Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
compound vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2019-20809
The price oracle in PriceOracle.sol in Compound Finance Compound Price Oracle 1.0 up to and including 2.0 allows a price poster to set an invalid asset price via the setPrice function, and consequently violate the intended limits on price swings.
Compound Price Oracle
NA
CVE-2023-52442
In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate session id and tree id in compound request `smb2_get_msg()` in smb2_get_ksmbd_tcon() and smb2_check_user_session() will always return the first request smb2 header in a compound request. if `SMB2_...
NA
CVE-2015-4655
Cross-site scripting (XSS) vulnerability in Synology DiskStation Manager (DSM) prior to 5.2-5565 Update 1 allows remote malicious users to inject arbitrary web script or HTML via the "compound" parameter to entry.cgi.
Synology Diskstation Manager
NA
CVE-2009-3930
Multiple integer overflows in Christos Zoulas file prior to 5.02 allow user-assisted remote malicious users to have an unspecified impact via a malformed compound document (aka cdf) file that triggers a buffer overflow.
Christos Zoulas File 5.00
Christos Zoulas File 4.26
Christos Zoulas File 4.17
Christos Zoulas File 4.16
Christos Zoulas File 4.15
Christos Zoulas File 4.07
Christos Zoulas File 4.06
Christos Zoulas File 3.39
Christos Zoulas File 3.38
Christos Zoulas File
Christos Zoulas File 4.23
Christos Zoulas File 4.21
Christos Zoulas File 4.12
Christos Zoulas File 4.11
Christos Zoulas File 4.02
Christos Zoulas File 4.01
Christos Zoulas File 3.34
Christos Zoulas File 3.33
Christos Zoulas File 4.20
Christos Zoulas File 4.19
Christos Zoulas File 4.09
Christos Zoulas File 4.08
6.5
CVSSv3
CVE-2018-20802
A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries with compound indexes affecting QueryPlanner. This issue affects MongoDB Server v3.6 versions before 3.6.9 and MongoDB Server v4.0 versions before 4.0.3.
Mongodb Mongodb
7.8
CVSSv3
CVE-2016-5646
An exploitable heap overflow vulnerability exists in the Compound Binary File Format (CBFF) parser functionality of Lexmark Perceptive Document Filters library. A specially crafted CBFF file can cause a code execution. An attacker can send a malformed file to trigger this vulnera...
Lexmark Perceptive Document Filters 11.2.0.1732
NA
CVE-2005-1678
Groove Virtual Office prior to 3.1 build 2338, prior to 3.1a build 2364, and Groove Workspace prior to 2.5n build 1871 does not properly display file extensions on attached or embedded files in a compound document, which may allow remote malicious users to trick users into execut...
Groove Groove Workspace
Groove Virtual Office
5.5
CVSSv3
CVE-2018-5201
Hancom Office 2018 10.0.0.8214 and previous versions, Hancom Office NEO 9.6.1.10472 and previous versions, Hancom Office 2014 9.1.1.4540 and previous versions, Hancom Office 2010 8.5.8.1724 and previous versions versions have a heap overflow vulnerability when handling Compound F...
Hancom Hancom Office 2018
Hancom Hancom Office 2014
Hancom Hancom Office 2010
Hancom Hancom Office Neo
NA
CVE-2010-3475
IBM DB2 9.7 before FP3 does not properly enforce privilege requirements for execution of entries in the dynamic SQL cache, which allows remote authenticated users to bypass intended access restrictions by leveraging the cache to execute an UPDATE statement contained in a compiled...
Ibm Db2 9.7
Ibm Db2 9.7.0.1
Ibm Db2 9.7.0.2
NA
CVE-2007-0026
The OLE Dialog component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 allows user-assisted remote malicious users to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption.
Microsoft Windows 2000
Microsoft Windows 2003 Server Sp1
Microsoft Windows Xp
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »