Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
crlf vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2024-21899
An improper authentication vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to compromise the security of the system via a network. We have already fixed the vulnerability in the following versions...
Qnap Qts 5.1.3.2578
Qnap Quts Hero H5.1.3.2578
Qnap Qts 4.5.4.2627
Qnap Quts Hero H4.5.4.2626
Qnap Qts
Qnap Qutscloud
Qnap Quts Hero
3 Github repositories
1 Article
9.8
CVSSv3
CVE-2023-36049
.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
Microsoft .net Framework 2.0
Microsoft .net Framework 3.0
Microsoft .net Framework 3.5
Microsoft .net Framework 4.6.2
Microsoft .net Framework 4.7
Microsoft .net Framework 4.7.1
Microsoft .net Framework 4.7.2
Microsoft .net Framework 4.8
Microsoft .net Framework 4.8.1
Microsoft .net Framework 3.5.1
Microsoft .net 8.0.0
Microsoft .net
Microsoft Visual Studio 2022
9.8
CVSSv3
CVE-2021-42010
Heron versions <= 0.20.4-incubating allows CRLF log injection because of the lack of escaping in the log statements. Please update to version 0.20.5-incubating which addresses this issue.
Apache Heron
9.8
CVSSv3
CVE-2021-27132
SerComm AG Combo VD625 AGSOT_2.1.0 devices allow CRLF injection (for HTTP header injection) in the download function via the Content-Disposition header.
Sercomm Agcombo Vd625 Firmware Agsot 2.1.0
9.8
CVSSv3
CVE-2020-15690
In Nim prior to 1.2.6, the standard library asyncftpclient lacks a check for whether a message contains a newline character.
Nim-lang Nim
9.8
CVSSv3
CVE-2020-27619
In Python 3 up to and including 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP.
Python Python
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Oracle Communications Cloud Native Core Network Function Cloud Native Environment 22.2.0
9.8
CVSSv3
CVE-2014-8089
SQL injection vulnerability in Zend Framework prior to 1.12.9, 2.2.x prior to 2.2.8, and 2.3.x prior to 2.3.3, when using the sqlsrv PHP extension, allows remote malicious users to execute arbitrary SQL commands via a null byte.
Zend Zend Framework
Redhat Enterprise Linux 6.0
Redhat Enterprise Linux 7.0
Fedoraproject Fedora 19
Fedoraproject Fedora 20
Fedoraproject Fedora 21
9.8
CVSSv3
CVE-2019-19330
The HTTP/2 implementation in HAProxy prior to 2.0.10 mishandles headers, as demonstrated by carriage return (CR, ASCII 0xd), line feed (LF, ASCII 0xa), and the zero character (NUL, ASCII 0x0), aka Intermediary Encapsulation Attacks.
Haproxy Haproxy
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.04
Canonical Ubuntu Linux 19.10
Debian Debian Linux 10.0
9.8
CVSSv3
CVE-2019-10160
A security regression of CVE-2019-9636 exists in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an malicious user to exploit CVE-2019-9636 by abusing the user and password p...
Python Python
Python Python 3.8.0
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux Server Tus 7.6
Redhat Enterprise Linux Server Aus 7.6
Redhat Enterprise Linux Eus 7.6
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Opensuse Leap 15.0
Opensuse Leap 15.1
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 12.04
Redhat Virtualization 4.0
Netapp Cloud Backup -
9.8
CVSSv3
CVE-2019-5434
An attacker could send a specifically crafted payload to the XML-RPC invocation script and trigger the unserialize() call on the "what" parameter in the "openads.spc" RPC method. Such vulnerability could be used to perform various types of attacks, e.g. exploi...
Revive-sas Revive Adserver
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »