Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
links vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-34960
The container package in MikroTik RouterOS 7.4beta4 allows an malicious user to create mount points pointing to symbolic links, which resolve to locations on the host device. This allows the malicious user to mount any arbitrary file to any location on the host.
Mikrotik Routeros 7.4
9.8
CVSSv3
CVE-2022-32207
When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the t...
Haxx Curl
Fedoraproject Fedora 35
Debian Debian Linux 11.0
Netapp Element Software -
Netapp Clustered Data Ontap -
Netapp Solidfire -
Netapp Hci Management Node -
Netapp Bootstrap Os -
Netapp H300s Firmware -
Netapp H500s Firmware -
Netapp H700s Firmware -
Netapp H410s Firmware -
Apple Macos
Splunk Universal Forwarder 9.1.0
Splunk Universal Forwarder
9.8
CVSSv3
CVE-2022-26612
In Apache Hadoop, The unTar function uses unTarUsingJava function on Windows and the built-in tar utility on Unix and other OSes. As a result, a TAR entry may create a symlink under the expected extraction directory which points to an external directory. A subsequent TAR entry ma...
Apache Hadoop
Apache Hadoop 3.3.1
Apache Hadoop 3.3.2
9.8
CVSSv3
CVE-2022-21706
Zulip is an open-source team collaboration tool with topic-based threading. Zulip Server version 2.0.0 and above are vulnerable to insufficient access control with multi-use invitations. A Zulip Server deployment which hosts multiple organizations is vulnerable to an attack where...
Zulip Zulip Server
9.8
CVSSv3
CVE-2021-33913
libspf2 prior to 1.2.11 has a heap-based buffer overflow that might allow remote malicious users to execute arbitrary code (via an unauthenticated e-mail message from anywhere on the Internet) with a crafted SPF DNS record, because of SPF_record_expand_data in spf_expand.c. The a...
Libspf2 Project Libspf2
9.8
CVSSv3
CVE-2021-33912
libspf2 prior to 1.2.11 has a four-byte heap-based buffer overflow that might allow remote malicious users to execute arbitrary code (via an unauthenticated e-mail message from anywhere on the Internet) with a crafted SPF DNS record, because of incorrect sprintf usage in SPF_reco...
Libspf2 Project Libspf2
Debian Debian Linux 9.0
9.8
CVSSv3
CVE-2021-21691
Creating symbolic links is possible without the 'symlink' agent-to-controller access control permission in Jenkins 2.318 and previous versions, LTS 2.303.2 and previous versions.
Jenkins Jenkins
9.8
CVSSv3
CVE-2021-34727
A vulnerability in the vDaemon process in Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote malicious user to cause a buffer overflow on an affected device. This vulnerability is due to insufficient bounds checking when an affected device processes traffic. An a...
Cisco Ios Xe Sd-wan -
9.8
CVSSv3
CVE-2021-32691
Apollos Apps is an open source platform for launching church-related apps. In Apollos Apps versions before 2.20.0, new user registrations are able to access anyone's account by only knowing their basic profile information (name, birthday, gender, etc). This includes all app ...
Apollosapp Data-connector-rock
9.8
CVSSv3
CVE-2021-1451
A vulnerability in the Easy Virtual Switching System (VSS) feature of Cisco IOS XE Software for Cisco Catalyst 4500 Series Switches and Cisco Catalyst 4500-X Series Switches could allow an unauthenticated, remote malicious user to execute arbitrary code on the underlying Linux op...
Cisco Ios Xe 3.6.0be
Cisco Ios Xe 3.6.0e
Cisco Ios Xe 3.6.1e
Cisco Ios Xe 3.6.2e
Cisco Ios Xe 3.6.3e
Cisco Ios Xe 3.6.4e
Cisco Ios Xe 3.6.5ae
Cisco Ios Xe 3.6.5be
Cisco Ios Xe 3.6.5e
Cisco Ios Xe 3.6.6e
Cisco Ios Xe 3.6.7e
Cisco Ios Xe 3.6.8e
Cisco Ios Xe 3.6.9e
Cisco Ios Xe 3.6.10e
Cisco Ios Xe 3.7.0e
Cisco Ios Xe 3.7.1e
Cisco Ios Xe 3.7.2e
Cisco Ios Xe 3.7.3e
Cisco Ios Xe 3.7.4e
Cisco Ios Xe 3.7.5e
Cisco Ios Xe 3.8.0e
Cisco Ios Xe 3.8.1e
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »