Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
tenable vulnerabilities and exploits
(subscribe to this query)
7.9
CVSSv2
CVE-2017-5661
In Apache FOP prior to 2.2, files lying on the filesystem of the server which uses FOP can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the use...
Apache Formatting Objects Processor
7.8
CVSSv2
CVE-2018-20843
In libexpat in Expat prior to 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks).
Libexpat Project Libexpat
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
Canonical Ubuntu Linux 19.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 12.04
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Opensuse Leap 15.0
Opensuse Leap 15.1
Oracle Http Server 12.1.3.0
Oracle Outside In Technology 8.5.4
Oracle Outside In Technology 8.5.5
Oracle Http Server 12.2.1.4.0
Oracle Hospitality Res 3700
Tenable Nessus
7.8
CVSSv2
CVE-2017-11142
In PHP prior to 5.6.31, 7.x prior to 7.0.17, and 7.1.x prior to 7.1.3, remote attackers could cause a CPU consumption denial of service attack by injecting long form variables, related to main/php_variables.c.
Php Php 7.0.0
Php Php 7.0.1
Php Php 7.0.8
Php Php 7.0.9
Php Php 7.1.0
Php Php 7.1.1
Php Php 7.0.4
Php Php 7.0.5
Php Php 7.0.12
Php Php 7.0.13
Php Php
Php Php 7.0.6
Php Php 7.0.7
Php Php 7.0.14
Php Php 7.0.15
Php Php 7.0.16
Php Php 7.0.2
Php Php 7.0.3
Php Php 7.0.10
Php Php 7.0.11
Php Php 7.1.2
7.8
CVSSv2
CVE-2016-4055
The duration function in the moment package prior to 2.11.2 for Node.js allows remote malicious users to cause a denial of service (CPU consumption) via a long string, aka a "regular expression Denial of Service (ReDoS)."
Momentjs Moment
Tenable Nessus
Oracle Primavera Unifier
2 Github repositories
7.8
CVSSv2
CVE-2016-5300
The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent malicious users to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix ...
Canonical Ubuntu Linux 12.04
Debian Debian Linux 8.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 15.10
Canonical Ubuntu Linux 14.04
Libexpat Project Libexpat
Google Android 5.0.2
Google Android 6.0.1
Google Android 6.0
Google Android 4.4.4
Google Android 5.1.1
7.8
CVSSv2
CVE-2016-0798
Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 prior to 1.0.1s and 1.0.2 prior to 1.0.2g allows remote malicious users to cause a denial of service (memory consumption) by providing an invalid username in a connection attempt, related to apps/s_server.c ...
Openssl Openssl 1.0.1m
Openssl Openssl 1.0.2a
Openssl Openssl 1.0.1j
Openssl Openssl 1.0.1
Openssl Openssl 1.0.1h
Openssl Openssl 1.0.2e
Openssl Openssl 1.0.1r
Openssl Openssl 1.0.2b
Openssl Openssl 1.0.1c
Openssl Openssl 1.0.1g
Openssl Openssl 1.0.1a
Openssl Openssl 1.0.1d
Openssl Openssl 1.0.2c
Openssl Openssl 1.0.2
Openssl Openssl 1.0.1p
Openssl Openssl 1.0.1k
Openssl Openssl 1.0.1b
Openssl Openssl 1.0.1n
Openssl Openssl 1.0.1q
Openssl Openssl 1.0.1e
Openssl Openssl 1.0.1l
Openssl Openssl 1.0.1f
7.7
CVSSv2
CVE-2012-2986
lhn/public/network/ping in HP SAN/iQ 9.5 on the HP Virtual SAN Appliance allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) first, (2) third, or (3) fourth parameter. NOTE: this vulnerability exists because of an incomplete fix for...
Hp San\\/iq 9.5
2 EDB exploits
7.5
CVSSv2
CVE-2022-23943
Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an malicious user to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions.
Apache Http Server
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Debian Debian Linux 9.0
Oracle Http Server 12.2.1.3.0
Oracle Http Server 12.2.1.4.0
Oracle Zfs Storage Appliance Kit 8.8
7.5
CVSSv2
CVE-2022-23852
Expat (aka libexpat) prior to 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.
Libexpat Project Libexpat
Netapp Oncommand Workflow Automation -
Netapp Clustered Data Ontap -
Tenable Nessus
Debian Debian Linux 9.0
Oracle Communications Metasolv Solution 6.3.1
Siemens Sinema Remote Connect Server
7.5
CVSSv2
CVE-2022-22822
addBinding in xmlparse.c in Expat (aka libexpat) prior to 2.4.3 has an integer overflow.
Libexpat Project Libexpat
Tenable Nessus
Siemens Sinema Remote Connect Server
Debian Debian Linux 10.0
Debian Debian Linux 11.0
1 Article
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »