Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
commons vulnerabilities and exploits
(subscribe to this query)
8.5
CVSSv2
CVE-2007-4364
Fedora Commons prior to 2.2.1 does not properly handle certain authentication requests involving Java Naming and Directory Interface (JNDI), related to (1) a nonexistent account name in combination with an empty password, which allows remote malicious users to trigger a certain &...
Fedoraproject Commons
NA
CVE-2023-24998
Apache Commons FileUpload prior to 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option...
Apache Commons Fileupload
Apache Commons Fileupload 1.0
Debian Debian Linux 9.0
Debian Debian Linux 11.0
7.5
CVSSv2
CVE-2017-12621
During Jelly (xml) file parsing with Apache Xerces, if a custom doctype entity is declared with a "SYSTEM" entity with a URL and that entity is used in the body of the Jelly file, during parser instantiation the parser will attempt to connect to said URL. This could lea...
Apache Commons Jelly
2 Github repositories
NA
CVE-2024-26308
Allocation of Resources Without Limits or Throttling vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.21 prior to 1.26. Users are recommended to upgrade to version 1.26, which fixes the issue.
Apache Commons Compress
5
CVSSv2
CVE-2012-2098
Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress prior to 1.4.1 allows remote malicious users to cause a denial of service (CPU consumption) via a file with many repeating inputs.
Apache Commons Compress
2 Github repositories
6.5
CVSSv2
CVE-2022-20617
Jenkins Docker Commons Plugin 1.17 and previous versions does not sanitize the name of an image or a tag, resulting in an OS command execution vulnerability exploitable by attackers with Item/Configure permission or able to control the contents of a previously configured job'...
Jenkins Docker Commons
NA
CVE-2022-40159
** DISPUTED ** This record was originally reported by the oss-fuzz project who failed to consider the security context in which JXPath is intended to be used and failed to contact the JXPath maintainers prior to requesting the CVE allocation. The CVE was then allocated by Google ...
Apache Commons Jxpath
NA
CVE-2022-40160
** DISPUTED ** This record was originally reported by the oss-fuzz project who failed to consider the security context in which JXPath is intended to be used and failed to contact the JXPath maintainers prior to requesting the CVE allocation. The CVE was then allocated by Google ...
Apache Commons Jxpath
5
CVSSv2
CVE-2018-1294
If a user of Apache Commons Email (typically an application programmer) passes unvalidated input as the so-called "Bounce Address", and that input contains line-breaks, then the email details (recipients, contents, etc.) might be manipulated. Mitigation: Users should up...
Apache Commons Email
4
CVSSv2
CVE-2019-1003074
Jenkins Hyper.sh Commons Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
Jenkins Hyper.sh Commons -
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
CVE-2006-4304
wireless
CVE-2023-23022
local file inclusion
CVE-2024-27058
CVE-2024-33820
open redirect
CVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »