Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
deep security vulnerabilities and exploits
(subscribe to this query)
9.1
CVSSv3
CVE-2023-5841
Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEX image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. This issue was resolved as...
Openexr Openexr
7.8
CVSSv3
CVE-2023-52338
A link following vulnerability in the Trend Micro Deep Security 20.0 and Trend Micro Cloud One - Endpoint and Workload Security Agent could allow a local malicious user to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to exe...
Trendmicro Deep Security 20.0
Trendmicro Deep Security Agent 20.0
7.8
CVSSv3
CVE-2023-52337
An improper access control vulnerability in Trend Micro Deep Security 20.0 and Trend Micro Cloud One - Endpoint and Workload Security Agent could allow a local malicious user to escalate privileges on affected installations. Please note: an attacker must first obtain the ability ...
Trendmicro Deep Security 20.0
Trendmicro Deep Security Agent 20.0
5.9
CVSSv3
CVE-2023-48795
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH prior to 9.6 and other products, allows remote malicious users to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may conseque...
Openbsd Openssh
Putty Putty
Filezilla-project Filezilla Client
Microsoft Powershell
Panic Transmit 5
Panic Nova
Roumenpetrov Pkixssh
Winscp Winscp
Bitvise Ssh Client
Bitvise Ssh Server
Lancom-systems Lcos
Lancom-systems Lcos Fx -
Lancom-systems Lcos Lx -
Lancom-systems Lcos Sx 5.20
Lancom-systems Lcos Sx 4.20
Lancom-systems Lanconfig -
Vandyke Securecrt
Libssh Libssh
Net-ssh Net-ssh 7.2.0
Ssh2 Project Ssh2
Proftpd Proftpd
Freebsd Freebsd
9 Github repositories
1 Article
5.3
CVSSv3
CVE-2023-28968
An Improperly Controlled Sequential Memory Allocation vulnerability in the Juniper Networks Deep Packet Inspection-Decoder (JDPI-Decoder) Application Signature component of Junos OS's AppID service on SRX Series devices will stop the JDPI-Decoder from identifying dynamic app...
Juniper Appid Service Sigpack
Juniper Jdpi-decoder Engine
Juniper Junos 19.1
Juniper Junos 19.2
Juniper Junos 19.3
Juniper Junos 19.4
Juniper Junos 20.1
Juniper Junos 20.2
Juniper Junos 20.3
Juniper Junos 20.4
Juniper Junos 21.1
Juniper Junos 21.2
Juniper Junos 21.3
Juniper Junos 21.4
Juniper Junos 22.1
Juniper Junos 22.2
Juniper Junos 22.3
6.5
CVSSv3
CVE-2022-42321
Xenstore: Guests can crash xenstored via exhausting the stack Xenstored is using recursion for some Xenstore operations (e.g. for deleting a sub-tree of Xenstore nodes). With sufficiently deep nesting levels this can result in stack exhaustion on xenstored, leading to a crash of ...
Xen Xen -
Debian Debian Linux 11.0
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
7.5
CVSSv3
CVE-2022-42003
In FasterXML jackson-databind prior to 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled.
Fasterxml Jackson-databind
Quarkus Quarkus
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Netapp Oncommand Workflow Automation -
6 Github repositories
7.5
CVSSv3
CVE-2022-42004
In FasterXML jackson-databind prior to 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.
Fasterxml Jackson-databind
Quarkus Quarkus
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Netapp Oncommand Workflow Automation -
4 Github repositories
3.3
CVSSv3
CVE-2022-40707
An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local malicious user to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execut...
Trendmicro Deep Security Agent 20.0
3.3
CVSSv3
CVE-2022-40708
An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local malicious user to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execut...
Trendmicro Deep Security Agent 20.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-40673
CVE-2024-36674
CVE-2024-27348
unspecified
CVE-2024-24919
CVE-2024-4870
malicious code
CVE-2024-2019
hard-coded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »