Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
allegro vulnerabilities and exploits
(subscribe to this query)
6.2
CVSSv2
CVE-2021-42110
An issue exists in Allegro Windows (formerly Popsy Windows) prior to 3.3.4156.1. A standard user can escalate privileges to SYSTEM if the FTP module is installed, because of DLL hijacking.
Allegro Allegro
5.5
CVSSv2
CVE-2021-43978
Allegro WIndows 3.3.4152.0, embeds software administrator database credentials into its binary files, which allows users to access and modify data using the same credentials.
Allegro Allegro 3.3.4152.0
NA
CVE-2021-36489
Buffer Overflow vulnerability in Allegro up to and including 5.2.6 allows malicious users to cause a denial of service via crafted PCX/TGA/BMP files to allegro_image addon.
Liballeg Allegro
NA
CVE-2023-25392
Allegro Tech BigFlow <1.6 is vulnerable to Missing SSL Certificate Validation.
Allegro Bigflow
7.5
CVSSv2
CVE-2000-0470
Allegro RomPager HTTP server allows remote malicious users to cause a denial of service via a malformed authentication request.
Allegro Rom Pager 2.10
1 EDB exploit
10
CVSSv2
CVE-2014-9222
AllegroSoft RomPager 4.34 and previous versions, as used in Huawei Home Gateway products and other vendors and products, allows remote malicious users to gain privileges via a crafted cookie that triggers memory corruption, aka the "Misfortune Cookie" vulnerability.
Allegrosoft Rompager
4 Metasploit modules
1 Nmap script
3 Github repositories
2 Articles
NA
CVE-2024-24595
Allegro AI’s open-source version of ClearML stores passwords in plaintext within the MongoDB instance, resulting in a compromised server leaking all user emails and passwords.
Clear Clearml -
NA
CVE-2024-24592
Lack of authentication in all versions of the fileserver component of Allegro AI’s ClearML platform allows a remote malicious user to arbitrarily access, create, modify and delete files.
Clear Clearml
NA
CVE-2024-24590
Deserialization of untrusted data can occur in versions 0.17.0 to 1.14.2 of the client SDK of Allegro AI’s ClearML platform, enabling a maliciously uploaded artifact to run arbitrary code on an end user’s system when interacted with.
Clear Clearml
NA
CVE-2024-24591
A path traversal vulnerability in versions 1.4.0 to 1.14.1 of the client SDK of Allegro AI’s ClearML platform enables a maliciously uploaded dataset to write local or remote files to an arbitrary location on an end user’s system when interacted with.
Clear Clearml
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »