Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sense of security vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2020-26960
If the Compact() method was called on an nsTArray, the array could have been reallocated without updating other pointers, leading to a potential use-after-free and exploitable crash. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.
Mozilla Firefox
Mozilla Firefox Esr
Mozilla Thunderbird
4.3
CVSSv3
CVE-2020-16012
Side-channel information leakage in graphics in Google Chrome before 87.0.4280.66 allowed a remote malicious user to leak cross-origin data via a crafted HTML page.
Google Chrome
Mozilla Firefox
1 Github repository
8.8
CVSSv3
CVE-2020-26974
When flex-basis was used on a table wrapper, a StyleGenericFlexBasis object could have been incorrectly cast to the wrong type. This resulted in a heap user-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox < 84, Thunderbird...
Mozilla Firefox
Mozilla Firefox Esr
Mozilla Thunderbird
6.5
CVSSv3
CVE-2020-16042
Uninitialized Use in V8 in Google Chrome before 87.0.4280.88 allowed a remote malicious user to obtain potentially sensitive information from process memory via a crafted HTML page.
Google Chrome
NA
CVE-2011-0959
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Operations Manager (CUOM) prior to 8.6 allow remote malicious users to inject arbitrary web script or HTML via (1) the extn parameter to iptm/advancedfind.do, (2) the deviceInstanceName parameter to iptm/ddv.do,...
Cisco Unified Operations Manager 2.2
Cisco Unified Operations Manager 2.0
Cisco Unified Operations Manager 2.0.1
Cisco Unified Operations Manager
Cisco Unified Operations Manager 2.0.2
Cisco Unified Operations Manager 1.1
Cisco Unified Operations Manager 2.3
Cisco Unified Operations Manager 2.1
Cisco Unified Operations Manager 8.0
Cisco Unified Operations Manager 2.0.3
6 EDB exploits
8.5
CVSSv3
CVE-2021-39153
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote malicious user to load and execute arbitrary code from a remote host only by manipulating the processed input stream, if using the version out of the...
Xstream Project Xstream
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Netapp Snapmanager -
Oracle Webcenter Portal 12.2.1.3.0
Oracle Utilities Framework 4.2.0.3.0
Oracle Utilities Framework 4.2.0.2.0
Oracle Utilities Framework 4.3.0.6.0
Oracle Utilities Framework 4.4.0.0.0
Oracle Communications Unified Inventory Management 7.3.4
Oracle Communications Unified Inventory Management 7.3.5
Oracle Communications Unified Inventory Management 7.4.0
Oracle Webcenter Portal 12.2.1.4.0
Oracle Utilities Framework 4.4.0.2.0
Oracle Communications Billing And Revenue Management Elastic Charging Engine 11.3
Oracle Communications Billing And Revenue Management Elastic Charging Engine 12.0
Oracle Business Activity Monitoring 12.2.1.4.0
Oracle Communications Unified Inventory Management 7.4.1
NA
CVE-2011-0962
Cross-site scripting (XSS) vulnerability in CSCOnm/servlet/com.cisco.nm.help.ServerHelpEngine in the Common Services Device Center in Cisco Unified Operations Manager (CUOM) prior to 8.6 allows remote malicious users to inject arbitrary web script or HTML via the tag parameter, a...
Cisco Unified Operations Manager 2.2
Cisco Unified Operations Manager 2.0
Cisco Unified Operations Manager 2.0.1
Cisco Unified Operations Manager
Cisco Unified Operations Manager 2.0.2
Cisco Unified Operations Manager 1.1
Cisco Unified Operations Manager 2.3
Cisco Unified Operations Manager 2.1
Cisco Unified Operations Manager 8.0
Cisco Unified Operations Manager 2.0.3
2 EDB exploits
5.8
CVSSv3
CVE-2021-29474
HedgeDoc (formerly known as CodiMD) is an open-source collaborative markdown editor. An attacker can read arbitrary `.md` files from the server's filesystem due to an improper input validation, which results in the ability to perform a relative path traversal. To verify if y...
Hedgedoc Hedgedoc
NA
CVE-2024-28236
Vela is a Pipeline Automation (CI/CD) framework built on Linux container technology written in Golang. Vela pipelines can use variable substitution combined with insensitive fields like `parameters`, `image` and `entrypoint` to inject secrets into a plugin/image and — by us...
NA
CVE-2010-3847
elf/dl-load.c in ld.so in the GNU C Library (aka glibc or libc6) up to and including 2.11.2, and 2.12.x up to and including 2.12.1, does not properly handle a value of $ORIGIN for the LD_AUDIT environment variable, which allows local users to gain privileges via a crafted dynamic...
Gnu Glibc 2.2.2
Gnu Glibc 2.9
Gnu Glibc 2.7
Gnu Glibc 2.1.2
Gnu Glibc 2.11
Gnu Glibc 2.0.5
Gnu Glibc 2.2.5
Gnu Glibc 2.0.6
Gnu Glibc 2.10.1
Gnu Glibc 1.00
Gnu Glibc 1.06
Gnu Glibc 2.1.1
Gnu Glibc 1.02
Gnu Glibc 2.0.3
Gnu Glibc 1.07
Gnu Glibc 2.3.1
Gnu Glibc 2.3
Gnu Glibc 2.12.0
Gnu Glibc 2.0
Gnu Glibc 2.1.1.6
Gnu Glibc 1.04
Gnu Glibc 1.01
4 EDB exploits
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »