Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jfrog vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-4142
An Improper input validation vulnerability that could potentially lead to privilege escalation exists in JFrog Artifactory. Due to this vulnerability, users with low privileges may gain administrative access to the system. This issue can also be exploited in Artifactory platforms...
NA
CVE-2023-42661
JFrog Artifactory prior to version 7.76.2 is vulnerable to Arbitrary File Write of untrusted data, which may lead to DoS or Remote Code Execution when a specially crafted series of requests is sent by an authenticated user. This is due to insufficient validation of artifacts.
NA
CVE-2023-42662
JFrog Artifactory versions 7.59 and above, but below 7.59.18, 7.63.18, 7.68.19, 7.71.8 are vulnerable to an issue whereby user interaction with specially crafted URLs could lead to exposure of user access tokens due to improper handling of the CLI / IDE browser based SSO integrat...
10
CVSSv2
CVE-2022-23221
H2 Console prior to 2.1.210 allows remote malicious users to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.
H2database H2
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Oracle Communications Cloud Native Core Console 1.9.0
5 Github repositories
10
CVSSv2
CVE-2021-42392
The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. An attacker may pass a JNDI driver name and a URL leading to a LDAP or RMI servers, causing remote code execution. This can be exploited thr...
H2database H2
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Oracle Communications Cloud Native Core Policy 1.15.0
8 Github repositories
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4