Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bootstrap vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2019-17095
A command injection vulnerability has been discovered in the bootstrap stage of Bitdefender BOX 2, versions 2.1.47.42 and 2.1.53.45. The API method `/api/download_image` unsafely handles the production firmware URL supplied by remote servers, leading to arbitrary execution of sys...
Bitdefender Box 2 Firmware 2.1.47.42
Bitdefender Box 2 Firmware 2.1.53.45
10
CVSSv2
CVE-2019-10842
Arbitrary code execution (via backdoor code) exists in bootstrap-sass 3.2.0.3, when downloaded from rubygems.org. An unauthenticated attacker can craft the ___cfduid cookie value with base64 arbitrary code to be executed via eval(), which can be leveraged to execute arbitrary cod...
Getbootstrap Bootstrap-sass 3.2.0.3
1 Github repository
10
CVSSv2
CVE-2017-3831
A vulnerability in the web-based GUI of Cisco Mobility Express 1800 Series Access Points could allow an unauthenticated, remote malicious user to bypass authentication. The attacker could be granted full administrator privileges. The vulnerability is due to improper implementatio...
Cisco Aironet Access Point Software 8.1\\(112.3\\)
Cisco Aironet Access Point Software 8.1\\(112.4\\)
Cisco Aironet Access Point Software 8.1\\(15.14\\)
Cisco Aironet Access Point Software 8.1\\(131.0\\)
9.3
CVSSv2
CVE-2017-18641
In LXC 2.0, many template scripts download code over cleartext HTTP, and omit a digital-signature check, before running it to bootstrap containers.
Linuxcontainers Lxc 2.0.0
9.3
CVSSv2
CVE-2019-17096
A OS Command Injection vulnerability in the bootstrap stage of Bitdefender BOX 2 allows the manipulation of the `get_image_url()` function in special circumstances to inject a system command.
Bitdefender Box 2 Firmware -
Bitdefender Central
8.3
CVSSv2
CVE-2018-0167
Multiple Buffer Overflow vulnerabilities in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, adjacent malicious user to cause a denial of service (DoS) condition or execute a...
Cisco Ios Xr 5.2.0.base
Cisco Ios 5.2.0.base
Cisco Ios Xe 5.2.0.base
7.9
CVSSv2
CVE-2018-0175
Format String vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, adjacent malicious user to cause a denial of service (DoS) condition or execute arbitrary code...
Cisco Ios 15.4\\(3\\)m4.1
Cisco Ios Xe 15.4\\(3\\)m4.1
Cisco Ios Xr 15.4\\(3\\)m4.1
Cisco Ios Xe 15.4\\(3\\)m4.1
Cisco Ios Xr 15.4\\(3\\)m4.1
7.9
CVSSv2
CVE-2017-5661
In Apache FOP prior to 2.2, files lying on the filesystem of the server which uses FOP can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the use...
Apache Formatting Objects Processor
7.8
CVSSv2
CVE-2018-0136
A vulnerability in the IPv6 subsystem of Cisco IOS XR Software Release 5.3.4 for the Cisco Aggregation Services Router (ASR) 9000 Series could allow an unauthenticated, remote malicious user to trigger a reload of one or more Trident-based line cards, resulting in a denial of ser...
Cisco Ios Xr 5.3.4
7.8
CVSSv2
CVE-2016-6355
Memory leak in Cisco IOS XR 5.1.x up to and including 5.1.3, 5.2.x up to and including 5.2.5, and 5.3.x up to and including 5.3.2 on ASR 9001 devices allows remote malicious users to cause a denial of service (control-plane protocol outage) via crafted fragmented packets, aka Bug...
Cisco Ios Xr 5.1.3
Cisco Ios Xr 5.2.0
Cisco Ios Xr 5.3.2
Cisco Ios Xr 5.2.3
Cisco Ios Xr 5.2.1
Cisco Ios Xr 5.2.2
Cisco Ios Xr 5.2.5
Cisco Ios Xr 5.1.1
Cisco Ios Xr 5.1.2
Cisco Ios Xr 5.3.1
Cisco Ios Xr 5.2.4
Cisco Ios Xr 5.1.0
Cisco Ios Xr 5.3.0
Cisco Ios Xr 5.1.1.k9sec
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »