Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
kostya kortchinsky vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2015-0971
The DER parser in Suricata prior to 2.0.8 allows remote malicious users to cause a denial of service (crash) via vectors related to SSL/TLS certificates.
Debian Debian Linux 8.0
Openinfosecfoundation Suricata
NA
CVE-2015-4145
The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 up to and including 2.4 does not validate a fragment is already being processed, which allows remote malicious users to cause a denial of service (memory leak) via a crafted message.
W1.fi Hostapd 2.2
W1.fi Hostapd 2.3
W1.fi Hostapd 2.4
W1.fi Hostapd 2.0
W1.fi Hostapd 2.1
W1.fi Hostapd 1.1
W1.fi Hostapd 1.0
Opensuse Opensuse 13.1
Opensuse Opensuse 13.2
W1.fi Wpa Supplicant 2.0
W1.fi Wpa Supplicant 2.1
W1.fi Wpa Supplicant 2.2
W1.fi Wpa Supplicant 2.3
W1.fi Wpa Supplicant 1.1
W1.fi Wpa Supplicant 1.0
W1.fi Wpa Supplicant 2.4
NA
CVE-2015-4143
The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 up to and including 2.4 allows remote malicious users to cause a denial of service (out-of-bounds read and crash) via a crafted (1) Commit or (2) Confirm message payload.
W1.fi Wpa Supplicant 1.0
W1.fi Wpa Supplicant 2.0
W1.fi Wpa Supplicant 2.1
W1.fi Wpa Supplicant 2.2
W1.fi Wpa Supplicant 1.1
W1.fi Wpa Supplicant 2.3
W1.fi Wpa Supplicant 2.4
W1.fi Hostapd 1.0
W1.fi Hostapd 2.0
W1.fi Hostapd 2.1
W1.fi Hostapd 2.2
W1.fi Hostapd 1.1
W1.fi Hostapd 2.3
W1.fi Hostapd 2.4
Opensuse Opensuse 13.2
Opensuse Opensuse 13.1
NA
CVE-2015-4144
The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 up to and including 2.4 does not validate that a message is long enough to contain the Total-Length field, which allows remote malicious users to cause a denial of service (crash) via a crafted message.
Opensuse Opensuse 13.1
Opensuse Opensuse 13.2
W1.fi Hostapd 2.2
W1.fi Hostapd 2.3
W1.fi Hostapd 2.4
W1.fi Hostapd 2.0
W1.fi Hostapd 2.1
W1.fi Hostapd 1.1
W1.fi Hostapd 1.0
W1.fi Wpa Supplicant 2.2
W1.fi Wpa Supplicant 2.3
W1.fi Wpa Supplicant 2.4
W1.fi Wpa Supplicant 2.0
W1.fi Wpa Supplicant 2.1
W1.fi Wpa Supplicant 1.1
W1.fi Wpa Supplicant 1.0
NA
CVE-2015-4141
The WPS UPnP function in hostapd, when using WPS AP, and wpa_supplicant, when using WPS external registrar (ER), 0.7.0 up to and including 2.4 allows remote malicious users to cause a denial of service (crash) via a negative chunk length, which triggers an out-of-bounds read or h...
W1.fi Wpa Supplicant 1.1
W1.fi Wpa Supplicant 2.0
W1.fi Wpa Supplicant 0.7.3
W1.fi Wpa Supplicant 1.0
W1.fi Wpa Supplicant 0.7.1
W1.fi Wpa Supplicant 0.7.2
W1.fi Wpa Supplicant 2.3
W1.fi Wpa Supplicant 2.4
W1.fi Wpa Supplicant 0.7.0
W1.fi Wpa Supplicant 2.1
W1.fi Wpa Supplicant 2.2
W1.fi Hostapd 0.7.2
W1.fi Hostapd 0.7.3
W1.fi Hostapd 2.4
W1.fi Hostapd 0.7.0
W1.fi Hostapd 0.7.1
W1.fi Hostapd 2.2
W1.fi Hostapd 2.3
W1.fi Hostapd 2.0
W1.fi Hostapd 2.1
W1.fi Hostapd 1.0
W1.fi Hostapd 1.1
NA
CVE-2015-4146
The EAP-pwd peer implementation in hostapd and wpa_supplicant 1.0 up to and including 2.4 does not clear the L (Length) and M (More) flags before determining if a response should be fragmented, which allows remote malicious users to cause a denial of service (crash) via a crafted...
W1.fi Wpa Supplicant 2.0
W1.fi Wpa Supplicant 2.1
W1.fi Wpa Supplicant 2.2
W1.fi Wpa Supplicant 2.3
W1.fi Wpa Supplicant 1.1
W1.fi Wpa Supplicant 1.0
W1.fi Wpa Supplicant 2.4
W1.fi Hostapd 2.1
W1.fi Hostapd 2.2
W1.fi Hostapd 1.1
W1.fi Hostapd 1.0
W1.fi Hostapd 2.0
W1.fi Hostapd 2.3
W1.fi Hostapd 2.4
Opensuse Opensuse 13.2
Opensuse Opensuse 13.1
NA
CVE-2015-4211
Cisco AnyConnect Secure Mobility Client 3.1(60) on Windows does not properly validate pathnames, which allows local users to gain privileges via a crafted INF file, aka Bug ID CSCus65862.
Cisco Anyconnect Secure Mobility Client 3.1\\(60\\)
NA
CVE-2003-1177
Buffer overflow in the base64 decoder in MERCUR Mailserver 4.2 before SP3a allows remote malicious users to cause a denial of service and possibly execute arbitrary code via a long (1) AUTH command to the POP3 server or (2) AUTHENTICATE command to the IMAP server.
Atrium Software Mercur Mailserver 4.1 Sp1
Atrium Software Mercur Mailserver 4.2
Atrium Software Mercur Mailserver 4.2 Sp1
Atrium Software Mercur Mailserver 4.2 Sp2
Atrium Software Mercur Mailserver 3.3
Atrium Software Mercur Mailserver 3.3 Sp1
Atrium Software Mercur Mailserver 3.3 Sp2
Atrium Software Mercur Mailserver 4.1
1 EDB exploit
8.8
CVSSv3
CVE-2022-33891
The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. With an authentication filter, this checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a code path in HttpSecurityFilter can...
Apache Spark
18 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started