Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
qualys security advisory vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2020-28014
Exim 4 prior to 4.94.2 allows Execution with Unnecessary Privileges. The -oP option is available to the exim user, and allows a denial of service because root-owned files can be overwritten.
Exim Exim
9.8
CVSSv3
CVE-2020-28022
Exim 4 prior to 4.94.2 has Improper Restriction of Write Operations within the Bounds of a Memory Buffer. This occurs when processing name=value pairs within MAIL FROM and RCPT TO commands.
Exim Exim
7.5
CVSSv3
CVE-2020-28023
Exim 4 prior to 4.94.2 allows Out-of-bounds Read. smtp_setup_msg may disclose sensitive information from process memory to an unauthenticated SMTP client.
Exim Exim
9.8
CVSSv3
CVE-2020-28024
Exim 4 prior to 4.94.2 allows Buffer Underwrite that may result in unauthenticated remote attackers executing arbitrary commands, because smtp_ungetc was only intended to push back characters, but can actually push back non-character error codes such as EOF.
Exim Exim
7.5
CVSSv3
CVE-2020-28025
Exim 4 prior to 4.94.2 allows Out-of-bounds Read because pdkim_finish_bodyhash does not validate the relationship between sig->bodyhash.len and b->bh.len; thus, a crafted DKIM-Signature header might lead to a leak of sensitive information from process memory.
Exim Exim
9.8
CVSSv3
CVE-2020-28026
Exim 4 prior to 4.94.2 has Improper Neutralization of Line Delimiters, relevant in non-default configurations that enable Delivery Status Notification (DSN). Certain uses of ORCPT= can place a newline into a spool header file, and indirectly allow unauthenticated remote malicious...
Exim Exim
2 Github repositories
7.5
CVSSv3
CVE-2020-28019
Exim 4 prior to 4.94.2 has Improper Initialization that can lead to recursion-based stack consumption or other consequences. This occurs because use of certain getc functions is mishandled when a client uses BDAT instead of DATA.
Exim Exim
7.8
CVSSv3
CVE-2020-28008
Exim 4 prior to 4.94.2 allows Execution with Unnecessary Privileges. Because Exim operates as root in the spool directory (owned by a non-root user), an attacker can write to a /var/spool/exim4/input spool header file, in which a crafted recipient address can indirectly lead to c...
Exim Exim
5.3
CVSSv3
CVE-2022-39046
An issue exists in the GNU C Library (glibc) 2.36. When the syslog function is passed a crafted input string larger than 1024 bytes, it reads uninitialized memory from the heap and prints it to the target log file, potentially revealing a portion of the contents of the heap.
Gnu Glibc 2.36
Netapp H300s Firmware -
Netapp H500s Firmware -
Netapp H700s Firmware -
Netapp H410s Firmware -
Netapp H410c Firmware -
Netapp Ontap Select Deploy Administration Utility -
5.5
CVSSv3
CVE-2021-3995
A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows an unprivileged local malicious user to unmount FUSE filesystems that belong to certain other users who have a UID that is...
Kernel Util-linux
Fedoraproject Fedora 35
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49333
CVE-2024-33901
CVE-2024-36001
CVE-2024-2835
firewall
XPath injection
authentication bypass
CVE-2024-22120
CVE-2024-32002
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »