Linux Distros Unpatched Vulnerability : CVE-2017-14098

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the pjsip channel driver respjsip in Asterisk 13.x before 13.17.1 and 14.x before 14.6.1, a carefully crafted tel URI in a From, To, or Contact header could...

PT-2025-32107 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions 13 through 16 Description: Improper access control in PkgPredictorService prior to SMR Aug-2025 Release 1 allows local attackers to use privileged APIs. Recommendations: Update to SMR Aug-2025 Release 1 or later...

Umbraco CMS disclosure of configured password requirements

Impact Via a request to an anonymously authenticated endpoint it's possible to retrieve information about the configured password requirements. The information available is limited but would perhaps give some additional detail useful for someone attempting to brute force derive a user's password...

CVE-2025-20967

Improper access control in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows attackers to read and write arbitrary file with the privilege of Samsung Gallery...

VMware Fusion Security Vulnerability

VMware Fusion is a suite of virtual machine software from VMware, Inc. designed to run Windows applications on Macs. A security vulnerability exists in VMware Fusion versions 13.x through 13.5 and earlier, which stems from a local elevation of privilege vulnerability...

SUSE CVE-2019-2978

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Networking. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multip...

CVE-2022-20484

In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

GitLab 13.1.x < 14.7.7, 14.8.x < 14.8.5, 14.9.x < 14.9.2 DoS Vulnerability

GitLab is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:gitlab:gitlab"; if...

PT-2021-22750 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 13.0 and later Description: A privileged user can change the visibility level of a group or a project to a restricted option through an API call, even after the instance administrator sets that visibility option as...

PT-2020-16952 · Sangoma +1 · Asterisk +1

Name of the Vulnerable Software and Affected Versions: Asterisk Open Source versions 13.x through 13.37.0 Asterisk Open Source versions 16.x through 16.14.0 Asterisk Open Source versions 17.x through 17.8.0 Asterisk Open Source versions 18.x through 18.0.0 Certified Asterisk versions prior to...

app.pickmaven:businessdays (>=1.0.0 <=1.0.1), br.com.martinlabs:martinlabs-commons (=3.4) +834 more potentially affected by CVE-2018-10237 via com.google.guava:guava-jdk5 (>=13.0 <=17.0)

com.google.guava:guava-jdk5 MAVEN version =13.0, =1.0.0, =0.1, =0.1, =4.0.2, =1.0, =1.0, =1.0.16, =1.0.16, =2.4.1 and more Source cves: CVE-2018-10237 Source advisory: OSV:GHSA-MVR2-9PJ6-7W5J...

UBUNTU-CVE-2019-15606

Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons...

OpenJDK: NULL pointer dereference in DrawGlyphList (2D, 8222690)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: 2D. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

OpenJDK: Unexpected exception thrown by XPathParser processing crafted XPath expression (JAXP, 8223505)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JAXP. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

OpenJDK: Unexpected exception thrown by Pattern processing crafted regular expression (Concurrency, 8222684)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Concurrency. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

CVE-2019-6626

On BIG-IP AFM, Analytics, ASM 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, and 11.5.1-11.6.3.4, A reflected cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Traffic Management User Interface TMUI, also known as the Configuration utility...

CVE-2018-15314

On F5 BIG-IP AFM 13.0.0-13.1.1.1 and 12.1.0-12.1.3.6, there is a Reflected Cross Site Scripting vulnerability in undisclosed TMUI page...

Sql injection

ManageEngine Applications Manager versions 12 and 13 before build 13200 suffer from remote SQL injection vulnerabilities. An unauthenticated attacker is able to access the URL /servlet/MenuHandlerServlet, which is vulnerable to SQL injection. The attacker could extract users' password hashes, whi...

CVE-2016-9490 ManageEngine Applications Manager versions 12 and 13 suffer from a Reflected Cross-Site Scripting vulnerability

ManageEngine Applications Manager versions 12 and 13 before build 13200 suffer from a Reflected Cross-Site Scripting vulnerability. Applications Manager is prone to a Cross-Site Scripting vulnerability in parameter LIMIT, in URL path /DiagAlertAction.do?REQTYPE=AJAX&LIMIT=1233. The URL is also...

CVE-2018-5515

On F5 BIG-IP 13.0.0-13.1.0.5, using RADIUS authentication responses from a RADIUS server with IPv6 addresses may cause TMM to crash, leading to a failover event...