Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
traffic server vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-31992
Mealie is a self hosted recipe manager and meal planner. before 1.4.0, the safe_scrape_html function utilizes a user-controlled URL to issue a request to a remote server, however these requests are not rate-limited. While there are efforts to prevent DDoS by implementing a timeou...
NA
CVE-2024-29960
In the Brocade SANnav server versions before v2.3.1 and v2.3.0a, the SSH keys inside the OVA image are hardcoded and identical in the VM every time SANnav is installed. Any Brocade SANnav VM based on the official OVA images is vulnerable to MITM over SSH. An attacker can decrypt ...
NA
CVE-2024-3387
A weak (low bit strength) device certificate in Palo Alto Networks Panorama software enables an malicious user to perform a meddler-in-the-middle (MitM) attack to capture encrypted traffic between the Panorama management server and the firewalls it manages. With sufficient comput...
NA
CVE-2024-31309
HTTP/2 CONTINUATION DoS attack can cause Apache Traffic Server to consume more resources on the server. Version from 8.0.0 up to and including 8.1.9, from 9.0.0 up to and including 9.2.3 are affected. Users can set a new setting (proxy.config.http2.max_continuation_frames_per_min...
1 Article
NA
CVE-2024-30255
Envoy is a cloud-native, open source edge and service proxy. The HTTP/2 protocol stack in Envoy versions before 1.29.3, 1.28.2, 1.27.4, and 1.26.8 are vulnerable to CPU exhaustion due to flood of CONTINUATION frames. Envoy's HTTP/2 codec allows the client to send an unlimite...
1 Article
NA
CVE-2024-29887
Serverpod is an app and web server, built for the Flutter and Dart ecosystem. This bug bypassed the validation of TSL certificates on all none web HTTP clients in the `serverpod_client` package. Making them susceptible to a man in the middle attack against encrypted traffic betwe...
NA
CVE-2024-28756
The SolarEdge mySolarEdge application prior to 2.20.1 for Android has a certificate verification issue that allows a Machine-in-the-middle (MitM) malicious user to read and alter all network traffic between the application and the server.
NA
CVE-2024-27922
TOMP Bare Server implements the TompHTTP bare server. A vulnerability in versions before 2.0.2 relates to insecure handling of HTTP requests by the @tomphttp/bare-server-node package. This flaw potentially exposes the users of the package to manipulation of their web traffic. The...
NA
CVE-2023-49785
NextChat, also known as ChatGPT-Next-Web, is a cross-platform chat user interface for use with ChatGPT. Versions 2.11.2 and prior are vulnerable to server-side request forgery and cross-site scripting. This vulnerability enables read access to internal HTTP endpoints but also wri...
NA
CVE-2024-21849
When an Advanced WAF/ASM security policy and a Websockets profile are configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not e...
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
hardcoded
arbitrary code
CVE-2024-2404
CVE-2024-21111
CVE-2024-28627
CVE-2024-4073
information disclosure
CVE-2024-32780
CVE-2024-4040
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »