Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache test vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2008-2938
Directory traversal vulnerability in Apache Tomcat 4.1.0 up to and including 4.1.37, 5.5.0 up to and including 5.5.26, and 6.0.0 up to and including 6.0.16, when allowLinking and UTF-8 are enabled, allows remote malicious users to read arbitrary files via encoded directory traver...
Apache Tomcat
2 EDB exploits
2 Metasploit modules
1 Github repository
6.5
CVSSv2
CVE-2020-11978
An issue was found in Apache Airflow versions 1.10.10 and below. A remote code/command injection vulnerability exists in one of the example DAGs shipped with Airflow which would allow any authenticated user to run arbitrary commands as the user running airflow worker/scheduler (d...
Apache Airflow
1 Metasploit module
4 Github repositories
7.5
CVSSv2
CVE-2020-13927
The previous default setting for Airflow's Experimental API was to allow all API requests without authentication, but this poses security risks to users who miss this fact. From Airflow 1.10.11 the default has been changed to deny all requests by default and is documented at...
Apache Airflow
1 Metasploit module
1 Github repository
NA
CVE-2023-45802
When a HTTP/2 stream was reset (RST frame) by a client, there was a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connection bu...
Apache Http Server
Fedoraproject Fedora 38
2 Github repositories
1.9
CVSSv2
CVE-2020-15250
In JUnit4 from version 4.7 and prior to 4.13.1, the test rule TemporaryFolder contains a local information disclosure vulnerability. On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories...
Junit Junit4
Debian Debian Linux 9.0
Apache Pluto
Oracle Communications Cloud Native Core Policy 1.14.0
6 Github repositories
7.5
CVSSv2
CVE-2021-42013
It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by t...
Apache Http Server 2.4.49
Apache Http Server 2.4.50
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Oracle Instantis Enterprisetrack 17.1
Oracle Instantis Enterprisetrack 17.2
Oracle Instantis Enterprisetrack 17.3
Oracle Jd Edwards Enterpriseone Tools
Oracle Secure Backup
Netapp Cloud Backup -
2 Metasploit modules
74 Github repositories
1 Article
4.3
CVSSv2
CVE-2021-41773
A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usu...
Apache Http Server 2.4.49
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Oracle Instantis Enterprisetrack 17.1
Oracle Instantis Enterprisetrack 17.2
Oracle Instantis Enterprisetrack 17.3
Netapp Cloud Backup -
2 Metasploit modules
155 Github repositories
3 Articles
4.3
CVSSv2
CVE-2021-36373
When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Apache Ant before 1.9.16 and 1.10.11 were aff...
Apache Ant
Oracle Retail Store Inventory Management 14.1
Oracle Enterprise Repository 11.1.1.7.0
Oracle Retail Back Office 14.1
Oracle Retail Back Office 14.0
Oracle Utilities Framework 4.2.0.3.0
Oracle Utilities Framework 4.2.0.2.0
Oracle Retail Central Office 14.0
Oracle Retail Central Office 14.1
Oracle Primavera Unifier 18.8
Oracle Retail Point-of-service 14.1
Oracle Retail Point-of-service 14.0
Oracle Retail Predictive Application Server 15.0.3
Oracle Primavera Unifier
Oracle Utilities Framework 4.4.0.0.0
Oracle Agile Plm 9.3.6
Oracle Communications Unified Inventory Management 7.4.0
Oracle Retail Store Inventory Management 16.0
Oracle Primavera Unifier 19.12
Oracle Utilities Framework
Oracle Utilities Framework 4.4.0.2.0
Oracle Communications Unified Inventory Management 7.3.0
4.3
CVSSv2
CVE-2015-3216
Race condition in a certain Red Hat patch to the PRNG lock implementation in the ssleay_rand_bytes function in OpenSSL, as distributed in openssl-1.0.1e-25.el7 in Red Hat Enterprise Linux (RHEL) 7 and other products, allows remote malicious users to cause a denial of service (app...
Redhat Enterprise Linux 7.0
Openssl Openssl 1.0.1e-25.el7
5
CVSSv2
CVE-2021-35515
When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress' sevenz package.
Apache Commons Compress
Netapp Oncommand Insight -
Netapp Active Iq Unified Manager -
Oracle Flexcube Universal Banking 12.4.0
Oracle Business Process Management Suite 12.2.1.3.0
Oracle Peoplesoft Enterprise Peopletools 8.57
Oracle Primavera Unifier 18.8
Oracle Primavera Unifier
Oracle Banking Digital Experience 19.1
Oracle Flexcube Universal Banking
Oracle Peoplesoft Enterprise Peopletools 8.58
Oracle Primavera Unifier 19.12
Oracle Banking Digital Experience 20.1
Oracle Primavera Unifier 20.12
Oracle Business Process Management Suite 12.2.1.4.0
Oracle Communications Messaging Server 8.1
Oracle Commerce Guided Search 11.3.2
Oracle Peoplesoft Enterprise Peopletools 8.59
Oracle Insurance Policy Administration 11.3.0
Oracle Insurance Policy Administration 11.0.2
Oracle Financial Services Enterprise Case Management 8.0.8.1.0
Oracle Financial Services Enterprise Case Management 8.0.7.2.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2021-35000
CVE-2024-4439
unauthorized
CVE-2024-0042
CVE-2024-31848
CVE-2023-40694
cache poisoning
CVE-2024-23707
firmware
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »