Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
compound vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2009-1515
Heap-based buffer overflow in the cdf_read_sat function in src/cdf.c in Christos Zoulas file 5.00 allows user-assisted remote malicious users to execute arbitrary code via a crafted compound document file, as demonstrated by a .msi, .doc, or .mpp file. NOTE: some of these details...
Christos Zoulas File 5.00
NA
CVE-2010-0126
Heap-based buffer overflow in an unspecified library in Autonomy KeyView 10.4 and 10.9, as used in multiple IBM, Symantec, and other products, allows remote malicious users to execute arbitrary code via a crafted compound file, as demonstrated using a Quattro Pro file, which is n...
Autonomy Keyview Export Sdk 10.9
Autonomy Keyview Filter Sdk 10.4
Autonomy Keyview Export Sdk 10.4
Autonomy Keyview Viewer Sdk 10.9
Autonomy Keyview Filter Sdk 10.9
Autonomy Keyview Viewer Sdk 10.4
NA
CVE-2005-0063
The document processing application used by the Windows Shell in Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote malicious users to execute arbitrary code by modifying the CLSID stored in a file so that it is processed by HTML Application Host (MSHTA), a...
Microsoft Windows 2003 Server Standard
Microsoft Windows 2003 Server Web
Microsoft Windows Xp
Microsoft Windows 2000
Microsoft Windows 98
Microsoft Windows 98se
Microsoft Windows Me
Microsoft Windows 2003 Server Enterprise
Microsoft Windows 2003 Server R2
1 EDB exploit
9.8
CVSSv3
CVE-2022-47939
An issue exists in ksmbd in the Linux kernel 5.15 up to and including 5.19 prior to 5.19.2. fs/ksmbd/smb2pdu.c has a use-after-free and OOPS for SMB2_TREE_DISCONNECT.
Linux Linux Kernel
NA
CVE-2005-0044
The OLE component in Windows 98, 2000, XP, and Server 2003, and Exchange Server 5.0 through 2003, does not properly validate the lengths of messages for certain OLE data, which allows remote malicious users to execute arbitrary code, aka the "Input Validation Vulnerability.&...
Microsoft Exchange Server 5.0
Microsoft Windows 98
Microsoft Windows 98se
Microsoft Windows Xp
Microsoft Windows 2000
Microsoft Windows 2003 Server Enterprise
Microsoft Windows 2003 Server Enterprise 64-bit
Microsoft Windows Me
Microsoft Windows 2003 Server R2
Microsoft Windows 2003 Server Standard
Microsoft Windows 2003 Server Web
NA
CVE-2012-0213
The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and previous versions allows remote malicious users to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel D...
Apache Poi 3.8
Apache Poi 3.5
Apache Poi 3.1
Apache Poi 3.0.2
Apache Poi 3.0
Apache Poi 2.5.1
Apache Poi 2.5
Apache Poi 1.10
Apache Poi 1.8
Apache Poi 1.0.1
Apache Poi 1.0.0
Apache Poi 0.5
Apache Poi 0.4
Apache Poi
Apache Poi 3.7
Apache Poi 3.6
Apache Poi 3.2
Apache Poi 3.0.1
Apache Poi 2.0
Apache Poi 1.5
Apache Poi 1.2.0
Apache Poi 0.12.0
8.1
CVSSv3
CVE-2022-47943
An issue exists in ksmbd in the Linux kernel 5.15 up to and including 5.19 prior to 5.19.2. There is an out-of-bounds read and OOPS for SMB2_WRITE, when there is a large length in the zero DataOffset case.
Linux Linux Kernel
5.9
CVSSv3
CVE-2017-17664
A Remote Crash issue exists in Asterisk Open Source 13.x prior to 13.18.4, 14.x prior to 14.7.4, and 15.x prior to 15.1.4 and Certified Asterisk prior to 13.13-cert9. Certain compound RTCP packets cause a crash in the RTCP Stack.
Digium Asterisk
Digium Certified Asterisk 13.13
Digium Certified Asterisk
NA
CVE-2024-26640
In the Linux kernel, the following vulnerability has been resolved: tcp: add sanity checks to rx zerocopy TCP rx zerocopy intent is to map pages initially allocated from NIC drivers, not pages owned by a fs. This patch adds to can_map_frag() these additional checks: - Page must n...
9.8
CVSSv3
CVE-2020-11656
In SQLite up to and including 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.
Sqlite Sqlite
Netapp Ontap Select Deploy Administration Utility -
Oracle Communications Network Charging And Control 6.0.1
Oracle Communications Network Charging And Control
Oracle Communications Network Charging And Control 12.0.2
Oracle Enterprise Manager Ops Center 12.4.0.0
Oracle Hyperion Infrastructure Technology 11.1.2.4
Oracle Mysql
Oracle Mysql Workbench
Oracle Outside In Technology 8.5.4
Oracle Outside In Technology 8.5.5
Oracle Zfs Storage Appliance Kit 8.8
Oracle Communications Messaging Server 8.1
Siemens Sinec Infrastructure Network Services
Tenable Tenable.sc
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4946
CVE-2024-30309
CVE-2024-4761
CVE-2024-30051
type confusion
memory leak
CVE-2024-30293
reflected XSS
CVE-2024-3126
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »