Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
enterprise vulnerabilities and exploits
(subscribe to this query)
169
VMScore
CVE-2015-7328
Puppet Server in Puppet Enterprise prior to 3.8.x prior to 3.8.3 and 2015.2.x prior to 2015.2.3 uses world-readable permissions for the private key of the Certification Authority (CA) certificate during the initial installation and configuration, which might allow local users to ...
Puppet Puppet Enterprise 2015.2.0
Puppet Puppet Enterprise 2015.2.2
Puppet Puppet Enterprise 2015.2.1
Puppet Puppet Enterprise 3.8.2
Puppet Puppet Enterprise 3.8.0
Puppet Puppet Enterprise 3.8.1
605
VMScore
CVE-2013-6369
Stack-based buffer overflow in the jbg_dec_in function in libjbig/jbig.c in JBIG-KIT prior to 2.1 allows remote malicious users to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted image file.
Cambridge Enterprise Jbig-kit 1.4
Cambridge Enterprise Jbig-kit 1.3
Cambridge Enterprise Jbig-kit 0.5
Cambridge Enterprise Jbig-kit 1.6
Cambridge Enterprise Jbig-kit 1.5
Cambridge Enterprise Jbig-kit 0.7
Cambridge Enterprise Jbig-kit 0.6
Cambridge Enterprise Jbig-kit
Cambridge Enterprise Jbig-kit 0.9
Cambridge Enterprise Jbig-kit 0.8
Cambridge Enterprise Jbig-kit 1.2
Cambridge Enterprise Jbig-kit 1.1
Cambridge Enterprise Jbig-kit 1.0
490
VMScore
CVE-2017-2293
Versions of Puppet Enterprise before 2016.4.5 or 2017.2.1 shipped with an MCollective configuration that allowed the package plugin to install or remove arbitrary packages on all managed agents. This release adds default configuration to not allow these actions. Customers who rel...
Puppet Puppet Enterprise 2016.5.2
Puppet Puppet Enterprise 2017.1.1
Puppet Puppet Enterprise
Puppet Puppet Enterprise 2016.5.1
Puppet Puppet Enterprise 2017.1.0
534
VMScore
CVE-2017-2297
Puppet Enterprise versions before 2016.4.5 and 2017.2.1 did not correctly authenticate users before returning labeled RBAC access tokens. This issue has been fixed in Puppet Enterprise 2016.4.5 and 2017.2.1. This only affects users with labeled tokens, which is not the default fo...
Puppet Puppet Enterprise 2017.1.1
Puppet Puppet Enterprise 2017.1.0
Puppet Puppet Enterprise 2016.5.2
Puppet Puppet Enterprise 2016.5.1
Puppet Puppet Enterprise
445
VMScore
CVE-2017-2294
Versions of Puppet Enterprise before 2016.4.5 or 2017.2.1 failed to mark MCollective server private keys as sensitive (a feature added in Puppet 4.6), so key values could be logged and stored in PuppetDB. These releases use the sensitive data type to ensure this won't happen...
Puppet Puppet Enterprise 2016.5.2
Puppet Puppet Enterprise 2017.1.0
Puppet Puppet Enterprise 2017.1.1
Puppet Puppet Enterprise 2016.5.1
Puppet Puppet Enterprise
668
VMScore
CVE-2001-0947
Forms.exe CGI program in ValiCert Enterprise Validation Authority (EVA) 3.3 up to and including 4.2.1 allows remote malicious users to determine the real pathname of the server by requesting an invalid extension, which produces an error page that includes the path.
Valicert Enterprise Validation Authority 3.6
Valicert Enterprise Validation Authority 3.3
Valicert Enterprise Validation Authority 4.0
Valicert Enterprise Validation Authority 3.8
Valicert Enterprise Validation Authority 4.2
Valicert Enterprise Validation Authority 4.1
Valicert Enterprise Validation Authority 4.2.1
Valicert Enterprise Validation Authority 3.5
Valicert Enterprise Validation Authority 3.4
Valicert Enterprise Validation Authority 3.9
Valicert Enterprise Validation Authority 3.7
668
VMScore
CVE-2001-0949
Buffer overflows in forms.exe CGI program in ValiCert Enterprise Validation Authority (EVA) Administration Server 3.3 up to and including 4.2.1 allows remote malicious users to execute arbitrary code via long arguments to the parameters (1) Mode, (2) Certificate_File, (3) useExpi...
Valicert Enterprise Validation Authority 3.6
Valicert Enterprise Validation Authority 3.3
Valicert Enterprise Validation Authority 4.0
Valicert Enterprise Validation Authority 3.8
Valicert Enterprise Validation Authority 4.2
Valicert Enterprise Validation Authority 4.1
Valicert Enterprise Validation Authority 4.2.1
Valicert Enterprise Validation Authority 3.5
Valicert Enterprise Validation Authority 3.4
Valicert Enterprise Validation Authority 3.9
Valicert Enterprise Validation Authority 3.7
668
VMScore
CVE-2001-0948
Cross-site scripting (CSS) vulnerability in ValiCert Enterprise Validation Authority (EVA) 3.3 up to and including 4.2.1 allows remote malicious users to execute arbitrary code or display false information by including HTML or script in the certificate's description, which i...
Valicert Enterprise Validation Authority 3.6
Valicert Enterprise Validation Authority 3.3
Valicert Enterprise Validation Authority 4.0
Valicert Enterprise Validation Authority 3.8
Valicert Enterprise Validation Authority 4.2
Valicert Enterprise Validation Authority 4.1
Valicert Enterprise Validation Authority 4.2.1
Valicert Enterprise Validation Authority 3.5
Valicert Enterprise Validation Authority 3.4
Valicert Enterprise Validation Authority 3.9
Valicert Enterprise Validation Authority 3.7
641
VMScore
CVE-2022-31594
A highly privileged user can exploit SUID-root program to escalate his privileges to root on a local Unix system.
Sap Adaptive Server Enterprise 16.0
Sap Adaptive Server Enterprise Krnl64uc 7.22
Sap Adaptive Server Enterprise Krnl64uc 7.22ext
Sap Adaptive Server Enterprise Krnl64uc 7.49
Sap Adaptive Server Enterprise Krnl64uc 7.53
Sap Adaptive Server Enterprise Krnl64nuc 7.22
Sap Adaptive Server Enterprise Krnl64nuc 7.22ext
Sap Adaptive Server Enterprise Krnl64nuc 7.49
Sap Adaptive Server Enterprise Kernel 7.22
Sap Adaptive Server Enterprise Kernel 7.49
Sap Adaptive Server Enterprise Kernel 7.53
312
VMScore
CVE-2013-5425
Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Virtual Enterprise 6.1 prior to 6.1.1.6 and 7.0 prior to 7.0.0.4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
Ibm Websphere Virtual Enterprise 6.1.1.3
Ibm Websphere Virtual Enterprise 6.1.1.4
Ibm Websphere Virtual Enterprise 7.0.0.2
Ibm Websphere Virtual Enterprise 7.0.0.1
Ibm Websphere Virtual Enterprise 6.1
Ibm Websphere Virtual Enterprise 6.1.1
Ibm Websphere Virtual Enterprise 6.1.1.1
Ibm Websphere Virtual Enterprise 6.1.1.2
Ibm Websphere Virtual Enterprise 7.0.0.3
Ibm Websphere Virtual Enterprise 6.1.1.5
Ibm Websphere Virtual Enterprise 7.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
bypass
open redirect
CVE-2024-4358
CVE-2024-24199
CVE-2024-5550
CVE-2024-5305
CVE-2024-30373
CVE-2024-1800
deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »