Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

CVE-2021-35587 vulnerabilities and exploits

(subscribe to this query)

7.5
CVE-2022-24999
qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an __ proto__ key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack...
Qs Project QsQs Project Qs 6.4.0Qs Project Qs 6.6.0Openjsf ExpressDebian Debian Linux 10.0
NA
CVE-2022-23093
Security Advisory The FreeBSD Project: Stack overflow in ping. ping reads raw IP packets from the network to process responses in the pr_pack() function. As part of processing a response ping has to reconstruct the IP header, the ICMP header and if present a "quoted...
8.7
CVE-2022-31097
Grafana is an open-source platform for monitoring and observability. Versions on the 8.x and 9.x branch prior to 9.0.3, 8.5.9, 8.4.10, and 8.3.10 are vulnerable to stored cross-site scripting via the Unified Alerting feature of Grafana. An attacker can exploit this vulnerability...
Grafana GrafanaNetapp E-series Performance Analyzer -
10
CVSSv3
CVE-2017-5638
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type,...
Apache Struts 2.3.11Apache Struts 2.3.12Apache Struts 2.3.15.1Apache Struts 2.3.15.2Apache Struts 2.3.19Apache Struts 2.3.20Apache Struts 2.3.20.1Apache Struts 2.3.24.1Apache Struts 2.3.24.2Apache Struts 2.3.29Apache Struts 2.3.30Apache Struts 2.3.10Apache Struts 2.3.14.3Apache Struts 2.3.15Apache Struts 2.3.16.3Apache Struts 2.3.17Apache Struts 2.3.23Apache Struts 2.3.24Apache Struts 2.3.28Apache Struts 2.3.28.1Apache Struts 2.3.8Apache Struts 2.3.9Apache Struts 2.3.13Apache Struts 2.3.14Apache Struts 2.3.15.3Apache Struts 2.3.16Apache Struts 2.3.20.2Apache Struts 2.3.20.3Apache Struts 2.3.24.3Apache Struts 2.3.25Apache Struts 2.3.31Apache Struts 2.3.5Apache Struts 2.3.14.1Apache Struts 2.3.14.2Apache Struts 2.3.16.1Apache Struts 2.3.16.2Apache Struts 2.3.21Apache Struts 2.3.22Apache Struts 2.3.26Apache Struts 2.3.27Apache Struts 2.3.6Apache Struts 2.3.7Apache Struts 2.5.4Apache Struts 2.5.6Apache Struts 2.5.7Apache Struts 2.5.10Apache Struts 2.5.3Apache Struts 2.5.5Apache Struts 2.5.8Apache Struts 2.5.9Apache Struts 2.5Apache Struts 2.5.1Apache Struts 2.5.2
7.5
CVE-2022-3602
A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to...
Openssl OpensslFedoraproject Fedora 36Fedoraproject Fedora 37Netapp Clustered Data Ontap -Fedoraproject Fedora 26Fedoraproject Fedora 27Nodejs Node.js 19.0.0Nodejs Node.js 18.12.0Nodejs Node.js
9.8
CVE-2022-4116
A vulnerability was found in quarkus. This security flaw happens in Dev UI Config Editor which is vulnerable to drive-by localhost attacks leading to remote code execution....
Redhat Build Of Quarkus -Quarkus Quarkus
8.2
CVE-2022-4020
Vulnerability in the HQSwSmiDxe DXE driver on some consumer Acer Notebook devices may allow an attacker with elevated privileges to modify UEFI Secure Boot settings by modifying an NVRAM variable....
Acer Aspire A315-22g Firmware -Acer Aspire A115-21 Firmware -Acer Aspire A315-22 Firmware -Acer Extensa Ex215-21 Firmware -Acer Extensa Ex215-21g Firmware -
9.6
CVE-2022-4135
Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)...
Google ChromeMicrosoft EdgeMicrosoft Edge Chromium
9.8
CVSSv3
CVE-2020-2883
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via...
Oracle Weblogic Server 12.1.3.0.0Oracle Weblogic Server 10.3.6.0.0Oracle Weblogic Server 12.2.1.3.0Oracle Weblogic Server 12.2.1.4.0
9.1
CVSSv3
CVE-2020-3187
A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct directory traversal attacks and obtain read and delete access to...
Cisco Firepower Threat DefenseCisco Asa 5505 Firmware 9.6\\(4\\)Cisco Asa 5510 Firmware 9.6\\(4\\)Cisco Asa 5512-x Firmware 9.6\\(4\\)Cisco Asa 5515-x Firmware 9.6\\(4\\)Cisco Asa 5520 Firmware 9.6\\(4\\)Cisco Asa 5525-x Firmware 9.6\\(4\\)Cisco Asa 5540 Firmware 9.6\\(4\\)Cisco Asa 5545-x Firmware 9.6\\(4\\)Cisco Asa 5550 Firmware 9.6\\(4\\)Cisco Asa 5555-x Firmware 9.6\\(4\\)Cisco Asa 5580 Firmware 9.6\\(4\\)Cisco Asa 5585-x Firmware 9.6\\(4\\)Cisco Adaptive Security Appliance
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversalCVE-2023-21068CVE-2023-21077unspecifiedCVE-2023-21070CVE-2023-21016file upload
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook