VulnerabilityAlerts | Vulnerability Monitoring Tool

Get notification on new detected CVE. Vulnerability monitoring in easy way

Monitoring new CVE for your stack in your software or environment never easier. No need to setup cronjob to check latest CVE, we do it for you. Get notified in hour unit for new CVE using email or webhook. VulnerabilityAlerts will help you to be always updated for new CVE of your software/library catalogue.

436 CVE notifications sent


Multiple Notification Channels
We support telegram notification, email, and webhook
Hourly Notification
We do CVE check on hourly level. Make sure you are not delayed getting info of CVE

CVE-2024-21401 | entra jira sso plugin

Microsoft Entra Jira Single-Sign-On Plugin Elevation of Privilege Vulnerability

CVE-2024-21413 | office

Microsoft Outlook Remote Code Execution Vulnerability

CVE-2021-29093 | arcgis server

A use-after-free vulnerability when parsing a specially crafted file in Esri ArcGIS Server 10.8.1 (and earlier) allows an authenticated attacker with specialized permissions to achieve arbitrary code execution in the context of the service account.

CVE-2021-29094 | arcgis server

Multiple buffer overflow vulnerabilities when parsing a specially crafted file in Esri ArcGIS Server 10.8.1 (and earlier) allows an authenticated attacker with specialized permissions to achieve arbitrary code execution in the context of the service account.

CVE-2021-29095 | arcgis server

Multiple uninitialized pointer vulnerabilities when parsing a specially crafted file in Esri ArcGIS Server 10.8.1 (and earlier) allows an authenticated attacker with specialized permissions to achieve arbitrary code execution in the context of the service account.

CVE-2022-3479 | network security services

A vulnerability found in nss. By this security vulnerability, nss client auth crash without a user certificate in the database and this can lead us to a segmentation fault or crash.

CVE-2020-11935 | ubuntu linux

It was discovered that aufs improperly managed inode reference counts in the vfsub_dentry_open() method. A local attacker could use this vulnerability to cause a denial of service attack.

CVE-2023-25584 | binutils

An out-of-bounds read flaw was found in the parse_module function in bfd/vms-alpha.c in Binutils.

CVE-2024-21384 | 365 apps

Microsoft Office OneNote Remote Code Execution Vulnerability

CVE-2024-21389 | dynamics 365

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

CVE-2024-21393 | dynamics 365

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

CVE-2024-21394 | dynamics 365

Dynamics 365 Field Service Spoofing Vulnerability

CVE-2024-21395 | dynamics 365

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

CVE-2024-21396 | dynamics 365

Dynamics 365 Sales Spoofing Vulnerability

CVE-2024-21397 | azure file sync

Microsoft Azure File Sync Elevation of Privilege Vulnerability

CVE-2021-32040 | mongodb

It may be possible to have an extremely long aggregation pipeline in conjunction with a specific stage/operator and cause a stack overflow due to the size of the stack frames used by that stage. If an attacker could cause such an aggregation to occur, they could maliciously crash MongoDB in a DoS attack. This vulnerability affects MongoDB Server v4.4 versions prior to and including 4.4.28, MongoDB Server v5.0 versions prior to 5.0.4 and MongoDB Server v4.2 versions prior to 4.2.16. Workaround: >= v4.2.16 users and all v4.4 users can add the --setParameter internalPipelineLengthLimit=50 instead of the default 1000 to mongod at startup to prevent a crash.

CVE-2023-2617 | opencv

A vulnerability classified as problematic was found in OpenCV wechat_qrcode Module up to 4.7.0. Affected by this vulnerability is the function DecodedBitStreamParser::decodeByteSegment of the file qrcode/decoder/decoded_bit_stream_parser.cpp. The manipulation leads to null pointer dereference. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-228547.

CVE-2023-2618 | opencv

A vulnerability, which was classified as problematic, has been found in OpenCV wechat_qrcode Module up to 4.7.0. Affected by this issue is the function DecodedBitStreamParser::decodeHanziSegment of the file qrcode/decoder/decoded_bit_stream_parser.cpp. The manipulation leads to memory leak. The attack may be launched remotely. The name of the patch is 2b62ff6181163eea029ed1cab11363b4996e9cd6. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-228548.

CVE-2021-34193 | opensc

Stack overflow vulnerability in OpenSC smart card middleware before 0.23 via crafted responses to APDUs.

CVE-2024-21381 | azure active directory

Microsoft Azure Active Directory B2C Spoofing Vulnerability

CVE-2023-45868 | ilias

The Learning Module in ILIAS 7.25 (2023-09-12 release) allows an attacker (with basic user privileges) to achieve a high-impact Directory Traversal attack on confidentiality and availability. By exploiting this network-based vulnerability, the attacker can move specified directories, normally outside the documentRoot, to a publicly accessible location via the PHP function rename(). This results in a total loss of confidentiality, exposing sensitive resources, and potentially denying access to the affected component and the operating system's components. To exploit this, an attacker must manipulate a POST request during the creation of an exercise unit, by modifying the old_name and new_name parameters via directory traversal. However, it's essential to note that, when exploiting this vulnerability, the specified directory will be relocated from its original location, rendering all files obtained from there unavailable.

CVE-2023-38997 | opnsense

A directory traversal vulnerability in the Captive Portal templates of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary system commands as root via a crafted ZIP archive.

CVE-2023-43115 | ghostscript

In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because they can switch to the IJS device, or change the IjsServer parameter, after SAFER has been activated. NOTE: it is a documented risk that the IJS server can be specified on a gs command line (the IJS device inherently must execute a command to start the IJS server).

CVE-2024-21371 | windows server 2012

Windows Kernel Elevation of Privilege Vulnerability

CVE-2024-21372 | windows server 2012

Windows OLE Remote Code Execution Vulnerability

CVE-2024-21374 | teams

Microsoft Teams for Android Information Disclosure

CVE-2024-21386 | asp.net core

.NET Denial of Service Vulnerability

CVE-2024-21402 | 365 apps

Microsoft Outlook Elevation of Privilege Vulnerability

CVE-2024-21404 | asp.net core

.NET Denial of Service Vulnerability

CVE-2024-21405 | windows server 2012

Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability

CVE-2024-20667 | azure devops server

Azure DevOps Server Remote Code Execution Vulnerability

CVE-2024-20673 | publisher

Microsoft Office Remote Code Execution Vulnerability

CVE-2024-21327 | dynamics 365

Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability

CVE-2024-21328 | dynamics 365

Dynamics 365 Sales Spoofing Vulnerability

CVE-2024-21329 | azure connected machine agent

Azure Connected Machine Agent Elevation of Privilege Vulnerability

CVE-2024-21342 | windows 11 22h2

Windows DNS Client Denial of Service Vulnerability

CVE-2023-47537 | fortios

An improper certificate validation vulnerability in Fortinet FortiOS 7.0.0 - 7.0.13, 7.2.0 - 7.2.6 and 7.4.0 - 7.4.1 allows a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the FortiLink communication channel between the FortiOS device and FortiSwitch.

CVE-2023-47537 | fortios

An improper certificate validation vulnerability in Fortinet FortiOS 7.0.0 - 7.0.13, 7.2.0 - 7.2.6 and 7.4.0 - 7.4.1 allows a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the FortiLink communication channel between the FortiOS device and FortiSwitch.

CVE-2024-23113 | fortipam

A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, FortiPAM versions 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSwitchManager versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.3 allows attacker to execute unauthorized code or commands via specially crafted packets.

CVE-2024-23113 | fortipam

A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, FortiPAM versions 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSwitchManager versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.3 allows attacker to execute unauthorized code or commands via specially crafted packets.

CVE-2024-25710 | commons compress

Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.3 through 1.25.0. Users are recommended to upgrade to version 1.26.0 which fixes the issue.

CVE-2024-25710 | commons compress

Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.3 through 1.25.0. Users are recommended to upgrade to version 1.26.0 which fixes the issue.

CVE-2024-26308 | commons compress

Allocation of Resources Without Limits or Throttling vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.21 before 1.26. Users are recommended to upgrade to version 1.26, which fixes the issue.

CVE-2024-26308 | commons compress

Allocation of Resources Without Limits or Throttling vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.21 before 1.26. Users are recommended to upgrade to version 1.26, which fixes the issue.

CVE-2024-1709 | screenconnect

ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems.

CVE-2024-1708 | screenconnect

ConnectWise ScreenConnect 23.9.7 and prior are affected by path-traversal vulnerability, which may allow an attacker the ability to execute remote code or directly impact confidential data or critical systems.

CVE-2024-1709 | screenconnect

ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems.

CVE-2023-1289 | imagemagick

A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to a segmentation fault, generating many trash files in "/tmp," resulting in a denial of service. When ImageMagick crashes, it generates a lot of trash files. These trash files can be large if the SVG file contains many render actions. In a denial of service attack, if a remote attacker uploads an SVG file of size t, ImageMagick generates files of size 103*t. If an attacker uploads a 100M SVG, the server will generate about 10G.

CVE-2023-34151 | imagemagick

A vulnerability was found in ImageMagick. This security flaw ouccers as an undefined behaviors of casting double to size_t in svg, mvg and other coders (recurring bugs of CVE-2022-32546).

CVE-2019-10226 | fat free crm

HTML Injection has been discovered in the v0.19.0 version of the Fat Free CRM product via an authenticated request to the /comments URI. NOTE: the vendor disputes the significance of this report because some HTML formatting (such as with an H1 element) is allowed, but there is a XSS protection mechanism.

Copyright © 2022 VulnerabilityAlerts

DISCLAIMER:

This site is created by @aryya_id by processing data from National Vulnerability Database (NVD). You are free to use this site for your use case by understanding that there is no guaantee or warranty for data shown in this site. You are understand that content from this website is "as it is" and usage of data or material from this website is solely your reponsibility.