Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
commons vulnerabilities and exploits
(subscribe to this query)
5.9
CVSSv3
CVE-2017-1000402
Jenkins Swarm Plugin Client 3.4 and previous versions bundled a version of the commons-httpclient library with the vulnerability CVE-2012-6153 that incorrectly verified SSL certificates, making it susceptible to man-in-the-middle attacks.
Jenkins Swarm
8.8
CVSSv3
CVE-2016-1487
Lexmark Markvision Enterprise prior to 2.3.0 misuses the Apache Commons Collections Library, leading to remote code execution because of Java deserialization.
Lexmark Markvision Enterprise
8.8
CVSSv3
CVE-2016-4405
A remote code execution vulnerability was identified in HP Business Service Management (BSM) using Apache Commons Collection Java Deserialization versions v9.20-v9.26
Hp Business Service Management
9.8
CVSSv3
CVE-2019-0189
The java.io.ObjectInputStream is known to cause Java serialisation issues. This issue here is exposed by the "webtools/control/httpService" URL, and uses Java deserialization to perform code execution. In the HttpEngine, the value of the request parameter "serviceC...
Apache Ofbiz
1 Github repository
NA
CVE-2014-3577
org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient prior to 4.3.5 and HttpAsyncClient prior to 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 cert...
Apache Httpclient
Apache Httpasyncclient
4 Github repositories
9.8
CVSSv3
CVE-2019-13116
The MuleSoft Mule Community Edition runtime engine prior to 3.8 allows remote malicious users to execute arbitrary code because of Java Deserialization, related to Apache Commons Collections
Mulesoft Mule Runtime
7.5
CVSSv3
CVE-2017-1000394
Jenkins 2.73.1 and previous versions, 2.83 and previous versions bundled a version of the commons-fileupload library with the denial-of-service vulnerability known as CVE-2016-3092. The fix for that vulnerability has been backported to the version of the library bundled with Jenk...
Jenkins Jenkins
9.8
CVSSv3
CVE-2016-1986
HP Continuous Delivery Automation (CDA) 1.30 allows remote malicious users to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
Hp Continuous Delivery Automation 1.3.0
NA
CVE-2014-1839
The Execute class in shellutils in logilab-commons prior to 0.61.0 uses tempfile.mktemp, which allows local users to have an unspecified impact by pre-creating the temporary file.
Opensuse Opensuse 12.3
Opensuse Opensuse 13.1
Logilab Logilab-common
7.5
CVSSv3
CVE-2023-27901
Jenkins 2.393 and previous versions, LTS 2.375.3 and previous versions uses the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in org.kohsuke.stapler.RequestImpl, allowing malicious users to...
Jenkins Jenkins
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »