Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
api gateway vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2021-41772
Go prior to 1.16.10 and 1.17.x prior to 1.17.3 allows an archive/zip Reader.Open panic via a crafted ZIP archive containing an invalid name or an empty filename field.
Golang Go
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Oracle Timesten In-memory Database -
6.8
CVSSv2
CVE-2021-40438
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and previous versions.
Apache Http Server
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Netapp Cloud Backup -
Netapp Storagegrid -
Netapp Clustered Data Ontap -
F5 F5os
Oracle Http Server 12.2.1.3.0
Oracle Instantis Enterprisetrack 17.1
Oracle Instantis Enterprisetrack 17.2
Oracle Instantis Enterprisetrack 17.3
Oracle Http Server 12.2.1.4.0
Oracle Enterprise Manager Ops Center 12.4.0.0
Oracle Zfs Storage Appliance Kit 8.8
Oracle Secure Global Desktop 5.6
Siemens Sinema Server 14.0
Siemens Sinec Nms
13 Github repositories
4.3
CVSSv2
CVE-2021-36371
Emissary-Ingress (formerly Ambassador API Gateway) up to and including 1.13.9 allows malicious users to bypass client certificate requirements (i.e., mTLS cert_required) on backend upstreams when more than one TLSContext is defined and at least one configuration exists that does ...
Getambassador Emissary-ingress
5.8
CVSSv2
CVE-2021-32753
EdgeX Foundry is an open source project for building a common open framework for internet-of-things edge computing. A vulnerability exists in the Edinburgh, Fuji, Geneva, and Hanoi versions of the software. When the EdgeX API gateway is configured for OAuth2 authentication and a ...
Edgexfoundry Edgex Foundry
6.5
CVSSv2
CVE-2021-34824
Istio (1.8.x, 1.9.0-1.9.5 and 1.10.0-1.10.1) contains a remotely exploitable vulnerability where credentials specified in the Gateway and DestinationRule credentialName field can be accessed from different namespaces.
Istio Istio
1 Github repository
5
CVSSv2
CVE-2020-21990
Emmanuel MyDomoAtHome (MDAH) REST API REST API Domoticz ISS Gateway 0.2.40 is affected by an information disclosure vulnerability due to improper access control enforcement. An unauthenticated remote attacker can exploit this, via a specially crafted request to gain access to sen...
Domoticz Mydomoathome 0.240
4.3
CVSSv2
CVE-2021-21409
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.61.Final there is a vulnerability that enables request ...
Netty Netty
Debian Debian Linux 10.0
Netapp Oncommand Workflow Automation -
Netapp Oncommand Api Services -
Oracle Coherence 12.2.1.4.0
Oracle Coherence 14.1.1.0.0
Oracle Banking Trade Finance Process Management 14.3.0
Oracle Banking Credit Facilities Process Management 14.3.0
Oracle Banking Corporate Lending Process Management 14.3.0
Oracle Primavera Gateway
Oracle Banking Trade Finance Process Management 14.5.0
Oracle Banking Credit Facilities Process Management 14.2.0
Oracle Banking Credit Facilities Process Management 14.5.0
Oracle Banking Corporate Lending Process Management 14.2.0
Oracle Banking Corporate Lending Process Management 14.5.0
Oracle Banking Trade Finance Process Management 14.2.0
Oracle Communications Messaging Server 8.1
Oracle Communications Brm - Elastic Charging Engine 12.0.0.3
Oracle Communications Design Studio 7.4.2.0.0
Oracle Communications Cloud Native Core Console 1.7.0
Oracle Nosql Database
Oracle Communications Cloud Native Core Policy 1.14.0
4.3
CVSSv2
CVE-2020-35137
The MobileIron agents through 2021-03-22 for Android and iOS contain a hardcoded API key, used to communicate with the MobileIron SaaS discovery API, as demonstrated by Mobile@Work (aka com.mobileiron). The key is in com/mobileiron/registration/RegisterActivity.java and can be us...
Mobileiron Mobile\\@work
4.3
CVSSv2
CVE-2021-3449
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_ce...
Openssl Openssl
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Freebsd Freebsd 12.2
Netapp Santricity Smi-s Provider -
Netapp Snapcenter -
Netapp Oncommand Workflow Automation -
Netapp Storagegrid -
Netapp Oncommand Insight -
Netapp Ontap Select Deploy Administration Utility -
Netapp Active Iq Unified Manager -
Netapp Cloud Volumes Ontap Mediator -
Netapp E-series Performance Analyzer -
Tenable Tenable.sc
Tenable Nessus
Tenable Nessus Network Monitor 5.11.1
Tenable Nessus Network Monitor 5.12.0
Tenable Nessus Network Monitor 5.12.1
Tenable Nessus Network Monitor 5.13.0
Tenable Nessus Network Monitor 5.11.0
Tenable Log Correlation Engine
Fedoraproject Fedora 34
5 Github repositories
1 Article
5.8
CVSSv2
CVE-2021-3450
The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve paramet...
Openssl Openssl
Freebsd Freebsd 12.2
Netapp Santricity Smi-s Provider Firmware -
Netapp Storagegrid Firmware -
Windriver Linux -
Windriver Linux 18.0
Windriver Linux 19.0
Windriver Linux 17.0
Netapp Oncommand Workflow Automation -
Netapp Storagegrid -
Netapp Ontap Select Deploy Administration Utility -
Netapp Cloud Volumes Ontap Mediator -
Fedoraproject Fedora 34
Tenable Nessus Agent
Tenable Nessus
Tenable Nessus Network Monitor 5.11.1
Tenable Nessus Network Monitor 5.12.0
Tenable Nessus Network Monitor 5.12.1
Tenable Nessus Network Monitor 5.13.0
Tenable Nessus Network Monitor 5.11.0
Oracle Jd Edwards World Security A9.4
Oracle Weblogic Server 12.2.1.4.0
1 Github repository
1 Article
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700
CVE-2022-48689
CVE-2024-27956
CVE-2023-6363
SQL
NULL pointer dereference
CVE-2023-41830
CVE-2015-2051
arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »