Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
client vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-38034
A command injection vulnerability in the DHCP Client function of all UniFi Access Points and Switches, excluding the Switch Flex Mini, could allow a Remote Code Execution (RCE). Affected Products: All UniFi Access Points (Version 6.5.53 and previous versions) All UniFi Switches (...
Ui Unifi Uap Firmware
Ui Unifi Switch Firmware
9.8
CVSSv3
CVE-2023-39213
Improper neutralization of special elements in Zoom Desktop Client for Windows and Zoom VDI Client prior to 5.15.2 may allow an unauthenticated user to enable an escalation of privilege via network access.
Zoom Virtual Desktop Infrastructure
Zoom Zoom
9.8
CVSSv3
CVE-2023-36534
Path traversal in Zoom Desktop Client for Windows prior to 5.14.7 may allow an unauthenticated user to enable an escalation of privilege via network access.
Zoom Zoom
9.8
CVSSv3
CVE-2023-39216
Improper input validation in Zoom Desktop Client for Windows prior to 5.14.7 may allow an unauthenticated user to enable an escalation of privilege via network access.
Zoom Zoom
9.8
CVSSv3
CVE-2023-36480
The Aerospike Java client is a Java application that implements a network protocol to communicate with an Aerospike server. Prior to versions 7.0.0, 6.2.0, 5.2.0, and 4.5.0 some of the messages received from the server contain Java objects that the client deserializes when it enc...
Aerospike Aerospike Java Client
9.8
CVSSv3
CVE-2023-1437
All versions before 9.1.4 of Advantech WebAccess/SCADA are vulnerable to use of untrusted pointers. The RPC arguments the client sent could contain raw memory pointers for the server to use as-is. This could allow an malicious user to gain access to the remote file system and the...
Advantech Webaccess\\/scada
9.8
CVSSv3
CVE-2023-35941
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, a malicious client is able to construct credentials with permanent validity in some specific scenarios. This is caused by the som...
Envoyproxy Envoy
9.8
CVSSv3
CVE-2023-38408
The PKCS#11 feature in ssh-agent in OpenSSH prior to 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this ...
Openbsd Openssh
Openbsd Openssh 9.3
Fedoraproject Fedora 37
Fedoraproject Fedora 38
10 Github repositories
9.8
CVSSv3
CVE-2023-37265
CasaOS is an open-source Personal Cloud system. Due to a lack of IP address verification an unauthenticated attackers can execute arbitrary commands as `root` on CasaOS instances. The problem was addressed by improving the detection of client IP addresses in `391dd7f`. This patch...
Icewhale Casaos 0.4.4
Icewhale Casaos
Icewhale Casaos-gateway
Icewhale Casaos-gateway 0.4.4
9.8
CVSSv3
CVE-2023-38336
netkit-rcp in rsh-client 0.17-24 allows command injection via filenames because /bin/sh is used by susystem, a related issue to CVE-2006-0225, CVE-2019-7283, and CVE-2020-15778.
Netkit Netkit 0.17-24
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »