Vulmon Recent Vulnerabilities Trends About Contact

Recent vulnerabilities and exploits

7.5
CVSSv2
CVE-2018-10191
In versions of mruby up to and including 1.4.0, an integer overflow exists in src/vm.c::mrb_vm_exec() when handling OP_GETUPVAR in the presence of deep scope nesting, resulting in a use-after-free. An attacker that can cause Ruby code to be run can use this to possibly execute...
Mruby
5
CVSSv2
CVE-2018-12248
An issue was discovered in mruby 1.4.1. There is a heap-based buffer over-read associated with OP_ENTER because mrbgems/mruby-fiber/src/fiber.c does not extend the stack in cases of many arguments to fiber....
Mruby
4.3
CVSSv2
CVE-2010-1899
Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka "IIS Repeated Parameter...
MicrosoftInternet Information Server
9.3
CVSSv2
CVE-2010-2730
Buffer overflow in Microsoft Internet Information Services (IIS) 7.5, when FastCGI is enabled, allows remote attackers to execute arbitrary code via crafted headers in a request, aka "Request Header Buffer Overflow Vulnerability."...
MicrosoftInternet Information Server
10
CVSSv2
CVE-2010-3972
Heap-based buffer overflow in the TELNET_STREAM_CONTEXT::OnSendData function in ftpsvc.dll in Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) 7.0, and IIS 7.5, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash)...
MicrosoftInternet Information Server
2.1
CVSSv2
CVE-2012-2531
Microsoft Internet Information Services (IIS) 7.5 uses weak permissions for the Operational log, which allows local users to discover credentials by reading this file, aka "Password Disclosure Vulnerability."...
MicrosoftInternet Information Server
5
CVSSv2
CVE-2012-2532
Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) processes unspecified commands before TLS is enabled for a session, which allows remote attackers to obtain sensitive information by reading the replies to these commands, aka "FTP Command Injection...
MicrosoftFtp ServiceInternet Information Server
8.5
CVSSv2
CVE-2010-1256
Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended Protection for Authentication is enabled, allows remote authenticated users to execute arbitrary code via unknown vectors related to "token checking" that trigger memory corruption, aka...
MicrosoftInternet Information Server
NA
CVE-2020-8816
Pi-hole is affected by a Remote Code Execution vulnerability. An authenticated user of the Web portal can execute arbitrary command with the underlying server with the privileges of the local user executing the service. Exploitation of this vulnerability can be automated....
9.3
CVSSv2
CVE-2016-0034
Microsoft Silverlight 5 before 5.1.41212.0 mishandles negative offsets during decoding, which allows remote attackers to execute arbitrary code or cause a denial of service (object-header corruption) via a crafted web site, aka "Silverlight Runtime Remote Code Execution...
MicrosoftSilverlight
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-6809firefoxCVE-2020-0796firewallCVE-2020-8816frozennodeCVE-2015-7333mozillaCVE-2020-8910photoshop 2020CVE-2020-6806mass assignmentCSRF