Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fuse fuse 2.6.0 vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2023-40167
Jetty is a Java based web server and servlet engine. Prior to versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1, Jetty accepts the `+` character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely r...
Eclipse Jetty 12.0.0
Eclipse Jetty
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Debian Debian Linux 12.0
5.3
CVSSv3
CVE-2023-33201
Bouncy Castle For Java prior to 1.74 is affected by an LDAP injection vulnerability. The vulnerability only affects applications that use an LDAP CertStore from Bouncy Castle to validate X.509 certificates. During the certificate validation process, Bouncy Castle inserts the cert...
Bouncycastle Bc-java
7.5
CVSSv3
CVE-2023-20883
In Spring Boot versions 3.0.0 - 3.0.6, 2.7.0 - 2.7.11, 2.6.0 - 2.6.14, 2.5.0 - 2.5.14 and older unsupported versions, there is potential for a denial-of-service (DoS) attack if Spring MVC is used together with a reverse proxy cache.
Vmware Spring Boot
2 Github repositories
7.5
CVSSv3
CVE-2023-22602
When using Apache Shiro prior to 1.11.0 together with Spring Boot 2.6+, a specially crafted HTTP request may cause an authentication bypass. The authentication bypass occurs when Shiro and Spring Boot are using different pattern-matching techniques. Both Shiro and Spring Boot <...
Apache Shiro
Vmware Spring Boot 2.6.0
8.2
CVSSv3
CVE-2022-1012
A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb size. This flaw may allow an malicious user to information leak and may cause a denial of service problem.
Linux Linux Kernel 5.18
Linux Linux Kernel
7.5
CVSSv3
CVE-2022-31129
moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date parsing in moment (more specifically rfc2822 parsing, which is tried ...
Momentjs Moment
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
Debian Debian Linux 10.0
7.8
CVSSv3
CVE-2022-32250
net/netfilter/nf_tables_api.c in the Linux kernel up to and including 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free.
Linux Linux Kernel
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Netapp H300s Firmware -
Netapp H500s Firmware -
Netapp H700s Firmware -
Netapp H410s Firmware -
Netapp H410c Firmware -
4 Github repositories
9.3
CVSSv3
CVE-2022-1650
Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository eventsource/eventsource prior to v2.0.2.
Eventsource Eventsource
Debian Debian Linux 10.0
7.5
CVSSv3
CVE-2022-24785
Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm (server) users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch mom...
Momentjs Moment
Tenable Tenable.sc
Netapp Active Iq -
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Debian Debian Linux 10.0
5.9
CVSSv3
CVE-2021-38153
Some components in Apache Kafka use `Arrays.equals` to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful. Users should upgrade to 2.8.1 or higher, or 3.0.0 or higher where this vulnera...
Apache Kafka
Apache Kafka 2.8.0
Quarkus Quarkus
Oracle Primavera Unifier 18.8
Oracle Primavera Unifier 19.12
Oracle Primavera Unifier 20.12
Oracle Primavera Unifier 21.12
Oracle Financial Services Enterprise Case Management 8.0.8.1
Oracle Financial Services Enterprise Case Management 8.1.1.0
Oracle Financial Services Enterprise Case Management 8.1.1.1
Oracle Financial Services Behavior Detection Platform 8.1.2.0
Oracle Financial Services Behavior Detection Platform 8.1.1.1
Oracle Financial Services Behavior Detection Platform 8.1.1.0
Oracle Financial Services Enterprise Case Management 8.0.7.1
Oracle Financial Services Enterprise Case Management 8.0.8.0
Oracle Financial Services Behavior Detection Platform
Oracle Communications Cloud Native Core Policy 1.15.0
Oracle Financial Services Enterprise Case Management 8.0.7.2
Oracle Financial Services Analytical Applications Infrastructure
Oracle Communications Brm - Elastic Charging Engine 12.0.0.5.0
Oracle Communications Brm - Elastic Charging Engine
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »