Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
tenable securitycenter vulnerabilities and exploits
(subscribe to this query)
614
VMScore
CVE-2016-4802
Multiple untrusted search path vulnerabilities in cURL and libcurl prior to 7.49.1, when built with SSPI or telnet is enabled, allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) security.dll, (2) secur32.dll, or (3) ws2_32.dll in ...
Haxx Curl
1 Github repository
384
VMScore
CVE-2013-4517
Apache Santuario XML Security for Java prior to 1.5.6, when applying Transforms, allows remote malicious users to cause a denial of service (memory consumption) via crafted Document Type Definitions (DTDs), related to signatures.
Apache Santuario Xml Security For Java 1.4.1
Apache Santuario Xml Security For Java 1.4.2
Apache Santuario Xml Security For Java 1.4.3
Apache Santuario Xml Security For Java 1.3.0
Apache Santuario Xml Security For Java 1.4.5
Apache Santuario Xml Security For Java 1.4.4
Apache Santuario Xml Security For Java 1.5.1
Apache Santuario Xml Security For Java 1.4.8
Apache Santuario Xml Security For Java 1.4.6
Apache Santuario Xml Security For Java 1.4.0
Apache Santuario Xml Security For Java 1.5.2
Apache Santuario Xml Security For Java 1.5.4
Apache Santuario Xml Security For Java 1.5.3
Apache Santuario Xml Security For Java 1.4.7
Apache Santuario Xml Security For Java 1.5.0
Apache Santuario Xml Security For Java 1.2.1
Apache Santuario Xml Security For Java
Apache Santuario Xml Security For Java 1.2.0
NA
CVE-2017-11146
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not an independently fixable security issue relative to CVE-2017-11145. Notes: none
384
VMScore
CVE-2016-0704
An oracle protection mechanism in the get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL prior to 0.9.8zf, 1.0.0 prior to 1.0.0r, 1.0.1 prior to 1.0.1m, and 1.0.2 prior to 1.0.2a overwrites incorrect MASTER-KEY bytes during use of export cipher sui...
Openssl Openssl 1.0.1j
Openssl Openssl 1.0.0n
Openssl Openssl 1.0.1
Openssl Openssl 1.0.0c
Openssl Openssl 1.0.0i
Openssl Openssl 1.0.0
Openssl Openssl 1.0.1h
Openssl Openssl 1.0.0m
Openssl Openssl 1.0.1c
Openssl Openssl 1.0.1g
Openssl Openssl 1.0.0h
Openssl Openssl 1.0.0e
Openssl Openssl 1.0.0f
Openssl Openssl 1.0.0d
Openssl Openssl 1.0.0j
Openssl Openssl 1.0.0p
Openssl Openssl 1.0.1a
Openssl Openssl 1.0.0o
Openssl Openssl 1.0.1d
Openssl Openssl 1.0.0k
Openssl Openssl 1.0.2
Openssl Openssl 1.0.1k
668
VMScore
CVE-2015-8387
PCRE prior to 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote malicious users to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegE...
Pcre Perl Compatible Regular Expression Library
Fedoraproject Fedora 22
Php Php
446
VMScore
CVE-2015-8393
pcregrep in PCRE prior to 8.38 mishandles the -q option for binary files, which might allow remote malicious users to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client.
Pcre Perl Compatible Regular Expression Library
Fedoraproject Fedora 22
Php Php
668
VMScore
CVE-2015-8389
PCRE prior to 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote malicious users to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp...
Pcre Perl Compatible Regular Expression Library
Fedoraproject Fedora 22
Php Php
460
VMScore
CVE-2016-0703
The get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL prior to 0.9.8zf, 1.0.0 prior to 1.0.0r, 1.0.1 prior to 1.0.1m, and 1.0.2 prior to 1.0.2a accepts a nonzero CLIENT-MASTER-KEY CLEAR-KEY-LENGTH value for an arbitrary cipher, which allows man-in...
Openssl Openssl 1.0.1j
Openssl Openssl 1.0.0n
Openssl Openssl 1.0.1
Openssl Openssl 1.0.0c
Openssl Openssl 1.0.0i
Openssl Openssl 1.0.0
Openssl Openssl 1.0.1h
Openssl Openssl 1.0.0m
Openssl Openssl 1.0.1c
Openssl Openssl 1.0.1g
Openssl Openssl 1.0.0h
Openssl Openssl 1.0.0e
Openssl Openssl 1.0.0f
Openssl Openssl 1.0.0d
Openssl Openssl 1.0.0j
Openssl Openssl 1.0.0p
Openssl Openssl 1.0.1a
Openssl Openssl 1.0.0o
Openssl Openssl 1.0.1d
Openssl Openssl 1.0.0k
Openssl Openssl 1.0.2
Openssl Openssl 1.0.1k
2 Nmap scripts
1 Github repository
383
VMScore
CVE-2014-3511
The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 1.0.1 prior to 1.0.1i allows man-in-the-middle malicious users to force the use of TLS 1.0 by triggering ClientHello message fragmentation in communication between a client and server that both support later TLS version...
Openssl Openssl 1.0.1
Openssl Openssl 1.0.0c
Openssl Openssl 1.0.0i
Openssl Openssl 1.0.0
Openssl Openssl 1.0.1h
Openssl Openssl 1.0.0m
Openssl Openssl 1.0.1c
Openssl Openssl 1.0.1g
Openssl Openssl 1.0.0h
Openssl Openssl 1.0.0e
Openssl Openssl 1.0.0f
Openssl Openssl 1.0.0d
Openssl Openssl 1.0.0j
Openssl Openssl 1.0.1a
Openssl Openssl 1.0.1d
Openssl Openssl 1.0.0k
Openssl Openssl 1.0.1b
Openssl Openssl 1.0.1e
Openssl Openssl 1.0.1f
Openssl Openssl 1.0.0l
Openssl Openssl 1.0.0a
Openssl Openssl 1.0.0b
1 Github repository
450
VMScore
CVE-2014-0098
The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server prior to 2.4.8 allows remote malicious users to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handled during truncation.
Apache Http Server
Oracle Secure Global Desktop 4.71
Oracle Http Server 12.1.3.0
Oracle Secure Global Desktop 4.63
Oracle Http Server 12.1.2.0
Oracle Http Server 11.1.1.7.0
Oracle Http Server 10.1.3.5.0
Oracle Secure Global Desktop 5.0
Oracle Secure Global Desktop 5.1
Canonical Ubuntu Linux 13.10
Canonical Ubuntu Linux 12.10
Canonical Ubuntu Linux 10.04
Canonical Ubuntu Linux 12.04
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »