Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
anchor vulnerabilities and exploits
(subscribe to this query)
1000
VMScore
CVE-2017-7494
Samba since version 3.5.0 and prior to 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.
Samba Samba
Debian Debian Linux 8.0
2 EDB exploits
2 Nmap scripts
129 Github repositories
3 Articles
958
VMScore
CVE-2018-11776
Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or...
Apache Struts
3 EDB exploits
45 Github repositories
3 Articles
828
VMScore
CVE-2009-1708
Apple Safari prior to 4.0 does not prevent calls to the open-help-anchor URL handler by web sites, which allows remote malicious users to open arbitrary local help files, and execute arbitrary code or obtain sensitive information, via a crafted call.
Apple Safari 3.1.2
Apple Safari 3.2.1
Apple Safari 0.9
Apple Safari 1.3.2
Apple Safari 1.2
Apple Safari 3.0.4
Apple Safari 3.0.3
Apple Safari 1.3.1
Apple Safari 2.0.4
Apple Safari 3.0
Apple Safari 3.2.3
Apple Safari 1.1
Apple Safari
Apple Safari 3.1
Apple Safari 2.0
Apple Safari 3.0.2
Apple Safari 1.0.3
Apple Safari 1.0
Apple Safari 2.0.2
Apple Safari 3.1.1
Apple Safari 1.3
Apple Safari 0.8
801
VMScore
CVE-2019-1862
A vulnerability in the web-based user interface (Web UI) of Cisco IOS XE Software could allow an authenticated, remote malicious user to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability occurs because the affected softwa...
Cisco Ios Xe 16.3.7
1 Article
755
VMScore
CVE-2004-1104
Microsoft Internet Explorer 6.0 SP2 allows remote malicious users to spoof a legitimate URL in the status bar and conduct a phishing attack via a web page that contains a BASE element that points to the legitimate site, followed by an anchor (a) element with an empty "href&q...
Microsoft Ie 6.0
1 EDB exploit
750
VMScore
CVE-2017-17428
Cavium Nitrox SSL, Nitrox V SSL, and TurboSSL software development kits (SDKs) allow remote malicious users to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack.
Cavium Nitrox V Ssl Sdk
Cavium Nitrox Ssl Sdk
Cavium Turbossl Sdk
Cavium Octeon Ssl Sdk
Cavium Octeon Sdk
Cisco Webex Meetings T31
Cisco Webex Meetings T32
Cisco Webex Conect Im 7.24.1
Cisco Ace4710 Application Control Engine Firmware 3.0(0)a5(2.0)
Cisco Ace4710 Application Control Engine Firmware 3.0(0)a5(3.0)
Cisco Ace4710 Application Control Engine Firmware 3.0(0)a5(3.5)
Cisco Ace30 Application Control Engine Module Firmware 3.0(0)a5(2.0)
Cisco Ace30 Application Control Engine Module Firmware 3.0(0)a5(3.0)
Cisco Ace30 Application Control Engine Module Firmware 3.0(0)a5(3.5)
Cisco Adaptive Security Appliance 5520 Firmware 9.1(7.16)
Cisco Adaptive Security Appliance 5540 Firmware 9.1(7.16)
Cisco Adaptive Security Appliance 5550 Firmware 9.1(7.16)
Cisco Adaptive Security Appliance 5510 Firmware 9.1(7.16)
Cisco Adaptive Security Appliance 5505 Firmware 9.1(7.16)
720
VMScore
CVE-2022-22965
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e....
Vmware Spring Framework
Cisco Cx Cloud Agent
Oracle Sd-wan Edge 9.0
Oracle Retail Xstore Point Of Service 20.0.1
Oracle Communications Cloud Native Core Security Edge Protection Proxy 1.7.0
Oracle Financial Services Analytical Applications Infrastructure 8.1.1
Oracle Sd-wan Edge 9.1
Siemens Siveillance Identity 1.6
Siemens Siveillance Identity 1.5
Siemens Sipass Integrated 2.85
Siemens Sipass Integrated 2.80
Oracle Product Lifecycle Analytics 3.6.1
Oracle Financial Services Enterprise Case Management 8.1.1.0
Oracle Financial Services Enterprise Case Management 8.1.1.1
Oracle Financial Services Behavior Detection Platform 8.1.2.0
Oracle Financial Services Behavior Detection Platform 8.1.1.1
Oracle Financial Services Behavior Detection Platform 8.1.1.0
Oracle Communications Cloud Native Core Console 1.9.0
Oracle Communications Cloud Native Core Policy 1.15.0
Oracle Communications Cloud Native Core Unified Data Repository 1.15.0
Oracle Communications Cloud Native Core Unified Data Repository 22.1.0
Oracle Communications Cloud Native Core Security Edge Protection Proxy 22.1.0
175 Github repositories
7 Articles
691
VMScore
CVE-2017-9805
The REST Plugin in Apache Struts 2.1.1 up to and including 2.3.x prior to 2.3.34 and 2.5.x prior to 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads.
Apache Struts 2.3.1.1
Apache Struts 2.5.9
Apache Struts 2.2.3.1
Apache Struts 2.3.28
Apache Struts 2.3.15
Apache Struts 2.5.2
Apache Struts 2.3.14
Apache Struts 2.3.32
Apache Struts 2.2.1
Apache Struts 2.3.16
Apache Struts 2.5.10
Apache Struts 2.3.24.1
Apache Struts 2.5.6
Apache Struts 2.1.8.1
Apache Struts 2.3.3
Apache Struts 2.3.16.3
Apache Struts 2.3.4
Apache Struts 2.1.3
Apache Struts 2.1.2
Apache Struts 2.1.5
Apache Struts 2.3.24.3
Apache Struts 2.3.15.2
1 EDB exploit
20 Github repositories
3 Articles
668
VMScore
CVE-2019-8531
A validation issue existed in Trust Anchor Management. This issue was addressed with improved validation. This issue is fixed in watchOS 5.2, macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, iOS 12.2. An untrusted radius server certific...
Apple Mac Os X
Apple Iphone Os
Apple Watchos
668
VMScore
CVE-2017-16861
It was possible for double OGNL evaluation in certain redirect action and in WebWork URL and Anchor tags in JSP files to occur. An attacker who can access the web interface of Fisheye or Crucible or who hosts a website that a user who can access the web interface of Fisheye or Cr...
Atlassian Fisheye
Atlassian Crucible
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »