Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
java web console vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2020-1947
In Apache ShardingSphere(incubator) 4.0.0-RC3 and 4.0.0, the ShardingSphere's web console uses the SnakeYAML library for parsing YAML inputs to load datasource configuration. SnakeYAML allows to unmarshal data to a Java type By using the YAML tag. Unmarshalling untrusted dat...
Apache Shardingsphere 4.0.0
4 Github repositories
5.8
CVSSv2
CVE-2010-3544
Unspecified vulnerability in the Oracle iPlanet Web Server (Sun Java System Web Server) component in Oracle Sun Products Suite 7.0 allows remote malicious users to affect integrity and availability via unknown vectors related to Administration. NOTE: the previous information was ...
Oracle Sun Products Suite 7.0
5
CVSSv2
CVE-2012-3315
The Java servlets in the management console in IBM Tivoli Federated Identity Manager (TFIM) up to and including 6.2.2 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) prior to 6.2.2 do not require authentication for all resource downloads, which allows remote malic...
Ibm Tivoli Federated Identity Manager
Ibm Tivoli Federated Identity Manager 6.2.0.9
Ibm Tivoli Federated Identity Manager 6.2.0.2
Ibm Tivoli Federated Identity Manager 6.2.0.8
Ibm Tivoli Federated Identity Manager 6.2.0.3
Ibm Tivoli Federated Identity Manager 6.2.1
Ibm Tivoli Federated Identity Manager 6.1.1
Ibm Tivoli Federated Identity Manager 6.2.0
Ibm Tivoli Federated Identity Manager 6.2.0.1
Ibm Tivoli Federated Identity Manager Business Gateway 6.1.1
Ibm Tivoli Federated Identity Manager Business Gateway 6.2.0.1
Ibm Tivoli Federated Identity Manager Business Gateway 6.2.0
Ibm Tivoli Federated Identity Manager Business Gateway
Ibm Tivoli Federated Identity Manager Business Gateway 6.2.0.8
Ibm Tivoli Federated Identity Manager Business Gateway 6.2.0.3
Ibm Tivoli Federated Identity Manager Business Gateway 6.2.0.2
4.6
CVSSv2
CVE-2017-10062
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Oracle Java Web Console). The supported version that is affected is 10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris execut...
Oracle Solaris 10
10
CVSSv2
CVE-2021-42392
The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. An attacker may pass a JNDI driver name and a URL leading to a LDAP or RMI servers, causing remote code execution. This can be exploited thr...
H2database H2
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Oracle Communications Cloud Native Core Policy 1.15.0
8 Github repositories
NA
CVE-2023-32315
Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenti...
Igniterealtime Openfire
13 Github repositories
3 Articles
NA
CVE-2023-44487
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
Ietf Http 2.0
Nghttp2 Nghttp2
Netty Netty
Envoyproxy Envoy 1.27.0
Envoyproxy Envoy 1.26.4
Envoyproxy Envoy 1.25.9
Envoyproxy Envoy 1.24.10
Eclipse Jetty
Caddyserver Caddy
Golang Http2
Golang Go
Golang Networking
F5 Big-ip Analytics
F5 Big-ip Policy Enforcement Manager
F5 Big-ip Local Traffic Manager
F5 Big-ip Link Controller
F5 Big-ip Global Traffic Manager
F5 Big-ip Fraud Protection Service
F5 Big-ip Domain Name System
F5 Big-ip Application Security Manager
F5 Big-ip Application Acceleration Manager
F5 Big-ip Advanced Firewall Manager
34 Github repositories
2 Articles
4.3
CVSSv2
CVE-2021-45105
Apache Log4j2 versions 2.0-alpha1 up to and including 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted strin...
Apache Log4j
Netapp Cloud Manager -
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Sonicwall Network Security Manager
Sonicwall Email Security
Sonicwall Web Application Firewall
Sonicwall 6bk1602-0aa12-0tp0 Firmware
Sonicwall 6bk1602-0aa22-0tp0 Firmware
Sonicwall 6bk1602-0aa32-0tp0 Firmware
Sonicwall 6bk1602-0aa42-0tp0 Firmware
Sonicwall 6bk1602-0aa52-0tp0 Firmware
Oracle E-business Suite 12.2
Oracle Retail Back Office 14.1
Oracle Weblogic Server 12.2.1.3.0
Oracle Webcenter Portal 12.2.1.3.0
Oracle Webcenter Sites 12.2.1.3.0
Oracle Managed File Transfer 12.2.1.3.0
Oracle Retail Order Broker 16.0
Oracle Retail Integration Bus 14.1.3
Oracle Retail Returns Management 14.1
Oracle Retail Central Office 14.1
74 Github repositories
5 Articles
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2021-35000
CVE-2024-4439
unauthorized
CVE-2024-0042
CVE-2024-31848
CVE-2023-40694
cache poisoning
CVE-2024-23707
firmware
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4