Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bootstrap vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-27294
dp-golang is a Puppet module for Go installations. before 1.2.7, dp-golang could install files — including the compiler binary — with the wrong ownership when Puppet was run as root and the installed package was On macOS: Go version 1.4.3 up to and including 1.21rc3, ...
2.1
CVSSv2
CVE-2012-6116
modules/certs/manifests/config.pp in katello-configure prior to 1.3.3.pulpv2 in Katello uses weak permissions (666) for the Candlepin bootstrap RPM, which allows local users to modify the Candlepin CA certificate by writing to this file.
Katello Katello -
Katello Katello-configure
7.5
CVSSv2
CVE-2019-8121
An insecure component vulnerability exists in Magento 2.1 before 2.1.19, Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3. Magento 2 codebase leveraged outdated versions of JS libraries (Bootstrap, jquery, Knockout) with known security vulnerabilities.
Magento Magento
NA
CVE-2023-32711
In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, a Splunk dashboard view lets a low-privileged user exploit a vulnerability in the Bootstrap web framework (CVE-2019-8331) and build a stored cross-site scripting (XSS) payload.
Splunk Splunk
7.8
CVSSv2
CVE-2010-1571
Directory traversal vulnerability in the bootstrap service in Cisco Unified Contact Center Express (UCCX) 7.0 prior to 7.0(1)SR4 and 7.0(2), unspecified 6.0 versions, and 5.0 prior to 5.0(2)SR3 allows remote malicious users to read arbitrary files via a crafted bootstrap message ...
Cisco Unified Contact Center Express 7.0
Cisco Unified Contact Center Express 6.0
Cisco Unified Contact Center Express 5.0
Cisco Customer Response Solution 6.0
Cisco Customer Response Solution 7.0
Cisco Customer Response Solution 5.0
Cisco Unified Ip Interactive Voice Response 5.0
Cisco Unified Ip Interactive Voice Response 6.0
Cisco Unified Ip Interactive Voice Response 7.0
3.5
CVSSv2
CVE-2020-29587
SimplCommerce 1.0.0-rc uses the Bootbox.js library, which allows creation of programmatic dialog boxes using Bootstrap modals. The Bootbox.js library intentionally does not perform any sanitization of user input, which results in a DOM XSS, because it uses the jQuery .html() func...
Simplcommerce Simplcommerce 1.0.0
5
CVSSv2
CVE-2022-26650
In Apache ShenYui, ShenYu-Bootstrap, RegexPredicateJudge.java uses Pattern.matches(conditionData.getParamValue(), realData) to make judgments, where both parameters are controllable by the user. This can cause an attacker pass in malicious regular expressions and characters causi...
Apache Shenyu 2.4.0
Apache Shenyu 2.4.1
Apache Shenyu 2.4.2
NA
CVE-2022-3073
Quanos "SCHEMA ST4" example web templates in version Bootstrap 2019 v2/2021 v1/2022 v1/2022 SP1 v1 or below are prone to JavaScript injection allowing a remote malicious user to hijack existing sessions to e.g. other web services in the same environment or execute scrip...
Weidmueller 19 Iot Md01 Lan H4 S0011 Firmware -
Weidmueller Fp Iot Md01 4eu S2 00000 Firmware -
Weidmueller Fp Iot Md01 Lan S2 00000 Firmware -
Weidmueller Fp Iot Md01 Lan S2 00011 Firmware -
Weidmueller Fp Iot Md02 4eu S3 00000 Firmware -
Weidmueller Iot-gw30 Firmware
Weidmueller Iot-gw30-4g-eu Firmware
Weidmueller Uc20-wl2000-ac Firmware
Weidmueller Uc20-wl2000-iot Firmware
10
CVSSv2
CVE-2019-17095
A command injection vulnerability has been discovered in the bootstrap stage of Bitdefender BOX 2, versions 2.1.47.42 and 2.1.53.45. The API method `/api/download_image` unsafely handles the production firmware URL supplied by remote servers, leading to arbitrary execution of sys...
Bitdefender Box 2 Firmware 2.1.47.42
Bitdefender Box 2 Firmware 2.1.53.45
3.5
CVSSv2
CVE-2014-3840
Multiple cross-site scripting (XSS) vulnerabilities in apps/common/templates/calculate_form_title.html in Mayan EDMS 0.13 allow remote authenticated users to inject arbitrary web script or HTML via a (1) tag or the (2) title of a source in a Staging folder, (3) Name field in a bo...
Mayan-edms Mayan Edms 0.13
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »