Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ca vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2022-22689
CA Harvest Software Change Manager versions 13.0.3, 13.0.4, 14.0.0, and 14.0.1, contain a vulnerability in the CSV export functionality, due to insufficient input validation, that can allow a privileged user to potentially execute arbitrary code or commands.
Broadcom Ca Harvest Software Change Manager 13.0.3
Broadcom Ca Harvest Software Change Manager 13.0.4
Broadcom Ca Harvest Software Change Manager 14.0.0
Broadcom Ca Harvest Software Change Manager 14.0.1
8.8
CVSSv3
CVE-2021-40828
Connections initialized by the AWS IoT Device SDK v2 for Java (versions before 1.3.3), Python (versions before 1.5.18), C++ (versions before 1.12.7) and Node.js (versions before 1.5.1) did not verify server certificate hostname during TLS handshake when overriding Certificate Aut...
Amazon Amazon Web Services Aws-c-io
Amazon Amazon Web Services Internet Of Things Device Software Development Kit V2
8.8
CVSSv3
CVE-2021-40829
Connections initialized by the AWS IoT Device SDK v2 for Java (versions before 1.4.2), Python (versions before 1.6.1), C++ (versions before 1.12.7) and Node.js (versions before 1.5.3) did not verify server certificate hostname during TLS handshake when overriding Certificate Auth...
Amazon Amazon Web Services Internet Of Things Device Software Development Kit V2
8.8
CVSSv3
CVE-2021-40830
The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority (CA) to the root CAs instead of overriding it on Unix systems. TLS handshakes will thus succeed if the peer can be verified either from the user-supplied CA or the system&rsq...
Amazon Amazon Web Services Aws-c-io 0.10.4
Amazon Amazon Web Services Internet Of Things Device Software Development Kit V2
8.8
CVSSv3
CVE-2021-37218
HashiCorp Nomad and Nomad Enterprise Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only functionality, enabling privilege escalation. Fixed in 1.0.10 and 1.1.4.
Hashicorp Nomad
8.8
CVSSv3
CVE-2021-37219
HashiCorp Consul and Consul Enterprise 1.10.1 Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only functionality, enabling privilege escalation. Fixed in 1.8.15, 1.9.9 and 1.10.2.
Hashicorp Consul
8.8
CVSSv3
CVE-2021-28249
CA eHealth Performance Manager up to and including 6.3.2.12 is affected by Privilege Escalation via a Dynamically Linked Shared Object Library. To exploit the vulnerability, the ehealth user must create a malicious library in the writable RPATH, to be dynamically linked when the ...
Ca Ehealth Performance Manager
8.8
CVSSv3
CVE-2020-11666
CA API Developer Portal 4.3.1 and previous versions contains an access control flaw that allows malicious users to elevate privileges.
Broadcom Ca Api Developer Portal
8.8
CVSSv3
CVE-2020-11627
An issue exists in EJBCA prior to 6.15.2.6 and 7.x prior to 7.3.1.2. A Cross Site Request Forgery (CSRF) issue has been found in the CA UI.
Primekey Ejbca
8.8
CVSSv3
CVE-2019-13657
CA Performance Management 3.5.x, 3.6.x prior to 3.6.9, and 3.7.x prior to 3.7.4 have a default credential vulnerability that can allow a remote malicious user to execute arbitrary commands and compromise system security.
Broadcom Ca Performance Management 3.5.0
Broadcom Ca Performance Management
Broadcom Network Operations
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »