Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
discovery vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2013-3018
The AXIS webapp in deploy-tomcat/axis in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2 and 7.2.0 up to and including 7.2.1.4 allows remote malicious users to obtain sensitive configuration information via a direct request, as demonstrated by happyaxis.jsp. IBM...
Ibm Tivoli Application Dependency Discovery Manager
Ibm Tivoli Application Dependency Discovery Manager 7.1.2
4.3
CVSSv2
CVE-2013-3023
IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2 and 7.2.0 up to and including 7.2.1.4 might allow remote malicious users to obtain sensitive information about Tomcat credentials by sniffing the network for a session in which HTTP is used. IBM X-Force ID: 84361.
Ibm Tivoli Application Dependency Discovery Manager
Ibm Tivoli Application Dependency Discovery Manager 7.1.2
6.8
CVSSv2
CVE-2018-1455
IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 is vulnerable to cross-site request forgery which could allow an malicious user to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 11029.
Ibm Tivoli Application Dependency Discovery Manager 7.3.0
Ibm Tivoli Application Dependency Discovery Manager 7.2.2
5
CVSSv2
CVE-2018-11746
In Puppet Discovery before 1.2.0, when running Discovery against Windows hosts, WinRM connections can fall back to using basic auth over insecure channels if a HTTPS server is not available. This can expose the login credentials being used by Puppet Discovery.
Puppet Discovery
NA
CVE-2022-23464
Nepxion Discovery is a solution for Spring Cloud. Discovery is vulnerable to a potential Server-Side Request Forgery (SSRF). RouterResourceImpl uses RestTemplate’s getForEntity to retrieve the contents of a URL containing user-controlled input, potentially resulting in Info...
Nepxion Discovery
NA
CVE-2022-23463
Nepxion Discovery is a solution for Spring Cloud. Discover is vulnerable to SpEL Injection in discovery-commons. DiscoveryExpressionResolver’s eval method is evaluating expression with a StandardEvaluationContext, allowing the expression to reach and interact with Java clas...
Nepxion Discovery
NA
CVE-2024-23688
Consensys Discovery versions less than 0.4.5 uses the same AES/GCM nonce for the entire session. which should ideally be unique for every message. The node's private key isn't compromised, only the session key generated for specific peer communication is exposed.
Consensys Discovery
7.5
CVSSv2
CVE-2018-11747
Previously, Puppet Discovery was shipped with a default generated TLS certificate in the nginx container. In version 1.4.0, a unique certificate will be generated on installation or the user will be able to provide their own TLS certificate for ingress.
Puppet Discovery
NA
CVE-2023-47460
SQL injection vulnerability in Knovos Discovery v.22.67.0 allows a remote malicious user to execute arbitrary code via the /DiscoveryProcess/Service/Admin.svc/getGridColumnStructure component.
Knovos Discovery 22.67.0
1 Github repository
NA
CVE-2022-29835
WD Discovery software executable files were signed with an unsafe SHA-1 hashing algorithm. An attacker could use this weakness to create forged certificate signatures due to the use of a hashing algorithm that is not collision-free. This could thereby impact the confidentiality o...
Westerndigital Wd Discovery
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »