Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
web studio vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-6132
The vulnerability, if exploited, could allow a malicious entity with access to the file system to achieve arbitrary code execution and privilege escalation by tricking AVEVA Edge to load an unsafe DLL.
446
VMScore
CVE-2021-34429
For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-281...
Eclipse Jetty
Netapp Snap Creator Framework -
Netapp Solidfire -
Netapp Hci Management Node -
Netapp E-series Santricity Web Services -
Netapp Snapcenter Plug-in -
Netapp E-series Santricity Os Controller
Netapp Element Plug-in For Vcenter Server -
Oracle Autovue For Agile Product Lifecycle Management 21.0.2
Oracle Retail Eftlink 20.0.1
Oracle Communications Cloud Native Core Binding Support Function 1.10.0
Oracle Communications Diameter Signaling Router
Oracle Communications Cloud Native Core Unified Data Repository 1.14.0
Oracle Communications Cloud Native Core Service Communication Proxy 1.14.0
Oracle Communications Cloud Native Core Security Edge Protection Proxy 1.5.0
Oracle Financial Services Crime And Compliance Management Studio 8.0.8.2.0
Oracle Financial Services Crime And Compliance Management Studio 8.0.8.3.0
Oracle Rest Data Services
Oracle Stream Analytics
Oracle Stream Analytics 19c
2 Github repositories
383
VMScore
CVE-2013-5042
Cross-site scripting (XSS) vulnerability in Microsoft ASP.NET SignalR 1.1.x prior to 1.1.4 and 2.0.x prior to 2.0.1, and Visual Studio Team Foundation Server 2013, allows remote malicious users to inject arbitrary web script or HTML via crafted Forever Frame transport protocol da...
Microsoft Asp.net Signalr 1.1.0
Microsoft Visual Studio Team Foundation Server 2013
Microsoft Asp.net Signalr 1.1.3
Microsoft Asp.net Signalr 2.0.0
Microsoft Asp.net Signalr 1.1.2
Microsoft Asp.net Signalr 1.1.1
578
VMScore
CVE-2019-18213
XML Language Server (aka lsp4xml) prior to 0.9.1, as used in Red Hat XML Language Support (aka vscode-xml) prior to 0.9.1 for Visual Studio and other products, allows XXE via a crafted XML document, with resultant SSRF (as well as SMB connection initiation that can lead to NetNTL...
Xml Language Server Project Xml Server Project
Eclipse Wild Web Developer -
Theia Xml Extension Project Theia Xml Extension -
755
VMScore
CVE-2013-4547
nginx 0.8.41 up to and including 1.4.3 and 1.5.x prior to 1.5.7 allows remote malicious users to bypass intended restrictions via an unescaped space character in a URI.
F5 Nginx
Opensuse Opensuse 12.3
Suse Studio Onsite 1.3
Opensuse Opensuse 11.4
Suse Webyast 1.3
Opensuse Opensuse 12.2
Opensuse Opensuse 13.1
Suse Lifecycle Management Server 1.3
1 EDB exploit
1 Github repository
384
VMScore
CVE-2019-16168
In SQLite up to and including 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner."
Sqlite Sqlite
Netapp Steelstore Cloud Integrated Storage -
Netapp Oncommand Workflow Automation -
Netapp Oncommand Insight -
Netapp Ontap Select Deploy Administration Utility -
Netapp Active Iq Unified Manager
Netapp Santricity Unified Manager -
Netapp E-series Santricity Os Controller
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.04
Canonical Ubuntu Linux 19.10
Canonical Ubuntu Linux 12.04
Fedoraproject Fedora 30
Debian Debian Linux 9.0
Tenable Nessus Agent
Oracle Solaris 11
Oracle Outside In Technology 8.5.4
Oracle Mysql
Oracle Jre 1.8.0
Oracle Jdk 1.8.0
Oracle Zfs Storage Appliance 8.8
828
VMScore
CVE-2009-4776
Buffer overflow in Hitachi Cosminexus V4 through V8, Processing Kit for XML, and Developer's Kit for Java, as used in products such as uCosminexus, Electronic Form Workflow, Groupmax, and IBM XL C/C++ Enterprise Edition 7 and 8, allows remote malicious users to have an unkno...
Hitachi Ucosminexus Application Server 06-70-/e
Hitachi Ucosminexus Developer 06-70
Hitachi Ucosminexus Application Server 06-70
Hitachi Ucosminexus Service Architect 07-60
Hitachi Ucosminexus Operator 7
Hitachi Ucosminexus Client 07-60
Hitachi Ucosminexus Application Server 06-72
Hitachi Ucosminexus Service Platform 6.7
Hitachi Ucosminexus Application Server 07-00
Hitachi Ucosminexus Application Server 07-10
Hitachi Ucosminexus Collaboration 06-35
Hitachi Ucosminexus Application Server 06-70-/f
Hitachi Ucosminexus Application Server 06-70f
Hitachi Ucosminexus Developer 6
Hitachi Ucosminexus Application Server 07-60
Hitachi Ucosminexus Application Server 6.7
Hitachi Ucosminexus Developer 8
Hitachi Ucosminexus Developer 06-71-/f
Hitachi Ucosminexus Service Architect 7
Hitachi Ucosminexus Collaboration 06-35-/f
Hitachi Ucosminexus Operator 6.7
Hitachi Ucosminexus Application Server 06-70-/g
383
VMScore
CVE-2019-13163
The Fujitsu TLS library allows a man-in-the-middle attack. This affects Interstage Application Development Cycle Manager V10 and other versions, Interstage Application Server V12 and other versions, Interstage Business Application Manager V2 and other versions, Interstage Informa...
Fujitsu Gp7000f Firmware -
Fujitsu Primepower Firmware -
Fujitsu Gps Firmware -
Fujitsu Sparc Enterprise M3000 Firmware -
Fujitsu Sparc Enterprise M4000 Firmware -
Fujitsu Sparc Enterprise M5000 Firmware -
Fujitsu Sparc Enterprise M8000 Firmware -
Fujitsu Sparc Enterprise M9000 Firmware -
Fujitsu Sparc M12-1 Firmware -
Fujitsu Sparc M12-2 Firmware -
Fujitsu Sparc M12-2s Firmware -
Fujitsu Primergy Rx2530 M5 Firmware -
Fujitsu Primergy Rx2540 M5 Firmware -
Fujitsu Primergy Rx4770 M5 Firmware -
Fujitsu Primergy Tx2550 M5 Firmware -
Fujitsu Granpower 5000 Firmware -
Fujitsu Celsius Firmware -
Fujitsu Primequest Firmware -
Fujitsu Interstage Application Development Cycle Manager 10.0
Fujitsu Interstage Application Development Cycle Manager 10.0a
Fujitsu Interstage Application Development Cycle Manager 10.1
Fujitsu Interstage Application Development Cycle Manager 10.1.1
383
VMScore
CVE-2015-2918
The Studio component in OrientDB Server Community Edition prior to 2.0.15 and 2.1.x prior to 2.1.1 does not properly restrict use of FRAME elements, which makes it easier for remote malicious users to conduct clickjacking attacks via a crafted web site.
Orientdb Orientdb 2.1.0
Orientdb Orientdb 2.0.14
605
VMScore
CVE-2015-2912
The JSONP endpoint in the Studio component in OrientDB Server Community Edition prior to 2.0.15 and 2.1.x prior to 2.1.1 does not properly restrict callback values, which allows remote malicious users to conduct cross-site request forgery (CSRF) attacks, and obtain sensitive info...
Orientdb Orientdb 2.1.0
Orientdb Orientdb
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »