Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
storm vulnerabilities and exploits
(subscribe to this query)
755
VMScore
CVE-2007-4816
Multiple buffer overflows in the BaoFeng2 storm ActiveX control in Mps.dll allow remote malicious users to have an unknown impact via a long (1) URL, (2) backImage, or (3) titleImage property value; (4) a long first argument to the advancedOpen method; a long argument to the (5) ...
Baofeng Storm 2.9
Baofeng Storm 2.8
1 EDB exploit
641
VMScore
CVE-2002-0479
Gravity Storm Service Pack Manager 2000 creates a hidden share (SPM2000c$) mapped to the C drive, which may allow local users to bypass access restrictions on certain directories in the C drive, such as system32, by accessing them through the hidden share.
Gravity Storm Software Service Pack Manager 2000 6.0
Gravity Storm Software Service Pack Manager 2000 6.3
Gravity Storm Software Service Pack Manager 2000 6.1
670
VMScore
CVE-2021-38294
A Command Injection vulnerability exists in the getTopologyHistory service of the Apache Storm 2.x before 2.2.1 and Apache Storm 1.x before 1.2.4. A specially crafted thrift request to the Nimbus server allows Remote Code Execution (RCE) prior to authentication.
Apache Storm
828
VMScore
CVE-2007-4943
Multiple buffer overflows in a certain ActiveX control in sparser.dll in Baofeng Storm 2.8 and previous versions allow remote malicious users to execute arbitrary code via malformed input in an unknown set of arguments or property values, a different DLL than CVE-2007-4816. NOTE:...
Baofeng Storm
668
VMScore
CVE-2021-40865
An Unsafe Deserialization vulnerability exists in the worker services of the Apache Storm supervisor server allowing pre-auth Remote Code Execution (RCE). Apache Storm 2.2.x users should upgrade to version 2.2.1 or 2.3.0. Apache Storm 2.1.x users should upgrade to version 2.1.1. ...
Apache Storm
1 Github repository
668
VMScore
CVE-2018-11779
In Apache Storm versions 1.1.0 to 1.2.2, when the user is using the storm-kafka-client or storm-kafka modules, it is possible to cause the Storm UI daemon to deserialize user provided bytes into a Java class.
Apache Storm
517
VMScore
CVE-2018-8008
Apache Storm version 1.0.6 and previous versions, 1.2.1 and previous versions, and version 1.1.2 and previous versions expose an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cp...
Apache Storm
NA
CVE-2023-43123
On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure. Of note, this does not impact modern MacOS Operating Systems. The ...
Apache Storm
578
VMScore
CVE-2018-1331
In Apache Storm 0.10.0 up to and including 0.10.2, 1.0.0 up to and including 1.0.6, 1.1.0 up to and including 1.1.2, and 1.2.0 up to and including 1.2.1, an attacker with access to a secure storm cluster in some cases could execute arbitrary code as a different user.
Apache Storm
356
VMScore
CVE-2018-1332
Apache Storm version 1.0.6 and previous versions, 1.2.1 and previous versions, and version 1.1.2 and previous versions expose a vulnerability that could allow a user to impersonate another user when communicating with some Storm Daemons.
Apache Storm
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »