Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
debian debian linux 8.0 vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2019-17669
WordPress prior to 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because URL validation does not consider the interpretation of a name as a series of hex characters.
Wordpress Wordpress
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
8.8
CVSSv3
CVE-2019-17675
WordPress prior to 5.2.4 does not properly consider type confusion during validation of the referer in the admin pages, possibly leading to CSRF.
Wordpress Wordpress
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
5.4
CVSSv3
CVE-2017-17092
wp-includes/functions.php in WordPress prior to 4.9.1 does not require the unfiltered_html capability for upload of .js files, which might allow remote malicious users to conduct XSS attacks via a crafted file.
Wordpress Wordpress
Debian Debian Linux 7.0
Debian Debian Linux 9.0
Debian Debian Linux 8.0
5.4
CVSSv3
CVE-2017-17093
wp-includes/general-template.php in WordPress prior to 4.9.1 does not properly restrict the lang attribute of an HTML element, which might allow malicious users to conduct XSS attacks via the language setting of a site.
Wordpress Wordpress
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 7.0
NA
CVE-2014-2983
Drupal 6.x prior to 6.31 and 7.x prior to 7.27 does not properly isolate the cached data of different anonymous users, which allows remote anonymous users to obtain sensitive interim form input information in opportunistic situations via unspecified vectors.
Drupal Drupal
Debian Debian Linux 6.0
Debian Debian Linux 7.0
Debian Debian Linux 8.0
5.3
CVSSv3
CVE-2017-6928
Drupal core 7.x versions prior to 7.57 when using Drupal's private file system, Drupal will check to make sure a user has access to a file before allowing the user to view or download it. This check fails under certain conditions in which one module is trying to grant access...
Drupal Drupal
Debian Debian Linux 9.0
Debian Debian Linux 7.0
Debian Debian Linux 8.0
6.1
CVSSv3
CVE-2017-6929
A jQuery cross site scripting vulnerability is present when making Ajax requests to untrusted domains. This vulnerability is mitigated by the fact that it requires contributed or custom modules in order to exploit. For Drupal 8, this vulnerability was already fixed in Drupal 8.4....
Drupal Drupal
Debian Debian Linux 7.0
Debian Debian Linux 8.0
Debian Debian Linux 9.0
4.7
CVSSv3
CVE-2017-6932
Drupal core 7.x versions prior to 7.57 has an external link injection vulnerability when the language switcher block is used. A similar vulnerability exists in various custom and contributed modules. This vulnerability could allow an malicious user to trick users into unwillingly...
Drupal Drupal
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Debian Debian Linux 9.0
8.8
CVSSv3
CVE-2017-16664
Code injection exists in Kernel/System/Spelling.pm in Open Ticket Request System (OTRS) 5 prior to 5.0.24, 4 prior to 4.0.26, and 3.3 prior to 3.3.20. In the agent interface, an authenticated remote attacker can execute shell commands as the webserver user via URL manipulation.
Otrs Otrs
Debian Debian Linux 7.0
Debian Debian Linux 8.0
Debian Debian Linux 9.0
6.5
CVSSv3
CVE-2017-16854
In Open Ticket Request System (OTRS) up to and including 3.3.20, 4 up to and including 4.0.26, 5 up to and including 5.0.24, and 6 up to and including 6.0.1, an attacker who is logged in as a customer can use the ticket search form to disclose internal article information of thei...
Otrs Otrs
Debian Debian Linux 7.0
Debian Debian Linux 9.0
Debian Debian Linux 8.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-36954
CVE-2024-36933
CVE-2024-24919
CVE-2024-36923
CVE-2024-2961
CVE-2024-36925
bypass
encryption
command injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »