Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2017-7219
A heap overflow vulnerability in Citrix NetScaler Gateway versions 10.1 prior to 135.8/135.12, 10.5 prior to 65.11, 11.0 prior to 70.12, and 11.1 prior to 52.13 allows a remote authenticated malicious user to run arbitrary commands via unspecified vectors.
Citrix Netscaler Gateway Firmware 11.0
Citrix Netscaler Gateway Firmware 11.1
Citrix Netscaler Gateway Firmware 10.1
Citrix Netscaler Gateway Firmware 10.5
5.4
CVSSv3
CVE-2022-29230
Hydrogen is a React-based framework for building dynamic, Shopify-powered custom storefronts. There is a potential Cross-Site Scripting (XSS) vulnerability where an arbitrary user is able to execute scripts on pages that are built with Hydrogen. This affects all versions of Hydro...
Shopify Hydrogen
6.1
CVSSv3
CVE-2017-7222
A cross-site scripting (XSS) vulnerability in MantisBT prior to 2.1.1 allows remote malicious users to inject arbitrary HTML or JavaScript (if MantisBT's CSP settings permit it) by modifying 'window_title' in the application configuration. This requires privileged ...
Mantisbt Mantisbt
6.5
CVSSv3
CVE-2022-29232
BigBlueButton is an open source web conferencing system. Starting with version 2.2 and prior to versions 2.3.9 and 2.4-beta-1, an attacker can circumvent access controls to obtain the content of public chat messages from different meetings on the server. The attacker must be a pa...
Bigbluebutton Bigbluebutton
Bigbluebutton Bigbluebutton 2.4
5.5
CVSSv3
CVE-2017-7224
The find_nearest_line function in objdump in GNU Binutils 2.28 is vulnerable to an invalid write (of size 1) while disassembling a corrupt binary that contains an empty function name, leading to a program crash.
Gnu Binutils 2.28
7.5
CVSSv3
CVE-2017-7227
GNU linker (ld) in GNU Binutils 2.28 is vulnerable to a heap-based buffer overflow while processing a bogus input script, leading to a program crash. This relates to lack of '\0' termination of a name field in ldlex.l.
Gnu Binutils 2.28
4.3
CVSSv3
CVE-2022-29234
BigBlueButton is an open source web conferencing system. Starting in version 2.2 and prior to versions 2.3.18 and 2.4.1, an attacker could send messages to a locked chat within a grace period of 5s any lock setting in the meeting was changed. The attacker needs to be a participan...
Bigbluebutton Bigbluebutton
5.3
CVSSv3
CVE-2022-29235
BigBlueButton is an open source web conferencing system. Starting in version 2.2 and prior to versions 2.3.18 and 2.4-rc-6, an attacker who is able to obtain the meeting identifier for a meeting on a server can find information related to an external video being shared, like the ...
Bigbluebutton Bigbluebutton 2.4
Bigbluebutton Bigbluebutton
4.3
CVSSv3
CVE-2022-29236
BigBlueButton is an open source web conferencing system. Starting in version 2.2 and prior to versions 2.3.18 and 2.4-rc-6, an attacker can circumvent access restrictions for drawing on the whiteboard. The permission check is inadvertently skipped on the server, due to a previous...
Bigbluebutton Bigbluebutton 2.4
Bigbluebutton Bigbluebutton
5.4
CVSSv3
CVE-2022-29237
Opencast is a free and open source solution for automated video capture and distribution at scale. Prior to Opencast 10.14 and 11.7, users could pass along URLs for files belonging to organizations other than the user's own, which Opencast would then import into the current ...
Apereo Opencast
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-35229
privilege escalation
local users
CVE-2024-5405
CVE-2024-27842
CVE-2024-5274
CVE-2024-5378
CVE-2024-34152
hard-coded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »