Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ansible tower vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2017-12652
libpng prior to 1.6.32 does not properly check the length of chunks against the user limit.
Libpng Libpng
Netapp Active Iq Unified Manager -
7.5
CVSSv3
CVE-2019-18874
psutil (aka python-psutil) up to and including 5.6.5 can have a double free. This occurs because of refcount mishandling within a while or for loop that converts system data into a Python object.
Psutil Project Psutil
7.3
CVSSv3
CVE-2019-14866
In all versions of cpio prior to 2.13 does not properly validate input files when generating TAR archives. When cpio is used to create TAR archives from paths an attacker can write to, the resulting archive may contain files with permissions the attacker did not have or in paths ...
Gnu Cpio
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 8.0
8.1
CVSSv3
CVE-2019-17498
In libssh2 v1.9.0 and previous versions versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an malicious user to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclo...
Libssh2 Libssh2
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Opensuse Leap 15.1
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Netapp Element Software -
Netapp Ontap Select Deploy Administration Utility -
Netapp Solidfire -
Netapp Hci Management Node -
Netapp Active Iq Unified Manager -
Netapp Bootstrap Os -
1 Github repository
9.1
CVSSv3
CVE-2020-12403
A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS in versions prior to 3.55. When using multi-part Chacha20, it could cause out-of-bounds reads. This issue was fixed by explicitly disabling multi-part ChaCha20 (which was not functioning correctly) and strictly ...
Mozilla Nss
2 Github repositories
8.8
CVSSv3
CVE-2019-17546
tif_getimage.c in LibTIFF up to and including 4.0.10, as used in GDAL up to and including 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a "Negative-size-param" condition.
Libtiff Libtiff
Osgeo Gdal
4.7
CVSSv3
CVE-2020-12401
During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed, resulting in variable-time execution dependent on secret data. This vulnerability affects Firefox < 80 and Firefox for Android < 80.
Mozilla Firefox
7.3
CVSSv3
CVE-2020-7720
The package node-forge prior to 0.10.0 is vulnerable to Prototype Pollution via the util.setPath function. Note: Version 0.10.0 is a breaking change removing the vulnerable functions.
Digitalbazaar Forge
1 Github repository
2.4
CVSSv3
CVE-2019-20386
An issue exists in button_open in login/logind-button.c in systemd prior to 243. When executing the udevadm trigger command, a memory leak may occur.
Systemd Project Systemd
Canonical Ubuntu Linux 18.04
Fedoraproject Fedora 30
Opensuse Leap 15.1
Canonical Ubuntu Linux 19.10
Canonical Ubuntu Linux 16.04
Netapp Cloud Backup -
Netapp Steelstore Cloud Integrated Storage -
Netapp Active Iq Unified Manager -
7.1
CVSSv3
CVE-2020-5313
libImaging/FliDecode.c in Pillow prior to 6.2.2 has an FLI buffer overflow.
Python Pillow
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 18.04
Fedoraproject Fedora 30
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 19.10
Fedoraproject Fedora 31
Canonical Ubuntu Linux 16.04
2 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »