Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cosminexus application server vulnerabilities and exploits
(subscribe to this query)
4.9
CVSSv3
CVE-2022-4203
A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to con...
Openssl Openssl
9.8
CVSSv3
CVE-2019-16335
A Polymorphic Typing issue exists in FasterXML jackson-databind prior to 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540.
Fasterxml Jackson-databind
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Netapp Steelstore Cloud Integrated Storage -
Netapp Oncommand Workflow Automation -
Netapp Oncommand Api Services -
Redhat Jboss Enterprise Application Platform 7.2
Redhat Jboss Enterprise Application Platform 7.3
Oracle Retail Xstore Point Of Service 15.0
Oracle Banking Platform 2.4.0
Oracle Retail Xstore Point Of Service 7.1
Oracle Banking Platform 2.4.1
Oracle Primavera Gateway 16.1
Oracle Primavera Gateway 16.2
Oracle Primavera Gateway 15.2
Oracle Banking Platform 2.5.0
Oracle Weblogic Server 12.2.1.3.0
Oracle Retail Xstore Point Of Service 16.0
Oracle Banking Platform 2.6.0
1 Github repository
9.8
CVSSv3
CVE-2019-14540
A Polymorphic Typing issue exists in FasterXML jackson-databind prior to 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.
Fasterxml Jackson-databind
Netapp Steelstore Cloud Integrated Storage -
Netapp Oncommand Workflow Automation -
Netapp Oncommand Api Services -
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Redhat Jboss Enterprise Application Platform 7.2
Redhat Jboss Enterprise Application Platform 7.3
Oracle Retail Xstore Point Of Service 15.0
Oracle Primavera Unifier 16.2
Oracle Banking Platform 2.4.0
Oracle Retail Xstore Point Of Service 7.1
Oracle Banking Platform 2.4.1
Oracle Primavera Gateway 16.2
Oracle Primavera Gateway 15.2
Oracle Banking Platform 2.5.0
Oracle Primavera Unifier 16.1
Oracle Weblogic Server 12.2.1.3.0
Oracle Retail Xstore Point Of Service 16.0
2 Github repositories
5.9
CVSSv3
CVE-2019-1559
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 by...
Openssl Openssl
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
Canonical Ubuntu Linux 16.04
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Netapp Hyper Converged Infrastructure -
Netapp Cloud Backup -
Netapp Santricity Smi-s Provider -
Netapp Element Software -
Netapp Snapdrive -
Netapp Snapcenter -
Netapp Storage Automation Store -
Netapp Ontap Select Deploy -
Netapp Steelstore Cloud Integrated Storage -
Netapp Oncommand Unified Manager -
Netapp Oncommand Workflow Automation -
Netapp Storagegrid -
Netapp Storagegrid
Netapp Oncommand Insight -
Netapp Ontap Select Deploy Administration Utility -
Netapp Service Processor -
3 Github repositories
7.5
CVSSv3
CVE-2019-12086
A Polymorphic Typing issue exists in FasterXML jackson-databind 2.x prior to 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint, the service has the mysql-connector-java jar (8.0.14 or earlier) in the classpa...
Fasterxml Jackson-databind
Debian Debian Linux 8.0
Debian Debian Linux 9.0
4 Github repositories
5.9
CVSSv3
CVE-2019-12384
FasterXML jackson-databind 2.x prior to 2.9.9.1 might allow malicious users to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization. Depending on the classpath content, remote code execution may be possible.
Fasterxml Jackson-databind
Debian Debian Linux 8.0
Redhat Enterprise Linux 7.4
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 7.5
Redhat Enterprise Linux 7.6
Redhat Enterprise Linux 7.7
5 Github repositories
7.5
CVSSv3
CVE-2020-36518
jackson-databind prior to 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.
Fasterxml Jackson-databind
Oracle Weblogic Server 12.2.1.3.0
Oracle Commerce Platform 11.3.1
Oracle Utilities Framework 4.3.0.5.0
Oracle Utilities Framework 4.3.0.6.0
Oracle Utilities Framework 4.4.0.0.0
Oracle Weblogic Server 12.2.1.4.0
Oracle Peoplesoft Enterprise Peopletools 8.58
Oracle Primavera Unifier 19.12
Oracle Sd-wan Edge 9.0
Oracle Weblogic Server 14.1.1.0.0
Oracle Coherence 14.1.1.0.0
Oracle Utilities Framework 4.4.0.2.0
Oracle Global Lifecycle Management Nextgen Oui Framework 13.9.4.2.2
Oracle Primavera Unifier 20.12
Oracle Peoplesoft Enterprise Peopletools 8.59
Oracle Primavera Gateway
Oracle Utilities Framework 4.4.0.3.0
Oracle Sd-wan Edge 9.1
Oracle Commerce Platform 11.3.0
Oracle Commerce Platform 11.3.2
Oracle Primavera Unifier 21.12
4 Github repositories
5.9
CVSSv3
CVE-2019-12814
A Polymorphic Typing issue exists in FasterXML jackson-databind 2.x up to and including 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has JDOM 1.x or 2.x jar in the classpath, an attacker...
Fasterxml Jackson-databind
Debian Debian Linux 8.0
3 Github repositories
3.7
CVSSv3
CVE-2020-2659
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241 and 8u231; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...
Oracle Jdk 1.7.0
Oracle Jdk 1.8.0
Oracle Jre 1.8.0
Oracle Openjdk 7
Oracle Openjdk 8
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.10
Netapp Active Iq Unified Manager
Netapp E-series Performance Analyzer -
Netapp E-series Santricity Management Plug-ins -
Netapp E-series Santricity Os Controller
Netapp E-series Santricity Storage Manager -
Netapp E-series Santricity Web Services Proxy -
Netapp Oncommand Insight -
Netapp Oncommand Workflow Automation -
Netapp Santricity Unified Manager -
Netapp Steelstore Cloud Integrated Storage -
Opensuse Leap 15.1
Redhat Enterprise Linux 8.0
7.5
CVSSv3
CVE-2023-44487
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
Ietf Http 2.0
Nghttp2 Nghttp2
Netty Netty
Envoyproxy Envoy 1.27.0
Envoyproxy Envoy 1.26.4
Envoyproxy Envoy 1.25.9
Envoyproxy Envoy 1.24.10
Eclipse Jetty
Caddyserver Caddy
Golang Http2
Golang Go
Golang Networking
F5 Big-ip Analytics
F5 Big-ip Policy Enforcement Manager
F5 Big-ip Local Traffic Manager
F5 Big-ip Link Controller
F5 Big-ip Global Traffic Manager
F5 Big-ip Fraud Protection Service
F5 Big-ip Domain Name System
F5 Big-ip Application Security Manager
F5 Big-ip Application Acceleration Manager
F5 Big-ip Advanced Firewall Manager
35 Github repositories
2 Articles
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »