Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
operations agent vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2020-28019
Exim 4 prior to 4.94.2 has Improper Initialization that can lead to recursion-based stack consumption or other consequences. This occurs because use of certain getc functions is mishandled when a client uses BDAT instead of DATA.
Exim Exim
445
VMScore
CVE-2020-28023
Exim 4 prior to 4.94.2 allows Out-of-bounds Read. smtp_setup_msg may disclose sensitive information from process memory to an unauthenticated SMTP client.
Exim Exim
829
VMScore
CVE-2020-28026
Exim 4 prior to 4.94.2 has Improper Neutralization of Line Delimiters, relevant in non-default configurations that enable Delivery Status Notification (DSN). Certain uses of ORCPT= can place a newline into a spool header file, and indirectly allow unauthenticated remote malicious...
Exim Exim
2 Github repositories
641
VMScore
CVE-2020-28010
Exim 4 prior to 4.94.2 allows Out-of-bounds Write because the main function, while setuid root, copies the current working directory pathname into a buffer that is too small (on some common platforms).
Exim Exim
641
VMScore
CVE-2020-28011
Exim 4 prior to 4.94.2 allows Heap-based Buffer Overflow in queue_run via two sender options: -R and -S. This may cause privilege escalation from exim to root.
Exim Exim
641
VMScore
CVE-2020-28012
Exim 4 prior to 4.94.2 allows Exposure of File Descriptor to Unintended Control Sphere because rda_interpret uses a privileged pipe that lacks a close-on-exec flag.
Exim Exim
668
VMScore
CVE-2020-28024
Exim 4 prior to 4.94.2 allows Buffer Underwrite that may result in unauthenticated remote attackers executing arbitrary commands, because smtp_ungetc was only intended to push back characters, but can actually push back non-character error codes such as EOF.
Exim Exim
445
VMScore
CVE-2020-28025
Exim 4 prior to 4.94.2 allows Out-of-bounds Read because pdkim_finish_bodyhash does not validate the relationship between sig->bodyhash.len and b->bh.len; thus, a crafted DKIM-Signature header might lead to a leak of sensitive information from process memory.
Exim Exim
505
VMScore
CVE-2016-0736
In Apache HTTP Server versions 2.4.0 to 2.4.23, mod_session_crypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation (AES256-CBC by default), hence no selectable or builtin authenticated encryption. This made it vulnera...
Apache Http Server 2.4.1
Apache Http Server 2.4.20
Apache Http Server 2.4.6
Apache Http Server 2.4.0
Apache Http Server 2.4.12
Apache Http Server 2.4.3
Apache Http Server 2.4.23
Apache Http Server 2.4.8
Apache Http Server 2.4.10
Apache Http Server 2.4.7
Apache Http Server 2.4.14
Apache Http Server 2.4.22
Apache Http Server 2.4.2
Apache Http Server 2.4.19
Apache Http Server 2.4.16
Apache Http Server 2.4.9
Apache Http Server 2.4.21
1 EDB exploit
641
VMScore
CVE-2020-28008
Exim 4 prior to 4.94.2 allows Execution with Unnecessary Privileges. Because Exim operates as root in the spool directory (owned by a non-root user), an attacker can write to a /var/spool/exim4/input spool header file, in which a crafted recipient address can indirectly lead to c...
Exim Exim
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
NEXT »