Vulmon Recent Vulnerabilities Trends Blog About Contact

Recent vulnerabilities and exploits

NA
CVE-2019-5108
An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3. An attacker could exploit this vulnerability by triggering AP to send IAPP location updates for stations before the required authentication process has completed. This could lead to...
NA
CVE-2020-13995
U.S. Air Force Sensor Data Management System extract75 has a buffer overflow that leads to code execution. An overflow in a global variable (sBuffer) leads to a Write-What-Where outcome. Writing beyond sBuffer will clobber most global variables until reaching a pointer such as...
NA
CVE-2020-7735
The package ng-packagr before 10.1.1 are vulnerable to Command Injection via the styleIncludePaths option....
NA
CVE-2020-9961
APPLE-SA-2020-09-24-1 macOS Catalina 10.15.6 Supplemental Update, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave...
NA
CVE-2020-9941
APPLE-SA-2020-09-24-1 macOS Catalina 10.15.6 Supplemental Update, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave...
NA
CVE-2020-15394
The REST API in Zoho ManageEngine Applications Manager before build 14740 allows an unauthenticated SQL Injection via a crafted request, leading to Remote Code Execution....
NA
CVE-2020-15521
Zoho ManageEngine Applications Manager before 14 build 14730 has no protection against jsp/header.jsp Cross-site Scripting (XSS) ....
NA
CVE-2020-26109
cPanel before 88.0.13 allows bypass of a protection mechanism that attempted to restrict package modification (SEC-557)....
NA
CVE-2020-26105
In cPanel before 88.0.3, insecure chkservd test credentials are used on a templated VM (SEC-554)....
NA
CVE-2020-26106
cPanel before 88.0.3 has weak permissions (world readable) for the proxy subdomains log file (SEC-558)....
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-3480CVE-2020-3559encryptionreflected XSSCVE-2020-3408CVE-2020-1472CVE-2020-13629firmwareCVE-2020-3488