Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

analytics tracker project analytics tracker vulnerabilities and exploits

(subscribe to this query)
6.1
CVSSv3
CVE-2017-18554
The analytics-tracker plugin prior to 1.1.1 for WordPress has XSS via a search event.
Analytics Tracker Project Analytics Tracker
9.8
CVSSv3
CVE-2018-19360
FasterXML jackson-databind 2.x prior to 2.9.8 might allow malicious users to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization.
Fasterxml Jackson-databindDebian Debian Linux 8.0Oracle Primavera Unifier 16.2Oracle Primavera P6 Enterprise Project Portfolio Management 16.2Oracle Primavera P6 Enterprise Project Portfolio Management 15.1Oracle Primavera Unifier 16.1Oracle Primavera P6 Enterprise Project Portfolio Management 16.1Oracle Primavera P6 Enterprise Project Portfolio Management 15.2Oracle Webcenter Portal 12.2.1.3.0Oracle Business Process Management Suite 12.1.3.0.0Oracle Business Process Management Suite 12.2.1.3.0Oracle Primavera P6 Enterprise Project Portfolio ManagementOracle Primavera P6 Enterprise Project Portfolio Management 18.8Oracle Primavera Unifier 18.8Oracle Retail Workforce Management Software 1.60.9.0.0Oracle Primavera UnifierRedhat Openshift Container Platform 3.11Redhat Jboss Bpm Suite 6.4.11Redhat Jboss Brms 6.4.10Redhat Automation Manager 7.3.1Redhat Decision Manager 7.3.1
9.8
CVSSv3
CVE-2018-19361
FasterXML jackson-databind 2.x prior to 2.9.8 might allow malicious users to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization.
Fasterxml Jackson-databindDebian Debian Linux 8.0Debian Debian Linux 9.0Oracle Primavera Unifier 16.2Oracle Primavera P6 Enterprise Project Portfolio Management 16.2Oracle Primavera P6 Enterprise Project Portfolio Management 15.1Oracle Primavera Unifier 16.1Oracle Primavera P6 Enterprise Project Portfolio Management 16.1Oracle Primavera P6 Enterprise Project Portfolio Management 15.2Oracle Webcenter Portal 12.2.1.3.0Oracle Business Process Management Suite 12.1.3.0.0Oracle Business Process Management Suite 12.2.1.3.0Oracle Primavera P6 Enterprise Project Portfolio ManagementOracle Primavera P6 Enterprise Project Portfolio Management 18.8Oracle Primavera Unifier 18.8Oracle Retail Workforce Management Software 1.60.9.0.0Oracle Primavera UnifierRedhat Openshift Container Platform 3.11Redhat Jboss Bpm Suite 6.4.11Redhat Jboss Brms 6.4.10Redhat Automation Manager 7.3.1Redhat Decision Manager 7.3.1
9.8
CVSSv3
CVE-2018-19362
FasterXML jackson-databind 2.x prior to 2.9.8 might allow malicious users to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization.
Fasterxml Jackson-databindDebian Debian Linux 8.0Oracle Primavera Unifier 16.2Oracle Primavera P6 Enterprise Project Portfolio Management 16.2Oracle Primavera P6 Enterprise Project Portfolio Management 15.1Oracle Primavera Unifier 16.1Oracle Primavera P6 Enterprise Project Portfolio Management 16.1Oracle Primavera P6 Enterprise Project Portfolio Management 15.2Oracle Webcenter Portal 12.2.1.3.0Oracle Business Process Management Suite 12.1.3.0.0Oracle Business Process Management Suite 12.2.1.3.0Oracle Primavera P6 Enterprise Project Portfolio ManagementOracle Primavera P6 Enterprise Project Portfolio Management 18.8Oracle Primavera Unifier 18.8Oracle Retail Workforce Management Software 1.60.9.0.0Oracle Primavera UnifierRedhat Openshift Container Platform 3.11Redhat Jboss Bpm Suite 6.4.11Redhat Jboss Brms 6.4.10Redhat Automation Manager 7.3.1Redhat Decision Manager 7.3.1
7.5
CVSSv3
CVE-2023-44487
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
Ietf Http 2.0Nghttp2 Nghttp2Netty NettyEnvoyproxy Envoy 1.27.0Envoyproxy Envoy 1.26.4Envoyproxy Envoy 1.25.9Envoyproxy Envoy 1.24.10Eclipse JettyCaddyserver CaddyGolang Http2Golang GoGolang NetworkingF5 Big-ip AnalyticsF5 Big-ip Policy Enforcement ManagerF5 Big-ip Local Traffic ManagerF5 Big-ip Link ControllerF5 Big-ip Global Traffic ManagerF5 Big-ip Fraud Protection ServiceF5 Big-ip Domain Name SystemF5 Big-ip Application Security ManagerF5 Big-ip Application Acceleration ManagerF5 Big-ip Advanced Firewall Manager
10
CVSSv3
CVE-2021-44228
Apache Log4j2 2.0-beta9 up to and including 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can contr...
Apache Log4j 2.0Apache Log4jSiemens Sppa-t3000 Ses3000 FirmwareSiemens Logo\\! Soft ComfortSiemens Spectrum Power 4 4.70Siemens Spectrum Power 4Siemens Siveillance Control ProSiemens Energyip Prepay 3.7Siemens Energyip Prepay 3.8Siemens Siveillance Identity 1.6Siemens Siveillance Identity 1.5Siemens Siveillance CommandSiemens Sipass Integrated 2.85Siemens Sipass Integrated 2.80Siemens Head-end System Universal Device Integration SystemSiemens Gma-managerSiemens Energyip 8.5Siemens Energyip 8.6Siemens Energyip 8.7Siemens Energyip 9.0Siemens Energy Engage 3.1Siemens E-car Operation Center
5.5
CVSSv3
CVE-2019-6454
An issue exists in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafte...
Systemd Project Systemd 239Opensuse Leap 15.0Netapp Active Iq Performance Analytics Services -Debian Debian Linux 8.0Debian Debian Linux 9.0Fedoraproject Fedora 29Canonical Ubuntu Linux 16.04Canonical Ubuntu Linux 18.04Canonical Ubuntu Linux 18.10Redhat Enterprise Linux Desktop 7.0Redhat Enterprise Linux Workstation 7.0Redhat Enterprise Linux Server 7.0Redhat Enterprise Linux Server Tus 7.3Redhat Enterprise Linux Server Aus 7.3Redhat Enterprise Linux Server Aus 7.4Redhat Enterprise Linux Server Tus 7.4Redhat Enterprise Linux Eus 7.4Redhat Enterprise Linux Eus 7.5Redhat Enterprise Linux Server Tus 7.6Redhat Enterprise Linux Server Eus 7.6Redhat Enterprise Linux Server Aus 7.6Redhat Enterprise Linux 8.0
9
CVSSv3
CVE-2021-40438
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and previous versions.
Apache Http ServerFedoraproject Fedora 34Fedoraproject Fedora 35Debian Debian Linux 9.0Debian Debian Linux 10.0Debian Debian Linux 11.0Netapp Cloud Backup -Netapp Storagegrid -Netapp Clustered Data Ontap -F5 F5osOracle Http Server 12.2.1.3.0Oracle Instantis Enterprisetrack 17.1Oracle Instantis Enterprisetrack 17.2Oracle Instantis Enterprisetrack 17.3Oracle Http Server 12.2.1.4.0Oracle Enterprise Manager Ops Center 12.4.0.0Oracle Zfs Storage Appliance Kit 8.8Oracle Secure Global Desktop 5.6Siemens Sinema Server 14.0Siemens Sinec Nms
7.5
CVSSv3
CVE-2020-36518
jackson-databind prior to 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.
Fasterxml Jackson-databindOracle Weblogic Server 12.2.1.3.0Oracle Commerce Platform 11.3.1Oracle Utilities Framework 4.3.0.5.0Oracle Utilities Framework 4.3.0.6.0Oracle Utilities Framework 4.4.0.0.0Oracle Weblogic Server 12.2.1.4.0Oracle Peoplesoft Enterprise Peopletools 8.58Oracle Primavera Unifier 19.12Oracle Sd-wan Edge 9.0Oracle Weblogic Server 14.1.1.0.0Oracle Coherence 14.1.1.0.0Oracle Utilities Framework 4.4.0.2.0Oracle Global Lifecycle Management Nextgen Oui Framework 13.9.4.2.2Oracle Primavera Unifier 20.12Oracle Peoplesoft Enterprise Peopletools 8.59Oracle Primavera GatewayOracle Utilities Framework 4.4.0.3.0Oracle Sd-wan Edge 9.1Oracle Commerce Platform 11.3.0Oracle Commerce Platform 11.3.2Oracle Primavera Unifier 21.12
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463CVE-2024-3400deserializationCVE-2024-21788CVE-2023-42433CVE-2024-21841CVE-2024-22095local file inclusionmemory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook