Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
commons vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-27900
Jenkins 2.393 and previous versions, LTS 2.375.3 and previous versions uses the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in hudson.util.MultipartFormDataParser, allowing malicious user...
Jenkins Jenkins
4.3
CVSSv2
CVE-2015-1039
Cross-site scripting (XSS) vulnerability in user/login.phtml in ZF-Commons ZfcUser prior to 1.2.2 allows remote malicious users to inject arbitrary web script or HTML via the redirect parameter.
Zfcuser Project Zfcuser
10
CVSSv2
CVE-2016-1985
HPE Operations Manager 8.x and 9.0 on Windows allows remote malicious users to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
Hp Operations Manager 9.0
Hp Operations Manager 8.1
Hp Operations Manager 8.16
Hp Operations Manager 8.10
10
CVSSv2
CVE-2016-1999
The server in HP Release Control 9.13, 9.20, and 9.21 allows remote malicious users to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
Hp Release Control 9.21
Hp Release Control 9.20
Hp Release Control 9.13
7.5
CVSSv2
CVE-2016-2170
Apache OFBiz 12.04.x prior to 12.04.06 and 13.07.x prior to 13.07.03 allow remote malicious users to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
Apache Ofbiz
10
CVSSv2
CVE-2016-1997
HPE Operations Orchestration 10.x prior to 10.51 and Operations Orchestration content prior to 1.7.0 allow remote malicious users to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
Hp Operations Orchestration Content
Hp Operations Orchestration 10.20
Hp Operations Orchestration 10.22
Hp Operations Orchestration 10.50
Hp Operations Orchestration 10.22.1
Hp Operations Orchestration 10.01
Hp Operations Orchestration 10.02
Hp Operations Orchestration 10.0
Hp Operations Orchestration 10.10
Hp Operations Orchestration 10.21
10
CVSSv2
CVE-2016-1998
HPE Service Manager (SM) 9.3x prior to 9.35 P4 and 9.4x prior to 9.41.P2 allows remote malicious users to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
Hp Service Manager 9.31
Hp Service Manager 9.33
Hp Service Manager 9.41
Hp Service Manager 9.40
Hp Service Manager 9.32
Hp Service Manager 9.35
Hp Service Manager 9.30
Hp Service Manager 9.34
4.4
CVSSv2
CVE-2014-1838
The (1) extract_keys_from_pdf and (2) fill_pdf functions in pdf_ext.py in logilab-commons prior to 0.61.0 allows local users to overwrite arbitrary files and possibly have other unspecified impact via a symlink attack on /tmp/toto.fdf.
Opensuse Opensuse 13.1
Opensuse Opensuse 12.3
Logilab Logilab-common
7.5
CVSSv2
CVE-2016-2000
HPE Asset Manager 9.40, 9.41, and 9.50 and Asset Manager CloudSystem Chargeback 9.40 allow remote malicious users to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.
Hp Asset Manager Cloudsystem Chargeback 9.40
Hp Asset Manager 9.50
Hp Asset Manager 9.41
Hp Asset Manager 9.40
7.5
CVSSv2
CVE-2016-1114
Adobe ColdFusion 10 before Update 19, 11 before Update 8, and 2016 before Update 1 allows remote malicious users to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
Adobe Coldfusion 10.0
Adobe Coldfusion 11.0
Adobe Coldfusion 2016
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
denial of service
CVE-2024-27371
CVE-2024-20405
CVE-2024-31627
CVE-2024-31625
race condition
CVE-2024-4358
cross-site scripting
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »