Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sap web application server vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2003-1039
Multiple buffer overflows in the mySAP.com architecture for SAP allow remote malicious users to execute arbitrary code via a long HTTP Host header to (1) Message Server, (2) Web Dispatcher, or (3) Application Server.
Sap Mysap Business Suite
4.3
CVSSv2
CVE-2009-2932
Cross-site scripting (XSS) vulnerability in uddiclient/process in the UDDI client in SAP NetWeaver Application Server (Java) 7.0 allows remote malicious users to inject arbitrary web script or HTML via the TModel Key field.
Sap Netweaver 7.0
4.3
CVSSv2
CVE-2018-2474
SAP Fiori 1.0 for SAP ERP HCM (Approve Leave Request, version 2) application allows an malicious user to trick an authenticated user to send unintended request to the web server. This vulnerability is due to insufficient CSRF protection.
Sap Fiori 1.0
NA
CVE-2019-8720
A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web content that may lead to arbitrary code execution. Improved memory handling addresses the multiple memory corruption issues.
Webkitgtk Webkitgtk
Wpewebkit Wpe Webkit
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux For Scientific Computing 7.0
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux For Power Little Endian 7.0
Redhat Enterprise Linux For Power Big Endian 7.0
Redhat Enterprise Linux For Ibm Z Systems 7.0
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux Server Tus 8.4
Redhat Enterprise Linux Eus 8.4
Redhat Enterprise Linux Server Aus 8.4
Redhat Enterprise Linux Server Update Services For Sap Solutions 8.4
Redhat Enterprise Linux For Power Little Endian 8.0
Redhat Enterprise Linux For Ibm Z Systems Eus 8.4
Redhat Enterprise Linux For Ibm Z Systems 8.0
Redhat Enterprise Linux For Power Little Endian Eus 8.4
Redhat Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions 8.4
Redhat Codeready Linux Builder 8.0
Redhat Codeready Linux Builder Eus 8.4
Redhat Codeready Linux Builder For Power Little Endian Eus 8.4
4
CVSSv2
CVE-2021-3733
There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specia...
Python Python
Python Python 3.10.0
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux Server Tus 8.4
Redhat Enterprise Linux Eus 8.4
Redhat Enterprise Linux Server Aus 8.4
Redhat Enterprise Linux Server Update Services For Sap Solutions 8.4
Redhat Enterprise Linux For Power Little Endian 8.0
Redhat Enterprise Linux For Ibm Z Systems Eus 8.4
Redhat Enterprise Linux For Ibm Z Systems 8.0
Redhat Enterprise Linux For Power Little Endian Eus 8.4
Redhat Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions 8.4
Redhat Codeready Linux Builder For Ibm Z Systems 8.0
Redhat Codeready Linux Builder For Power Little Endian 8.0
Redhat Codeready Linux Builder 8.0
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Extra Packages For Enterprise Linux 7.0
Netapp Ontap Select Deploy Administration Utility -
Netapp Hci Compute Node Firmware -
2.1
CVSSv2
CVE-2012-1717
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and previous versions, 6 update 32 and previous versions, 5 update 35 and previous versions, and 1.4.2_37 and previous versions allows local users to affect confidentiality via ...
Oracle Jre
Oracle Jre 1.5.0
Oracle Jre 1.6.0
Oracle Jre 1.7.0
Oracle Jdk
Oracle Jdk 1.5.0
Oracle Jdk 1.6.0
Oracle Jdk 1.7.0
Redhat Enterprise Linux Server 5.0
Redhat Enterprise Linux For Scientific Computing 6.0
Redhat Enterprise Linux For Power Big Endian 5.0
Redhat Enterprise Linux Server Aus 6.2
Redhat Enterprise Linux Workstation 5.0
Redhat Enterprise Linux For Ibm Z Systems 5.0
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Server 6.0
Redhat Enterprise Linux Workstation 6.0
Redhat Enterprise Linux Desktop 5.0
Redhat Enterprise Linux Eus 6.2
Redhat Enterprise Linux Server From Rhui 6.0
Redhat Satellite With Embedded Oracle 5.5
Redhat Icedtea6
4.3
CVSSv2
CVE-2011-3389
The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle malicious users...
Opera Opera Browser -
Microsoft Internet Explorer -
Microsoft Windows -
Google Chrome -
Mozilla Firefox -
Siemens Simatic Rf68xr Firmware
Siemens Simatic Rf615r Firmware
Haxx Curl
Redhat Enterprise Linux Server 5.0
Redhat Enterprise Linux Server Aus 6.2
Redhat Enterprise Linux Workstation 5.0
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Server 6.0
Redhat Enterprise Linux Workstation 6.0
Redhat Enterprise Linux Desktop 5.0
Redhat Enterprise Linux Eus 6.2
Debian Debian Linux 5.0
Debian Debian Linux 6.0
Canonical Ubuntu Linux 10.10
Canonical Ubuntu Linux 11.04
Canonical Ubuntu Linux 11.10
Canonical Ubuntu Linux 10.04
2 Github repositories
1 Article
6.8
CVSSv2
CVE-2011-3557
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and previous versions, 5.0 Update 31 and previous versions, 1.4.2_33 and previous versions, and JRockit R28.1.4 and previous versions allows remote malicious users to ...
Sun Jre 1.7.0
Sun Jdk 1.7.0
Oracle Jrockit R28.0.1
Oracle Jrockit R28.0.0
Oracle Jrockit
Oracle Jrockit R28.1.3
Oracle Jrockit R28.1.1
Oracle Jrockit R28.1.0
Oracle Jrockit R28.0.2
Sun Jre 1.6.0
Sun Jdk 1.6.0
Sun Jre
Sun Jdk
Sun Jre 1.5.0
Sun Jdk 1.5.0
Sun Jre 1.4.2 26
Sun Jre 1.4.2 25
Sun Jre 1.4.2 18
Sun Jre 1.4.2 17
Sun Jre 1.4.2 16
Sun Jre 1.4.2 9
Sun Jre 1.4.2 8
6.4
CVSSv2
CVE-2011-3560
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and previous versions, 5.0 Update 31 and previous versions, and 1.4.2_33 and previous versions allows remote untrusted Java Web Start applications and untrusted Java a...
Sun Jre 1.6.0
Sun Jdk 1.6.0
Sun Jdk
Sun Jre
Sun Jre 1.5.0
Sun Jdk 1.5.0
Sun Jre 1.4.2 28
Sun Jre 1.4.2 27
Sun Jre 1.4.2 19
Sun Jre 1.4.2 18
Sun Jre 1.4.2 11
Sun Jre 1.4.2 10
Sun Jre 1.4.2 3
Sun Jre 1.4.2 2
Sun Jre 1.4.2 1
Sun Jdk 1.4.2 28
Sun Jdk 1.4.2 27
Sun Jdk 1.4.2 20
Sun Jdk 1.4.2 19
Sun Jdk 1.4.2 12
Sun Jdk 1.4.2 11
Sun Jdk 1.4.2 10
2.6
CVSSv2
CVE-2011-3552
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and previous versions, 5.0 Update 31 and previous versions, and 1.4.2_33 and previous versions allows remote malicious users to affect integrity via unknown vectors re...
Sun Jre 1.6.0
Sun Jdk 1.6.0
Sun Jdk
Sun Jre
Sun Jre 1.5.0
Sun Jdk 1.5.0
Sun Jre 1.4.2 29
Sun Jre 1.4.2 28
Sun Jre 1.4.2 21
Sun Jre 1.4.2 20
Sun Jre 1.4.2 19
Sun Jre 1.4.2 12
Sun Jre 1.4.2 11
Sun Jre 1.4.2 4
Sun Jre 1.4.2 3
Sun Jdk 1.4.2 29
Sun Jdk 1.4.2 28
Sun Jdk 1.4.2 21
Sun Jdk 1.4.2 20
Sun Jdk 1.4.2 13
Sun Jdk 1.4.2 12
Sun Jdk 1.4.2 4
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
cross-site request forgery
unauthorized
CVE-2024-33925
reflected XSS
CVE-2023-51580
CVE-2023-51579
CVE-2015-2051
CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »