Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
allegro vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv3
CVE-2021-42110
An issue exists in Allegro Windows (formerly Popsy Windows) prior to 3.3.4156.1. A standard user can escalate privileges to SYSTEM if the FTP module is installed, because of DLL hijacking.
Allegro Allegro
8.1
CVSSv3
CVE-2021-43978
Allegro WIndows 3.3.4152.0, embeds software administrator database credentials into its binary files, which allows users to access and modify data using the same credentials.
Allegro Allegro 3.3.4152.0
5.9
CVSSv3
CVE-2023-25392
Allegro Tech BigFlow <1.6 is vulnerable to Missing SSL Certificate Validation.
Allegro Bigflow
6.5
CVSSv3
CVE-2021-36489
Buffer Overflow vulnerability in Allegro up to and including 5.2.6 allows malicious users to cause a denial of service via crafted PCX/TGA/BMP files to allegro_image addon.
Liballeg Allegro
NA
CVE-2000-0470
Allegro RomPager HTTP server allows remote malicious users to cause a denial of service via a malformed authentication request.
Allegro Rom Pager 2.10
1 EDB exploit
NA
CVE-2014-9222
AllegroSoft RomPager 4.34 and previous versions, as used in Huawei Home Gateway products and other vendors and products, allows remote malicious users to gain privileges via a crafted cookie that triggers memory corruption, aka the "Misfortune Cookie" vulnerability.
Allegrosoft Rompager
4 Metasploit modules
1 Nmap script
3 Github repositories
2 Articles
7.1
CVSSv3
CVE-2024-24595
Allegro AI’s open-source version of ClearML stores passwords in plaintext within the MongoDB instance, resulting in a compromised server leaking all user emails and passwords.
Clear Clearml -
9.8
CVSSv3
CVE-2024-24592
Lack of authentication in all versions of the fileserver component of Allegro AI’s ClearML platform allows a remote malicious user to arbitrarily access, create, modify and delete files.
Clear Clearml
8.8
CVSSv3
CVE-2024-24590
Deserialization of untrusted data can occur in versions 0.17.0 to 1.14.2 of the client SDK of Allegro AI’s ClearML platform, enabling a maliciously uploaded artifact to run arbitrary code on an end user’s system when interacted with.
Clear Clearml
8.8
CVSSv3
CVE-2024-24591
A path traversal vulnerability in versions 1.4.0 to 1.14.1 of the client SDK of Allegro AI’s ClearML platform enables a maliciously uploaded dataset to write local or remote files to an arbitrary location on an end user’s system when interacted with.
Clear Clearml
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028
CVE-2024-32406
CVE-2024-25624
IMAP
CVE-2024-2310
CVE-2024-0874
CVE-2024-20359
XXE
remote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »