Vulmon Recent Vulnerabilities Trends Blog About Contact

Recent vulnerabilities and exploits

3.3
CVSSv2
CVE-2019-5108
An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3. An attacker could exploit this vulnerability by triggering AP to send IAPP location updates for stations before the required authentication process has completed. This could lead to...
NA
CVE-2020-13995
U.S. Air Force Sensor Data Management System extract75 has a buffer overflow that leads to code execution. An overflow in a global variable (sBuffer) leads to a Write-What-Where outcome. Writing beyond sBuffer will clobber most global variables until reaching a pointer such as...
NA
CVE-2020-7735
The package ng-packagr before 10.1.1 are vulnerable to Command Injection via the styleIncludePaths option....
NA
CVE-2020-9961
APPLE-SA-2020-09-24-1 macOS Catalina 10.15.6 Supplemental Update, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave...
NA
CVE-2020-9941
APPLE-SA-2020-09-24-1 macOS Catalina 10.15.6 Supplemental Update, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave...
NA
CVE-2020-15521
Zoho ManageEngine Applications Manager before 14 build 14730 has no protection against jsp/header.jsp Cross-site Scripting (XSS) ....
NA
CVE-2020-15394
The REST API in Zoho ManageEngine Applications Manager before build 14740 allows an unauthenticated SQL Injection via a crafted request, leading to Remote Code Execution....
NA
CVE-2020-26101
In cPanel before 88.0.3, insecure RNDC credentials are used for BIND on a templated VM (SEC-549)....
NA
CVE-2020-26103
In cPanel before 88.0.3, an insecure site password is used for Mailman on a templated VM (SEC-551)....
NA
CVE-2020-26110
cPanel before 88.0.13 allows self XSS via DNS Zone Manager DNSSEC interfaces (SEC-564)....
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-3480CVE-2020-3559encryptionreflected XSSCVE-2020-3408CVE-2020-1472CVE-2020-13629firmwareCVE-2020-3488