Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
is threat team vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2018-6922
One of the data structures that holds TCP segments in all versions of FreeBSD before 11.2-RELEASE-p1, 11.1-RELEASE-p12, and 10.4-RELEASE-p10 uses an inefficient algorithm to reassemble the data. This causes the CPU time spent on segment processing to grow linearly with the number...
Freebsd Freebsd 10.4
Freebsd Freebsd 11.1
Freebsd Freebsd 11.2
6.5
CVSSv3
CVE-2021-28147
The team sync HTTP API in Grafana Enterprise 6.x prior to 6.7.6, 7.x prior to 7.3.10, and 7.4.x prior to 7.4.5 has an Incorrect Access Control issue. On Grafana instances using an external authentication service and having the EditorsCanAdmin feature enabled, this vulnerability a...
Grafana Grafana
6.5
CVSSv3
CVE-2021-28146
The team sync HTTP API in Grafana Enterprise 7.4.x prior to 7.4.5 has an Incorrect Access Control issue. On Grafana instances using an external authentication service, this vulnerability allows any authenticated user to add external groups to existing teams. This can be used to g...
Grafana Grafana
9.8
CVSSv3
CVE-2003-0545
Double free vulnerability in OpenSSL 0.9.7 allows remote malicious users to cause a denial of service (crash) and possibly execute arbitrary code via an SSL client certificate with a certain invalid ASN.1 encoding.
Openssl Openssl 0.9.6
Openssl Openssl 0.9.7
NA
CVE-2003-0544
OpenSSL 0.9.6 and 0.9.7 does not properly track the number of characters in certain ASN.1 inputs, which allows remote malicious users to cause a denial of service (crash) via an SSL client certificate that causes OpenSSL to read past the end of a buffer when the long form is used...
Openssl Openssl 0.9.6
Openssl Openssl 0.9.7
NA
CVE-2003-0543
Integer overflow in OpenSSL 0.9.6 and 0.9.7 allows remote malicious users to cause a denial of service (crash) via an SSL client certificate with certain ASN.1 tag values.
Openssl Openssl 0.9.6
Openssl Openssl 0.9.7
1 EDB exploit
7.3
CVSSv3
CVE-2020-35452
Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation ...
Apache Http Server
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Oracle Instantis Enterprisetrack 17.1
Oracle Instantis Enterprisetrack 17.2
Oracle Instantis Enterprisetrack 17.3
Oracle Enterprise Manager Ops Center 12.4.0.0
Oracle Zfs Storage Appliance Kit 8.8
7.8
CVSSv3
CVE-2024-22410
Creditcoin is a network that enables cross-blockchain credit transactions. The Windows binary of the Creditcoin node loads a suite of DLLs provided by Microsoft at startup. If a malicious user has access to overwrite the program files directory it is possible to replace these DLL...
Gluwa Creditcoin
6.1
CVSSv3
CVE-2019-11358
jQuery prior to 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
Jquery Jquery
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Drupal Drupal
Backdropcms Backdrop
Fedoraproject Fedora 28
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Opensuse Leap 15.1
Opensuse Backports Sle 15.0
Netapp Snapcenter -
Netapp Oncommand System Manager
Redhat Cloudforms 4.7
Redhat Virtualization Manager 4.3
Oracle Service Bus 12.1.3.0.0
Oracle Primavera Unifier 16.2
Oracle Jd Edwards Enterpriseone Tools 9.2
Oracle Weblogic Server 12.1.3.0.0
Oracle Service Bus 11.1.1.9.0
Oracle Jdeveloper 11.1.1.9.0
Oracle Primavera Unifier 16.1
158 Github repositories
NA
CVE-2002-0079
Buffer overflow in the chunked encoding transfer mechanism in Internet Information Server (IIS) 4.0 and 5.0 Active Server Pages allows malicious users to cause a denial of service or execute arbitrary code.
Microsoft Internet Information Services 5.0
Microsoft Internet Information Server 4.0
4 EDB exploits
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »