Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sahil dhar vulnerabilities and exploits
(subscribe to this query)
605
VMScore
CVE-2021-44648
GNOME gdk-pixbuf 2.42.6 is vulnerable to a heap-buffer overflow vulnerability when decoding the lzw compressed stream of image data in GIF files with lzw minimum code size equals to 12.
Gnome Gdkpixbuf 2.42.6
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Debian Debian Linux 11.0
NA
CVE-2021-46829
GNOME GdkPixbuf (aka GDK-PixBuf) prior to 2.42.8 allows a heap-based buffer overflow when compositing or clearing frames in GIF files, as demonstrated by io-gif-animation.c composite_frame. This overflow is controllable and could be abused for code execution, especially on 32-bit...
Gnome Gdk-pixbuf
Fedoraproject Fedora 35
Debian Debian Linux 11.0
578
VMScore
CVE-2019-19034
Zoho ManageEngine Asset Explorer 6.5 does not validate the System Center Configuration Manager (SCCM) database username when dynamically generating a command to schedule scans for SCCM. This allows an malicious user to execute arbitrary commands on the AssetExplorer Server with N...
Zohocorp Manageengine Assetexplorer 6.5
578
VMScore
CVE-2020-11531
The DataEngine Xnode Server application in Zoho ManageEngine DataSecurity Plus before 6.0.1 does not validate the database schema name when handling a DR-SCHEMA-SYNC request. This allows an authenticated malicious user to execute code in the context of the product by writing a JS...
Zohocorp Manageengine Adaudit Plus
Zohocorp Manageengine Datasecurity Plus
890
VMScore
CVE-2020-11532
Zoho ManageEngine DataSecurity Plus before 6.0.1 uses default admin credentials to communicate with a DataEngine Xnode server. This allows an malicious user to bypass authentication for this server and execute all operations in the context of admin user.
Zohocorp Manageengine Adaudit Plus
Zohocorp Manageengine Datasecurity Plus
436
VMScore
CVE-2020-8838
An issue exists in Zoho ManageEngine AssetExplorer 6.5. During an upgrade of the Windows agent, it does not validate the source and binary downloaded. This allows an attacker on an adjacent network to execute code with NT AUTHORITY/SYSTEM privileges on the agent machines by provi...
Zohocorp Manageengine Assetexplorer 6.5
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-20065
open redirect
CVE-2024-1086
path traversal
CVE-2024-29825
XXE
CVE-2024-29822
CVE-2024-20696
CVE-2024-3564
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started