Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
api connect vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-23301
The `news` MonkeyC operation code in CIQ API version 1.0.0 up to and including 4.1.7 fails to check that string resources are not extending past the end of the expected sections. A malicious CIQ application could craft a string that starts near the end of a section, and whose len...
Garmin Connect-iq
8.8
CVSSv3
CVE-2023-25267
An issue exists in GFI Kerio Connect 9.4.1 patch 1 (fixed in 10.0.0). There is a stack-based Buffer Overflow in the webmail component's 2FASetup function via an authenticated request with a long primaryEMailAddress field to the webmail/api/jsonrpc URI.
Gfi Kerio Connect 9.4.1
8.8
CVSSv3
CVE-2023-25194
A possible security vulnerability has been identified in Apache Kafka Connect API. This requires access to a Kafka Connect worker, and the ability to create/modify connectors on it with an arbitrary Kafka client SASL JAAS config and a SASL-based security protocol, which has been ...
Apache Kafka Connect
6 Github repositories
6.5
CVSSv3
CVE-2022-25313
In Expat (aka libexpat) prior to 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.
Libexpat Project Libexpat
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Oracle Http Server 12.2.1.3.0
Oracle Http Server 12.2.1.4.0
Oracle Zfs Storage Appliance Kit 8.8
Siemens Sinema Remote Connect Server
1 Github repository
7.5
CVSSv3
CVE-2022-25314
In Expat (aka libexpat) prior to 2.4.5, there is an integer overflow in copyString.
Libexpat Project Libexpat
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Oracle Http Server 12.2.1.3.0
Oracle Http Server 12.2.1.4.0
Oracle Zfs Storage Appliance Kit 8.8
Siemens Sinema Remote Connect Server
NA
CVE-2011-1146
libvirt.c in the API in Red Hat libvirt 0.8.8 does not properly restrict operations in a read-only connection, which allows remote malicious users to cause a denial of service (host OS crash) or possibly execute arbitrary code via a (1) virNodeDeviceDettach, (2) virNodeDeviceRese...
Redhat Libvirt 0.8.8
NA
CVE-2024-29208
An Unverified Password Change could allow a malicious actor with API access to the device to change the system password without knowing the previous password. Affected Products: UniFi Connect EV Station (Version 1.1.18 and previous versions) UniFi Connect EV Station Pro (Version ...
5.5
CVSSv3
CVE-2021-29906
IBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2, 1.3, 1.4 and 1.5 could disclose sensitive information to a local user when it is configured to use an IBM Cloud API key to connect to cloud-based connectors. IBM X-Force ID: 207630.
Ibm App Connect Enterprise Certified Container 1.0.0
Ibm App Connect Enterprise Certified Container 1.1.0
Ibm App Connect Enterprise Certified Container 1.2.0
Ibm App Connect Enterprise Certified Container 1.3.0
Ibm App Connect Enterprise Certified Container 1.4.0
Ibm App Connect Enterprise Certified Container 1.5.0
5.3
CVSSv3
CVE-2023-22943
In Splunk Add-on Builder (AoB) versions below 4.1.2 and the Splunk CloudConnect SDK versions below 3.1.3, requests to third-party APIs through the REST API Modular Input incorrectly revert to using HTTP to connect after a failure to connect over HTTPS occurs.
Splunk Cloudconnect Software Development Kit
Splunk Add-on Builder
NA
CVE-2010-3561
Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote malicious users to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the Oc...
Sun Jre 1.6.0
Sun Jre
Sun Jdk 1.6.0
Sun Jdk
Sun Jdk 1.5.0
Sun Jre 1.5.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »