Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ovirt ovirt-engine vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2022-31051
semantic-release is an open source npm package for automated version management and package publishing. In affected versions secrets that would normally be masked by semantic-release can be accidentally disclosed if they contain characters that are excluded from uri encoding by `...
Semantic-release Project Semantic-release
7.5
CVSSv3
CVE-2021-4104
JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests t...
Apache Log4j 1.2
Fedoraproject Fedora 35
Redhat Jboss Operations Network 3.0
Redhat Jboss A-mq 6.0.0
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 6.0
Redhat Jboss Enterprise Application Platform 6.0.0
Redhat Jboss Enterprise Application Platform 7.0
Redhat Jboss Fuse 6.0.0
Redhat Jboss Fuse Service Works 6.0
Redhat Jboss Web Server 3.0
Redhat Jboss Data Virtualization 6.0.0
Redhat Enterprise Linux 8.0
Redhat Single Sign-on 7.0
Redhat Software Collections -
Redhat Jboss Fuse 7.0.0
Redhat Process Automation 7.0
Redhat Jboss Data Grid 7.0.0
Redhat Openshift Application Runtimes -
Redhat Codeready Studio 12.0
Redhat Integration Camel K -
Redhat Openshift Container Platform 4.6
21 Github repositories
7.5
CVSSv3
CVE-2021-3807
ansi-regex is vulnerable to Inefficient Regular Expression Complexity
Ansi-regex Project Ansi-regex 6.0.0
Ansi-regex Project Ansi-regex
Ansi-regex Project Ansi-regex 5.0.0
Ansi-regex Project Ansi-regex 3.0.0
Oracle Communications Cloud Native Core Policy 1.15.0
1 Github repository
7.5
CVSSv3
CVE-2021-36090
When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' zip pack...
Apache Commons Compress
Oracle Webcenter Portal 12.2.1.3.0
Oracle Business Process Management Suite 12.2.1.3.0
Oracle Peoplesoft Enterprise Peopletools 8.57
Oracle Banking Platform 2.6.2
Oracle Primavera Unifier 18.8
Oracle Primavera Unifier
Oracle Communications Unified Inventory Management 7.4.0
Oracle Banking Digital Experience 19.1
Oracle Flexcube Universal Banking
Oracle Peoplesoft Enterprise Peopletools 8.58
Oracle Primavera Unifier 19.12
Oracle Webcenter Portal 12.2.1.4.0
Oracle Banking Digital Experience 19.2
Oracle Banking Digital Experience 20.1
Oracle Banking Platform 2.7.1
Oracle Banking Platform 2.9.0
Oracle Primavera Unifier 20.12
Oracle Business Process Management Suite 12.2.1.4.0
Oracle Communications Messaging Server 8.1
Oracle Commerce Guided Search 11.3.2
Oracle Peoplesoft Enterprise Peopletools 8.59
7.5
CVSSv3
CVE-2021-35515
When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress' sevenz package.
Apache Commons Compress
Netapp Oncommand Insight -
Netapp Active Iq Unified Manager -
Oracle Flexcube Universal Banking 12.4.0
Oracle Business Process Management Suite 12.2.1.3.0
Oracle Peoplesoft Enterprise Peopletools 8.57
Oracle Primavera Unifier 18.8
Oracle Primavera Unifier
Oracle Banking Digital Experience 19.1
Oracle Flexcube Universal Banking
Oracle Peoplesoft Enterprise Peopletools 8.58
Oracle Primavera Unifier 19.12
Oracle Banking Digital Experience 20.1
Oracle Primavera Unifier 20.12
Oracle Business Process Management Suite 12.2.1.4.0
Oracle Communications Messaging Server 8.1
Oracle Commerce Guided Search 11.3.2
Oracle Peoplesoft Enterprise Peopletools 8.59
Oracle Insurance Policy Administration 11.3.0
Oracle Insurance Policy Administration 11.0.2
Oracle Financial Services Enterprise Case Management 8.0.8.1.0
Oracle Financial Services Enterprise Case Management 8.0.7.2.0
7.5
CVSSv3
CVE-2021-35516
When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' sevenz pa...
Apache Commons Compress
Netapp Oncommand Insight -
Netapp Active Iq Unified Manager -
Oracle Flexcube Universal Banking 12.4.0
Oracle Webcenter Portal 12.2.1.3.0
Oracle Business Process Management Suite 12.2.1.3.0
Oracle Peoplesoft Enterprise Peopletools 8.57
Oracle Primavera Unifier 18.8
Oracle Primavera Unifier
Oracle Banking Digital Experience 19.1
Oracle Flexcube Universal Banking
Oracle Peoplesoft Enterprise Peopletools 8.58
Oracle Primavera Unifier 19.12
Oracle Webcenter Portal 12.2.1.4.0
Oracle Banking Digital Experience 19.2
Oracle Banking Digital Experience 20.1
Oracle Primavera Unifier 20.12
Oracle Business Process Management Suite 12.2.1.4.0
Oracle Communications Messaging Server 8.1
Oracle Commerce Guided Search 11.3.2
Oracle Peoplesoft Enterprise Peopletools 8.59
Oracle Insurance Policy Administration 11.3.0
7.5
CVSSv3
CVE-2021-35517
When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' tar pack...
Apache Commons Compress
Netapp Oncommand Insight -
Netapp Active Iq Unified Manager -
Oracle Webcenter Portal 12.2.1.3.0
Oracle Business Process Management Suite 12.2.1.3.0
Oracle Peoplesoft Enterprise Peopletools 8.57
Oracle Primavera Unifier 18.8
Oracle Primavera Unifier
Oracle Banking Digital Experience 19.1
Oracle Flexcube Universal Banking
Oracle Peoplesoft Enterprise Peopletools 8.58
Oracle Primavera Unifier 19.12
Oracle Webcenter Portal 12.2.1.4.0
Oracle Banking Digital Experience 19.2
Oracle Banking Digital Experience 20.1
Oracle Primavera Unifier 20.12
Oracle Business Process Management Suite 12.2.1.4.0
Oracle Communications Messaging Server 8.1
Oracle Commerce Guided Search 11.3.2
Oracle Peoplesoft Enterprise Peopletools 8.59
Oracle Insurance Policy Administration 11.3.0
Oracle Insurance Policy Administration 11.0.2
7.5
CVSSv3
CVE-2021-33623
The trim-newlines package prior to 3.0.1 and 4.x prior to 4.0.1 for Node.js has an issue related to regular expression denial-of-service (ReDoS) for the .end() method.
Trim-newlines Project Trim-newlines
Netapp E-series Performance Analyzer -
Debian Debian Linux 10.0
7.5
CVSSv3
CVE-2021-33502
The normalize-url package prior to 4.5.1, 5.x prior to 5.3.1, and 6.x prior to 6.0.1 for Node.js has a ReDoS (regular expression denial of service) issue because it has exponential performance for data: URLs.
Normalize-url Project Normalize-url
Normalize-url Project Normalize-url 6.0.0
7.5
CVSSv3
CVE-2020-25649
A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.
Fasterxml Jackson-databind
Netapp Oncommand Workflow Automation -
Netapp Service Level Manager -
Netapp Oncommand Api Services -
Fedoraproject Fedora 32
Quarkus Quarkus
Apache Iotdb
Oracle Webcenter Portal 12.2.1.3.0
Oracle Banking Platform 2.6.2
Oracle Utilities Framework 4.3.0.5.0
Oracle Utilities Framework 4.3.0.6.0
Oracle Utilities Framework 4.4.0.0.0
Oracle Agile Plm 9.3.6
Oracle Coherence 12.2.1.4.0
Oracle Webcenter Portal 12.2.1.4.0
Oracle Sd-wan Edge 9.0
Oracle Coherence 14.1.1.0.0
Oracle Utilities Framework 4.4.0.2.0
Oracle Communications Billing And Revenue Management 12.0.0.3.0
Oracle Communications Billing And Revenue Management 7.5.0.23.0
Oracle Communications Services Gatekeeper 7.0
Oracle Banking Platform 2.7.0
1 Github repository
1 Article
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »