Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
tower vulnerabilities and exploits
(subscribe to this query)
5.5
CVSSv3
CVE-2017-18267
The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler up to and including 0.64.0 allows remote malicious users to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops.
Freedesktop Poppler
Canonical Ubuntu Linux 17.10
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 16.04
Redhat Ansible Tower 3.3
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux Desktop 7.0
Debian Debian Linux 8.0
6.5
CVSSv3
CVE-2018-14679
An issue exists in mspack/chmd.c in libmspack prior to 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (uninitialized data dereference and application crash).
Cabextract Libmspack 0.6
Cabextract Libmspack 0.5
Cabextract Libmspack 0.4
Cabextract Libmspack 0.3
Cabextract Libmspack 0.0.20060920
Cabextract Project Cabextract
Canonical Ubuntu Linux 14.04
Debian Debian Linux 8.0
Canonical Ubuntu Linux 16.04
Debian Debian Linux 9.0
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 12.04
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux Workstation 7.0
Redhat Ansible Tower 3.3
Redhat Enterprise Linux Desktop 7.0
6.5
CVSSv3
CVE-2018-14680
An issue exists in mspack/chmd.c in libmspack prior to 0.7alpha. It does not reject blank CHM filenames.
Cabextract Libmspack 0.4
Cabextract Libmspack 0.3
Cabextract Libmspack 0.0.20060920
Cabextract Project Cabextract
Cabextract Libmspack 0.5
Cabextract Libmspack 0.6
Debian Debian Linux 9.0
Debian Debian Linux 8.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 12.04
Redhat Enterprise Linux Workstation 7.0
Redhat Ansible Tower 3.3
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux Desktop 7.0
8.8
CVSSv3
CVE-2018-14681
An issue exists in kwajd_read_headers in mspack/kwajd.c in libmspack prior to 0.7alpha. Bad KWAJ file header extensions could cause a one or two byte overwrite.
Cabextract Libmspack 0.6
Cabextract Libmspack 0.4
Cabextract Libmspack 0.0.20060920
Cabextract Project Cabextract
Cabextract Libmspack 0.5
Cabextract Libmspack 0.3
Debian Debian Linux 9.0
Canonical Ubuntu Linux 16.04
Debian Debian Linux 8.0
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 18.04
Redhat Enterprise Linux Workstation 7.0
Redhat Ansible Tower 3.3
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Server 7.0
8.8
CVSSv3
CVE-2018-14682
An issue exists in mspack/chmd.c in libmspack prior to 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression.
Cabextract Libmspack 0.6
Cabextract Libmspack 0.5
Cabextract Libmspack 0.4
Cabextract Libmspack 0.0.20060920
Cabextract Libmspack 0.3
Cabextract Project Cabextract
Debian Debian Linux 8.0
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Debian Debian Linux 9.0
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux Workstation 7.0
Redhat Ansible Tower 3.3
5.5
CVSSv3
CVE-2019-3835
It was found that the superexec operator was available in the internal dictionary in ghostscript prior to 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.
Artifex Ghostscript
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux Server Tus 7.6
Redhat Enterprise Linux Server Eus 7.6
Redhat Enterprise Linux Server Aus 7.6
Redhat Ansible Tower 3.3
Fedoraproject Fedora 28
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Opensuse Leap 15.0
Opensuse Leap 15.1
5.5
CVSSv3
CVE-2019-3838
It was found that the forceput operator could be extracted from the DefineResource method in ghostscript prior to 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.
Artifex Ghostscript
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux 6.0
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux 5.0
Redhat Enterprise Linux Server Tus 7.6
Redhat Enterprise Linux Server Eus 7.6
Redhat Enterprise Linux Server Aus 7.6
Redhat Ansible Tower 3.3
Fedoraproject Fedora 28
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Opensuse Leap 42.3
Opensuse Leap 15.0
Debian Debian Linux 8.0
Debian Debian Linux 9.0
7.3
CVSSv3
CVE-2020-7743
The package mathjs prior to 7.5.1 are vulnerable to Prototype Pollution via the deepExtend function that runs upon configuration updates.
Mathjs Mathjs
6.1
CVSSv3
CVE-2020-25626
A flaw was found in Django REST Framework versions prior to 3.12.0 and prior to 3.11.2. When using the browseable API viewer, Django REST Framework fails to properly escape certain strings that can come from user input. This allows a user who can control those strings to inject m...
Encode Django Rest Framework
Redhat Ceph Storage 2.0
Debian Debian Linux 11.0
5.4
CVSSv3
CVE-2020-7676
angular.js before 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping "<option>" elements in "<select>" ones changes parsing behavior, leading to possibly unsanitizing cod...
Angularjs Angular.js
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »