Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
api gateway vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2021-44716
net/http in Go prior to 1.16.12 and 1.17.x prior to 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests.
Golang Go
Debian Debian Linux 9.0
Netapp Cloud Insights Telegraf -
7.5
CVSSv3
CVE-2021-22955
A unauthenticated denial of service vulnerability exists in Citrix ADC <13.0-83.27, <12.1-63.22 and 11.1-65.23 when configured as a VPN (Gateway) or AAA virtual server could allow an malicious user to cause a temporary disruption of the Management GUI, Nitro API, and RPC co...
Citrix Application Delivery Controller Firmware
Citrix Gateway
7.5
CVSSv3
CVE-2021-22956
An uncontrolled resource consumption vulnerability exists in Citrix ADC <13.0-83.27, <12.1-63.22 and 11.1-65.23 that could allow an attacker with access to NSIP or SNIP with management interface access to cause a temporary disruption of the Management GUI, Nitro API, and RP...
Citrix Application Delivery Controller Firmware
Citrix Gateway
Citrix Sd-wan
7.5
CVSSv3
CVE-2021-41771
ImportedSymbols in debug/macho (for Open or OpenFat) in Go prior to 1.16.10 and 1.17.x prior to 1.17.3 Accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation.
Golang Go
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Debian Debian Linux 9.0
7.5
CVSSv3
CVE-2021-41772
Go prior to 1.16.10 and 1.17.x prior to 1.17.3 allows an archive/zip Reader.Open panic via a crafted ZIP archive containing an invalid name or an empty filename field.
Golang Go
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Oracle Timesten In-memory Database -
7.5
CVSSv3
CVE-2020-21990
Emmanuel MyDomoAtHome (MDAH) REST API REST API Domoticz ISS Gateway 0.2.40 is affected by an information disclosure vulnerability due to improper access control enforcement. An unauthenticated remote attacker can exploit this, via a specially crafted request to gain access to sen...
Domoticz Mydomoathome 0.240
7.5
CVSSv3
CVE-2020-35137
The MobileIron agents through 2021-03-22 for Android and iOS contain a hardcoded API key, used to communicate with the MobileIron SaaS discovery API, as demonstrated by Mobile@Work (aka com.mobileiron). The key is in com/mobileiron/registration/RegisterActivity.java and can be us...
Mobileiron Mobile\\@work
7.5
CVSSv3
CVE-2019-14852
A flaw was found in 3scale’s APIcast gateway that enabled the TLS 1.0 protocol. An attacker could target traffic using this weaker protocol and break its encryption, gaining access to unauthorized information. Version shipped in Red Hat 3scale API Management Platform is vul...
Redhat 3scale Api Management 2.0
7.5
CVSSv3
CVE-2020-25649
A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.
Fasterxml Jackson-databind
Netapp Oncommand Workflow Automation -
Netapp Service Level Manager -
Netapp Oncommand Api Services -
Fedoraproject Fedora 32
Quarkus Quarkus
Apache Iotdb
Oracle Webcenter Portal 12.2.1.3.0
Oracle Banking Platform 2.6.2
Oracle Utilities Framework 4.3.0.5.0
Oracle Utilities Framework 4.3.0.6.0
Oracle Utilities Framework 4.4.0.0.0
Oracle Agile Plm 9.3.6
Oracle Coherence 12.2.1.4.0
Oracle Webcenter Portal 12.2.1.4.0
Oracle Sd-wan Edge 9.0
Oracle Coherence 14.1.1.0.0
Oracle Utilities Framework 4.4.0.2.0
Oracle Communications Billing And Revenue Management 12.0.0.3.0
Oracle Communications Billing And Revenue Management 7.5.0.23.0
Oracle Communications Services Gatekeeper 7.0
Oracle Banking Platform 2.7.0
1 Github repository
1 Article
7.5
CVSSv3
CVE-2019-17566
Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET reques...
Apache Batik
Oracle Api Gateway 11.1.2.4.0
Oracle Hyperion Financial Reporting 11.1.2.4
Oracle Enterprise Repository 11.1.1.7.0
Oracle Business Intelligence 12.2.1.3.0
Oracle Retail Order Broker 15.0
Oracle Retail Order Broker 16.0
Oracle Retail Returns Management 14.1
Oracle Retail Point-of-service 14.1
Oracle Business Intelligence 12.2.1.4.0
Oracle Business Intelligence 5.5.0.0.0
Oracle Financial Services Analytical Applications Infrastructure
Oracle Fusion Middleware Mapviewer 12.2.1.4.0
Oracle Instantis Enterprisetrack
Oracle Communications Offline Mediation Controller 12.0.0.3.0
Oracle Retail Integration Bus 15.0.3
Oracle Communications Application Session Controller 3.9m0p2
Oracle Hospitality Opera 5 5.5
Oracle Hospitality Opera 5 5.6
Oracle Business Intelligence 5.9.0.0.0
Oracle Retail Order Management System Cloud Service 19.5
Oracle Jd Edwards Enterpriseone Tools
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
CVE-2006-4304
wireless
CVE-2023-23022
local file inclusion
CVE-2024-27058
CVE-2024-33820
open redirect
CVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »