntu Linux 19.10
2.1
CVSSv2
CVE-2019-11483
Sander Bos discovered Apport mishandled crash dumps originating from containers. This could be used by a local malicious user to generate a crash report for a privileged process that is readable by an unprivileged user.
Apport Project Apport -
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.04
Canonical Ubuntu Linux 19.10
4.4
CVSSv2
CVE-2019-18932
log.c in Squid Analysis Report Generator (sarg) up to and including 2.3.11 allows local privilege escalation. By default, it uses a fixed temporary directory /tmp/sarg. As the root user, sarg creates this directory or reuses an existing one in an insecure manner. An attacker can ...
Squid Analysis Report Generator Project Squid Analysis Report Generator
Opensuse Leap 15.1
Opensuse Backports Sle 15.0
6.8
CVSSv2
CVE-2019-19854
An issue exists in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. It does not use CSRF Tokens to mitigate against CSRF; it uses the Origin header (which must match the request origin). This is problematic in conjunction with XSS: one can escalate privileges fro...
Serpico Project Serpico 1.3.0
3.5
CVSSv2
CVE-2019-19855
An issue exists in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. admin/list_user allows stored XSS via the auth_type parameter.
Serpico Project Serpico 1.3.0
3.5
CVSSv2
CVE-2019-19856
An issue exists in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. The User Type on the admin/list_user page allows stored XSS via the type parameter.
Serpico Project Serpico 1.3.0
5
CVSSv2
CVE-2019-19857
An issue exists in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. An admin can change their password without providing the current password, by using interfaces outside the Change Password screen. Thus, requiring the admin to enter an Old Password value on the ...
Serpico Project Serpico 1.3.0
3.5
CVSSv2
CVE-2019-19858
An issue exists in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. admin/add_user/UID allows stored XSS via the author parameter.
Serpico Project Serpico 1.3.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »