Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
security news vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv3
CVE-2019-18634
In Sudo prior to 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages...
Sudo Project Sudo
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
26 Github repositories
1 Article
NA
CVE-2012-1939
jsinfer.cpp in Mozilla Firefox ESR 10.x prior to 10.0.5 and Thunderbird ESR 10.x prior to 10.0.5 does not properly determine data types, which allows remote malicious users to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code v...
Mozilla Firefox Esr 10.0.1
Mozilla Firefox Esr 10.0.2
Mozilla Firefox Esr 10.0.3
Mozilla Firefox Esr 10.0.4
Mozilla Firefox Esr 10.0
Mozilla Thunderbird Esr 10.0.3
Mozilla Thunderbird Esr 10.0.4
Mozilla Thunderbird Esr 10.0
Mozilla Thunderbird Esr 10.0.1
Mozilla Thunderbird Esr 10.0.2
7.4
CVSSv3
CVE-2021-3712
ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated...
Openssl Openssl
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Netapp Santricity Smi-s Provider -
Netapp Clustered Data Ontap -
Netapp Clustered Data Ontap Antivirus Connector -
Netapp Solidfire -
Netapp Hci Management Node -
Netapp Manageability Software Development Kit -
Netapp Storage Encryption -
Netapp E-series Santricity Os Controller
Mcafee Epolicy Orchestrator 5.10.0
Mcafee Epolicy Orchestrator
Tenable Tenable.sc
Tenable Nessus Network Monitor
Oracle Peoplesoft Enterprise Peopletools 8.57
Oracle Peoplesoft Enterprise Peopletools 8.58
Oracle Zfs Storage Appliance Kit 8.8
Oracle Peoplesoft Enterprise Peopletools 8.59
Oracle Mysql Server
Oracle Mysql Workbench
2 Github repositories
8.8
CVSSv3
CVE-2019-8556
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.
Apple Icloud
Apple Itunes
Apple Safari
Apple Iphone Os
Apple Tvos
1 Article
8.8
CVSSv3
CVE-2019-7285
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.
Apple Icloud
Apple Itunes
Apple Safari
Apple Iphone Os
Apple Tvos
1 Article
NA
CVE-2014-5204
wp-includes/pluggable.php in WordPress prior to 3.9.2 rejects invalid CSRF nonces with a different timing depending on which characters in the nonce are incorrect, which makes it easier for remote malicious users to bypass a CSRF protection mechanism via a brute-force attack.
Debian Debian Linux 7.0
Wordpress Wordpress 3.9.0
Wordpress Wordpress
NA
CVE-2014-6495
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and previous versions, and 5.6.19 and previous versions, allows remote malicious users to affect availability via vectors related to SERVER:SSL:yaSSL.
Oracle Mysql
Oracle Solaris 11.3
Juniper Junos Space
Mariadb Mariadb
Suse Linux Enterprise Server 12
Suse Linux Enterprise Software Development Kit 12
Suse Linux Enterprise Desktop 12
Suse Linux Enterprise Workstation Extension 12
NA
CVE-2012-5615
Oracle MySQL 5.5.38 and previous versions, 5.6.19 and previous versions, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote malicious ...
Mariadb Mariadb 5.5.28a
Oracle Mysql 5.5.19
Mariadb Mariadb 5.2.13
Mariadb Mariadb 5.1.66
Mariadb Mariadb 5.3.11
2 EDB exploits
NA
CVE-2014-5266
The Incutio XML-RPC (IXR) Library, as used in WordPress prior to 3.9.2 and Drupal 6.x prior to 6.33 and 7.x prior to 7.31, does not limit the number of elements in an XML document, which allows remote malicious users to cause a denial of service (CPU consumption) via a large docu...
Wordpress Wordpress 3.0
Wordpress Wordpress 3.0.1
Wordpress Wordpress 3.0.2
Wordpress Wordpress 3.0.3
Wordpress Wordpress 3.3.1
Wordpress Wordpress 3.3.2
Wordpress Wordpress 3.3.3
Wordpress Wordpress 3.4.0
Wordpress Wordpress 3.0.4
Wordpress Wordpress 3.0.6
Wordpress Wordpress 3.2
Wordpress Wordpress 3.3
Wordpress Wordpress 3.4.1
Wordpress Wordpress 3.5.0
Wordpress Wordpress 3.8.1
Wordpress Wordpress
Wordpress Wordpress 3.1.1
Wordpress Wordpress 3.1.2
Wordpress Wordpress 3.1.3
Wordpress Wordpress 3.1.4
Wordpress Wordpress 3.6
Wordpress Wordpress 3.6.1
8.8
CVSSv3
CVE-2019-8536
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.
Apple Icloud
Apple Itunes
Apple Safari
Apple Iphone Os
Apple Tvos
Apple Watchos
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux Workstation 7.0
1 Article
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »