Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
debian debian linux 1.2 vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-28346
An issue exists in Django 2.2 prior to 2.2.28, 3.2 prior to 3.2.13, and 4.0 prior to 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs.
Djangoproject Django
Debian Debian Linux 9.0
Debian Debian Linux 11.0
7 Github repositories
9.8
CVSSv3
CVE-2022-28347
A SQL injection issue exists in QuerySet.explain() in Django 2.2 prior to 2.2.28, 3.2 prior to 3.2.13, and 4.0 prior to 4.0.4. This occurs by passing a crafted dictionary (with dictionary expansion) as the **options argument, and placing the injection payload in an option name.
Djangoproject Django
Debian Debian Linux 11.0
2 Github repositories
9.8
CVSSv3
CVE-2020-11651
An issue exists in SaltStack Salt prior to 2019.2.4 and 3000 prior to 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods can be used to retrieve user toke...
Saltstack Salt
Opensuse Leap 15.1
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 16.04
Vmware Application Remote Collector 8.0.0
Vmware Application Remote Collector 7.5.0
17 Github repositories
4 Articles
9.8
CVSSv3
CVE-2019-17571
Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j...
Apache Log4j
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 18.04
Opensuse Leap 15.1
Netapp Oncommand Workflow Automation -
Netapp Oncommand System Manager
Oracle Retail Service Backbone 14.1
Oracle Weblogic Server 12.1.3.0.0
Oracle Retail Service Backbone 15.0
Oracle Weblogic Server 10.3.6.0.0
Oracle Weblogic Server 12.2.1.3.0
Oracle Application Testing Suite 13.3.0.1
Oracle Endeca Information Discovery Studio 3.2.0
Oracle Weblogic Server 12.2.1.4.0
Oracle Weblogic Server 14.1.1.0.0
Oracle Rapid Planning 12.1
Oracle Rapid Planning 12.2
Oracle Financial Services Lending And Leasing
Oracle Financial Services Lending And Leasing 12.5.0
Oracle Communications Network Integrity
18 Github repositories
1 Article
9.8
CVSSv3
CVE-2019-17531
A Polymorphic Typing issue exists in FasterXML jackson-databind 2.0.0 up to and including 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in ...
Fasterxml Jackson-databind
Debian Debian Linux 8.0
Redhat Jboss Enterprise Application Platform 7.2
Redhat Jboss Enterprise Application Platform 7.3
Oracle Banking Platform 2.4.0
Oracle Jd Edwards Enterpriseone Tools 9.2
Oracle Banking Platform 2.4.1
Oracle Primavera Gateway 16.1
Oracle Primavera Gateway 16.2
Oracle Banking Platform 2.5.0
Oracle Weblogic Server 12.2.1.3.0
Oracle Webcenter Portal 12.2.1.3.0
Oracle Webcenter Sites 12.2.1.3.0
Oracle Jd Edwards Enterpriseone Orchestrator 9.2
Oracle Banking Platform 2.6.0
Oracle Banking Platform 2.6.1
Oracle Banking Platform 2.6.2
Oracle Weblogic Server 12.2.1.4.0
Oracle Webcenter Sites 12.2.1.4.0
Oracle Webcenter Portal 12.2.1.4.0
Oracle Communications Billing And Revenue Management 12.0.0.3.0
Oracle Communications Billing And Revenue Management 7.5.0.23.0
2 Github repositories
9.8
CVSSv3
CVE-2017-12865
Stack-based buffer overflow in "dnsproxy.c" in connman 1.34 and previous versions allows remote malicious users to cause a denial of service (crash) or execute arbitrary code via a crafted response query string passed to the "name" variable.
Intel Connman
Debian Debian Linux 8.0
9.8
CVSSv3
CVE-2015-7871
Crypto-NAK packets in ntpd in NTP 4.2.x prior to 4.2.8p4, and 4.3.x prior to 4.3.77 allows remote malicious users to bypass authentication.
Ntp Ntp 4.2.5
Ntp Ntp
Ntp Ntp 4.2.8
Debian Debian Linux 7.0
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Netapp Oncommand Balance -
Netapp Oncommand Performance Manager -
Netapp Oncommand Unified Manager -
Netapp Clustered Data Ontap -
Netapp Data Ontap -
9.8
CVSSv3
CVE-2016-8863
Heap-based buffer overflow in the create_url_list function in gena/gena_device.c in Portable UPnP SDK (aka libupnp) prior to 1.6.21 allows remote malicious users to cause a denial of service (crash) or possibly execute arbitrary code via a valid URI followed by an invalid one in ...
Libupnp Project Libupnp
Debian Debian Linux 8.0
1 Github repository
9.8
CVSSv3
CVE-2005-0102
Integer overflow in camel-lock-helper in Evolution 2.0.2 and previous versions allows local users or remote malicious POP3 servers to execute arbitrary code via a length value of -1, which leads to a zero byte memory allocation and a buffer overflow.
Gnome Evolution
Debian Debian Linux 3.0
9.1
CVSSv3
CVE-2022-23806
Curve.IsOnCurve in crypto/elliptic in Go prior to 1.16.14 and 1.17.x prior to 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element.
Golang Go
Netapp Storagegrid -
Netapp Cloud Insights Telegraf Agent -
Netapp Kubernetes Monitoring Operator -
Netapp Beegfs Csi Driver -
Debian Debian Linux 9.0
3 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »