Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
karaf vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2014-0120
Cross-site request forgery (CSRF) vulnerability in the admin terminal in Hawt.io allows remote malicious users to hijack the authentication of arbitrary users for requests that run commands on the Karaf server, as demonstrated by running "shutdown -f."
Hawt Hawtio
Redhat Jboss Fuse 6.1.0
7.5
CVSSv3
CVE-2017-1000406
OpenDaylight Karaf 0.6.1-Carbon fails to clear the cache after a password change, allowing the old password to be used until the Karaf cache is manually cleared (e.g. via restart).
Opendaylight Karaf 0.6.1-carbon
5.5
CVSSv3
CVE-2014-0219
Apache Karaf prior to 4.0.10 enables a shutdown port on the loopback interface, which allows local users to cause a denial of service (shutdown) by sending a shutdown command to all listening high ports.
Apache Karaf
9.8
CVSSv3
CVE-2015-1778
The custom authentication realm used by karaf-tomcat's "opendaylight" realm in Opendaylight before Helium SR3 will authenticate any username and password combination.
Opendaylight Opendaylight -
6.6
CVSSv3
CVE-2016-3129
A remote shell execution vulnerability in the BlackBerry Good Enterprise Mobility Server (GEMS) implementation of the Apache Karaf command shell in GEMS versions 2.1.5.3 to 2.2.22.25 allows remote malicious users to obtain local administrator rights on the GEMS server via command...
Blackberry Good Enterprise Mobility Server
NA
CVE-2014-7733
The Karaf Magazin (aka com.magzter.karafmagazin) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle malicious users to spoof servers and obtain sensitive information via a crafted certificate.
Magzter Karaf Magazin 3
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
injection
CVE-2024-30983
CVE-2023-4235
CVE-2024-21338
privilege
encryption
CVE-2023-4232
CVE-2024-31497
CVE-2024-32341
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2