Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
make vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2008-3923
Multiple cross-site scripting (XSS) vulnerabilities in statistics.php in Content Management Made Easy (CMME) 1.12 allow remote malicious users to inject arbitrary web script or HTML via the (1) page and (2) year parameters in an hstat_year action.
Hans Oesterholt Cmme 1.12
1 EDB exploit
8.8
CVSSv3
CVE-2017-9948
A stack buffer overflow vulnerability has been discovered in Microsoft Skype 7.2, 7.35, and 7.36 prior to 7.37, involving MSFTEDIT.DLL mishandling of remote RDP clipboard content within the message box.
Microsoft Skype 7.36
Microsoft Skype 7.35
Microsoft Skype 7.2
1 Article
9.8
CVSSv3
CVE-2023-33246
For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution. Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vu...
Apache Rocketmq
14 Github repositories
1 Article
9.8
CVSSv3
CVE-2019-6177
A vulnerability reported in Lenovo Solution Center version 03.12.003, which is no longer supported, could allow log files to be written to non-standard locations, potentially leading to privilege escalation. Lenovo ended support for Lenovo Solution Center and recommended that cus...
Lenovo Solution Center 03.12.003
1 Article
7.8
CVSSv3
CVE-2022-31660
VMware Workspace ONE Access, Identity Manager and vRealize Automation contains a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'.
Vmware Identity Manager 3.3.4
Vmware Identity Manager 3.3.5
Vmware Identity Manager 3.3.6
Vmware One Access 21.08.0.0
Vmware One Access 21.08.0.1
Vmware Access Connector 21.08.0.0
Vmware Access Connector 21.08.0.1
Vmware Access Connector 22.05
Vmware Identity Manager Connector 3.3.4
Vmware Identity Manager Connector 3.3.5
Vmware Identity Manager Connector 3.3.6
Vmware Identity Manager Connector 19.03.0.1
1 Article
9.8
CVSSv3
CVE-2021-20045
A buffer overflow vulnerability in SMA100 sonicfiles RAC_COPY_TO (RacNumber 36) method allows a remote unauthenticated malicious user to potentially execute code as the 'nobody' user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliance...
Sonicwall Sma 200 Firmware 10.2.0.8-37sv
Sonicwall Sma 200 Firmware 10.2.1.1-19sv
Sonicwall Sma 210 Firmware 10.2.0.8-37sv
Sonicwall Sma 210 Firmware 10.2.1.1-19sv
Sonicwall Sma 410 Firmware 10.2.0.8-37sv
Sonicwall Sma 410 Firmware 10.2.1.1-19sv
Sonicwall Sma 400 Firmware 10.2.0.8-37sv
Sonicwall Sma 400 Firmware 10.2.1.1-19sv
Sonicwall Sma 500v Firmware 10.2.0.8-37sv
Sonicwall Sma 500v Firmware 10.2.1.1-19sv
1 Article
8.8
CVSSv3
CVE-2021-20043
A Heap-based buffer overflow vulnerability in SonicWall SMA100 getBookmarks method allows a remote authenticated malicious user to potentially execute code as the nobody user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances.
Sonicwall Sma 200 Firmware 10.2.0.8-37sv
Sonicwall Sma 200 Firmware 10.2.1.1-19sv
Sonicwall Sma 210 Firmware 10.2.0.8-37sv
Sonicwall Sma 210 Firmware 10.2.1.1-19sv
Sonicwall Sma 410 Firmware 10.2.0.8-37sv
Sonicwall Sma 410 Firmware 10.2.1.1-19sv
Sonicwall Sma 400 Firmware 10.2.0.8-37sv
Sonicwall Sma 400 Firmware 10.2.1.1-19sv
Sonicwall Sma 500v Firmware 10.2.0.8-37sv
Sonicwall Sma 500v Firmware 10.2.1.1-19sv
1 Article
8.8
CVSSv3
CVE-2021-20044
A post-authentication remote command injection vulnerability in SonicWall SMA100 allows a remote authenticated malicious user to execute OS system commands in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances.
Sonicwall Sma 200 Firmware 10.2.0.8-37sv
Sonicwall Sma 200 Firmware 10.2.1.1-19sv
Sonicwall Sma 210 Firmware 10.2.0.8-37sv
Sonicwall Sma 210 Firmware 10.2.1.1-19sv
Sonicwall Sma 410 Firmware 10.2.0.8-37sv
Sonicwall Sma 410 Firmware 10.2.1.1-19sv
Sonicwall Sma 400 Firmware 10.2.0.8-37sv
Sonicwall Sma 400 Firmware 10.2.1.1-19sv
Sonicwall Sma 500v Firmware 10.2.0.8-37sv
Sonicwall Sma 500v Firmware 10.2.1.1-19sv
1 Article
9.8
CVSSv3
CVE-2020-12828
An issue exists in AnchorFree VPN SDK prior to 1.3.3.218. The VPN SDK service takes certain executable locations over a socket bound to localhost. Binding to the socket and providing a path where a malicious executable file resides leads to executing the malicious executable file...
Pango Virtual Private Network Software Development Kit
1 Github repository
1 Article
9.8
CVSSv3
CVE-2022-22972
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.
Vmware Identity Manager 3.3.3
Vmware Identity Manager 3.3.4
Vmware Identity Manager 3.3.5
Vmware Identity Manager 3.3.6
Vmware Vrealize Automation 7.6
Vmware Workspace One Access 20.10.0.0
Vmware Workspace One Access 20.10.0.1
Vmware Workspace One Access 21.08.0.0
Vmware Workspace One Access 21.08.0.1
Vmware Cloud Foundation 4.0
Vmware Cloud Foundation 4.0.1
Vmware Vrealize Suite Lifecycle Manager 8.0
Vmware Vrealize Suite Lifecycle Manager 8.0.1
Vmware Vrealize Suite Lifecycle Manager 8.1
Vmware Vrealize Suite Lifecycle Manager 8.2
Vmware Cloud Foundation 3.0
Vmware Cloud Foundation 3.0.1
Vmware Cloud Foundation 3.0.1.1
Vmware Cloud Foundation 3.5
Vmware Cloud Foundation 3.5.1
Vmware Cloud Foundation 3.7
Vmware Cloud Foundation 3.7.1
6 Github repositories
2 Articles
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »