Vulmon Recent Vulnerabilities Trends About Contact

Recent vulnerabilities and exploits

NA
CVE-2019-5108
An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3. An attacker could exploit this vulnerability by triggering AP to send IAPP location updates for stations before the required authentication process has completed. This could lead to...
LinuxLinux Kernel
906
VMScore
CVE-2019-6989
TP-Link TL-WR940N is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the ipAddrDispose function. By sending specially crafted ICMP echo request packets, a remote authenticated attacker could overflow a buffer and execute arbitrary code on the...
Tp-linkTl-wr940n FirmwareTl-wr941nd Firmware
NA
CVE-2020-8515
DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.4_Beta devices allow remote code execution as root (without authentication) via shell metacharacters to the cgi-bin/mainfunction.cgi URI. This issue has been fixed in...
DraytekVigor2960 FirmwareVigor300b FirmwareVigor3900 Firmware
NA
CVE-2020-0697
An elevation of privilege vulnerability exists in Microsoft Office OLicenseHeartbeat task, where an attacker who successfully exploited this vulnerability could run this task as SYSTEM.To exploit the vulnerability, an authenticated attacker would need to place a specially...
MicrosoftOffice 365 Proplus
393
VMScore
CVE-2016-2216
The HTTP header parsing code in Node.js 0.10.x before 0.10.42, 0.11.6 through 0.11.16, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allows remote attackers to bypass an HTTP response-splitting protection mechanism via UTF-8 encoded Unicode characters in the HTTP...
NodejsNode.jsFedoraprojectFedora
392
VMScore
CVE-2016-7099
The tls.checkServerIdentity function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 does not properly handle wildcards in name fields of X.509 certificates, which allows man-in-the-middle attackers to spoof servers via a crafted...
NodejsNode.jsSuseLinux Enterprise
445
VMScore
CVE-2018-12249
An issue was discovered in mruby 1.4.1. There is a NULL pointer dereference in mrb_class_real because "class BasicObject" is not properly supported in class.c....
Mruby
668
VMScore
CVE-2018-11743
The init_copy function in kernel.c in mruby 1.4.1 makes initialize_copy calls for TT_ICLASS objects, which allows attackers to cause a denial of service (mrb_hash_keys uninitialized pointer and application crash) or possibly have unspecified other impact....
Mruby
445
VMScore
CVE-2018-12247
An issue was discovered in mruby 1.4.1. There is a NULL pointer dereference in mrb_class, related to certain .clone usage, because mrb_obj_clone in kernel.c copies flags other than the MRB_FLAG_IS_FROZEN flag (e.g., the embedded flag)....
Mruby
668
VMScore
CVE-2018-10199
In versions of mruby up to and including 1.4.0, a use-after-free vulnerability exists in src/io.c::File#initilialize_copy(). An attacker that can cause Ruby code to be run can possibly use this to execute arbitrary code....
Mruby
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-6809firefoxCVE-2020-0796firewallCVE-2020-8816frozennodeCVE-2015-7333mozillaCVE-2020-8910photoshop 2020CVE-2020-6806mass assignmentCSRF