Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
message gateway vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2005-4441
The PVLAN protocol allows remote malicious users to bypass network segmentation and spoof PVLAN traffic via a PVLAN message with a target MAC address that is set to a gateway router, which causes the packet to be sent to the router, where the source MAC is modified, aka "Mod...
Pvlan Protocol Pvlan Protocol
5.5
CVSSv2
CVE-2020-3238
A vulnerability in the Cisco Application Framework component of the Cisco IOx application environment could allow an authenticated, remote malicious user to write or modify arbitrary files in the virtual instance that is running on the affected device. The vulnerability is due to...
Cisco Iox
NA
CVE-2022-39065
A single malformed IEEE 802.15.4 (Zigbee) frame makes the TRÅDFRI gateway unresponsive, such that connected lighting cannot be controlled with the IKEA Home Smart app and TRÅDFRI remote control. The malformed Zigbee frame is an unauthenticated broadcast message, which...
Ikea Tradfri Gateway E1526 Firmware
1 Article
7.5
CVSSv2
CVE-2020-4207
IBM Watson IoT Message Gateway 2.0.0.x, 5.0.0.0, 5.0.0.1, and 5.0.0.2 is vulnerable to a buffer overflow, caused by improper bounds checking when handling a failed HTTP request with specific content in the headers. By sending a specially crafted HTTP request, a remote attacker co...
Ibm Iot Messagesight
Ibm Iot Messagesight 5.0.0.0
Ibm Watson Iot Platform - Message Gateway 5.0.0.1
10
CVSSv2
CVE-2011-1919
Multiple stack-based buffer overflows in GE Intelligent Platforms Proficy Applications prior to 4.4.1 SIM 101 and 5.x prior to 5.0 SIM 43 allow remote malicious users to cause a denial of service (daemon crash) or possibly execute arbitrary code via crafted TCP message traffic to...
Ge Intelligent Platforms Proficy Historian 4.0
Ge Intelligent Platforms Proficy Historian 5.0
Ge Intelligent Platforms Proficy Historian
4.3
CVSSv2
CVE-2015-2703
Multiple cross-site scripting (XSS) vulnerabilities in Websense TRITON AP-WEB prior to 8.0.0 and V-Series 7.7 appliances allow remote malicious users to inject arbitrary web script or HTML via the (1) ws-userip in the ws-encdata parameter to cve-bin/moreBlockInfo.cgi in the Data ...
Websense Triton Ap Web
Websense V-series Appliances 7.7
5.1
CVSSv2
CVE-2021-2351
Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced N...
Oracle Flexcube Investor Servicing 12.3.0
Oracle Flexcube Investor Servicing 12.1.0
Oracle Flexcube Private Banking 12.1.0
Oracle Flexcube Private Banking 12.0.0
Oracle Flexcube Investor Servicing 12.0.4
Oracle Retail Store Inventory Management 14.1
Oracle Ilearning 6.2
Oracle Hospitality Suite8 8.10.2
Oracle Retail Back Office 14.1
Oracle Weblogic Server 12.2.1.3.0
Oracle Utilities Framework 4.2.0.3.0
Oracle Flexcube Investor Servicing 12.4.0
Oracle Peoplesoft Enterprise Peopletools 8.57
Oracle Hospitality Reporting And Analytics 9.1.0
Oracle Application Testing Suite 13.3.0.1
Oracle Retail Order Broker 16.0
Oracle Retail Returns Management 14.1
Oracle Retail Central Office 14.1
Oracle Banking Platform 2.6.2
Oracle Primavera Unifier 18.8
Oracle Retail Point-of-service 14.1
Oracle Retail Predictive Application Server 15.0.3
NA
CVE-2021-4126
When receiving an OpenPGP/MIME signed email message that contains an additional outer MIME message layer, for example a message footer added by a mailing list gateway, Thunderbird only considered the inner signed message for the signature validity. This gave the false impression ...
Mozilla Thunderbird
5
CVSSv2
CVE-2015-7848
An integer overflow can occur in NTP-dev.4.3.70 leading to an out-of-bounds memory copy operation when processing a specially crafted private mode packet. The crafted packet needs to have the correct message authentication code and a valid timestamp. When processed by the NTP dae...
Ntp Ntp-dev 4.3.70
NA
CVE-2023-41259
Best Practical Request Tracker (RT) prior to 4.4.7 and 5.x prior to 5.0.5 allows Information Disclosure via fake or spoofed RT email headers in an email message or a mail-gateway REST API call.
Bestpractical Request Tracker
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »