Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
discovery vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2013-3018
The AXIS webapp in deploy-tomcat/axis in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2 and 7.2.0 up to and including 7.2.1.4 allows remote malicious users to obtain sensitive configuration information via a direct request, as demonstrated by happyaxis.jsp. IBM...
Ibm Tivoli Application Dependency Discovery Manager
Ibm Tivoli Application Dependency Discovery Manager 7.1.2
8.1
CVSSv3
CVE-2013-3023
IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2 and 7.2.0 up to and including 7.2.1.4 might allow remote malicious users to obtain sensitive information about Tomcat credentials by sniffing the network for a session in which HTTP is used. IBM X-Force ID: 84361.
Ibm Tivoli Application Dependency Discovery Manager
Ibm Tivoli Application Dependency Discovery Manager 7.1.2
5.3
CVSSv3
CVE-2024-23688
Consensys Discovery versions less than 0.4.5 uses the same AES/GCM nonce for the entire session. which should ideally be unique for every message. The node's private key isn't compromised, only the session key generated for specific peer communication is exposed.
Consensys Discovery
9.8
CVSSv3
CVE-2018-11746
In Puppet Discovery before 1.2.0, when running Discovery against Windows hosts, WinRM connections can fall back to using basic auth over insecure channels if a HTTPS server is not available. This can expose the login credentials being used by Puppet Discovery.
Puppet Discovery
9.8
CVSSv3
CVE-2022-23463
Nepxion Discovery is a solution for Spring Cloud. Discover is vulnerable to SpEL Injection in discovery-commons. DiscoveryExpressionResolver’s eval method is evaluating expression with a StandardEvaluationContext, allowing the expression to reach and interact with Java clas...
Nepxion Discovery
7.5
CVSSv3
CVE-2022-23464
Nepxion Discovery is a solution for Spring Cloud. Discovery is vulnerable to a potential Server-Side Request Forgery (SSRF). RouterResourceImpl uses RestTemplate’s getForEntity to retrieve the contents of a URL containing user-controlled input, potentially resulting in Info...
Nepxion Discovery
9.8
CVSSv3
CVE-2018-11747
Previously, Puppet Discovery was shipped with a default generated TLS certificate in the nginx container. In version 1.4.0, a unique certificate will be generated on installation or the user will be able to provide their own TLS certificate for ingress.
Puppet Discovery
8.8
CVSSv3
CVE-2018-1455
IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 is vulnerable to cross-site request forgery which could allow an malicious user to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 11029.
Ibm Tivoli Application Dependency Discovery Manager 7.3.0
Ibm Tivoli Application Dependency Discovery Manager 7.2.2
NA
CVE-2003-1603
GE Healthcare Discovery VH has a default password of (1) interfile for the ftpclient user of the Interfile server or (2) "2" for the LOCAL user of the FTP server for the Codonics printer, which has unspecified impact and attack vectors.
Gehealthcare Discovery Vh -
5.3
CVSSv3
CVE-2022-29835
WD Discovery software executable files were signed with an unsafe SHA-1 hashing algorithm. An attacker could use this weakness to create forged certificate signatures due to the use of a hashing algorithm that is not collision-free. This could thereby impact the confidentiality o...
Westerndigital Wd Discovery
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »