Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jboss enterprise application platform vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-2650
Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit...
Openssl Openssl
Debian Debian Linux 10.0
Debian Debian Linux 11.0
1 Github repository
NA
CVE-2023-28321
An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl can be built to use its own name matching function for TLS rather t...
Haxx Curl
Debian Debian Linux 10.0
Fedoraproject Fedora 37
Fedoraproject Fedora 38
Netapp Clustered Data Ontap -
Netapp Ontap Antivirus Connector -
Netapp H300s Firmware -
Netapp H500s Firmware -
Netapp H700s Firmware -
Netapp H410s Firmware -
Apple Macos
1 Github repository
NA
CVE-2023-29469
An issue exists in libxml2 prior to 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an...
Xmlsoft Libxml2
Debian Debian Linux 10.0
1 Github repository
NA
CVE-2023-28484
In libxml2 prior to 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.
Xmlsoft Libxml2
Debian Debian Linux 10.0
NA
CVE-2023-26048
Jetty is a java based web server and servlet engine. In affected versions servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a...
Eclipse Jetty
1 Github repository
NA
CVE-2023-26049
Jetty is a java based web server and servlet engine. Nonstandard cookie parsing in Jetty may allow an malicious user to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that...
Eclipse Jetty
Eclipse Jetty 12.0.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Debian Debian Linux 12.0
Netapp E-series Santricity Web Services -
Netapp E-series Santricity Unified Manager -
Netapp Active Iq Unified Manager -
Netapp E-series Santricity Os Controller
NA
CVE-2023-0465
Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. Invalid certificate policies in leaf certificates are silently ignored by OpenSSL and other certificate policy checks are skippe...
Openssl Openssl
NA
CVE-2023-0466
The function X509_VERIFY_PARAM_add0_policy() is documented to implicitly enable the certificate policy check when doing certificate verification. However the implementation of the function does not enable the check which allows certificates with invalid or incorrect policies to p...
Openssl Openssl
1 Github repository
NA
CVE-2023-0464
A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers e...
Openssl Openssl
2 Github repositories
NA
CVE-2023-1436
An infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This leads to a StackOverflowError exception being thrown.
Jettison Project Jettison
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »