Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
commons vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2016-1114
Adobe ColdFusion 10 before Update 19, 11 before Update 8, and 2016 before Update 1 allows remote malicious users to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
Adobe Coldfusion 10.0
Adobe Coldfusion 11.0
Adobe Coldfusion 2016
8.1
CVSSv3
CVE-2019-10754
Multiple classes used within Apereo CAS before release 6.1.0-RC5 makes use of apache commons-lang3 RandomStringUtils for token and ID generation which makes them predictable due to RandomStringUtils PRNG's algorithm not being cryptographically strong.
Apereo Central Authentication Service 6.1.0
Apereo Central Authentication Service
8.8
CVSSv3
CVE-2016-2009
HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.
Hp Network Node Manager I 10.00
Hp Network Node Manager I 9.24
Hp Network Node Manager I 9.20
Hp Network Node Manager I 10.01
Hp Network Node Manager I 9.25
Hp Network Node Manager I 9.23
NA
CVE-2014-0111
Apache Syncope 1.0.0 prior to 1.0.9 and 1.1.0 prior to 1.1.7 allows remote administrators to execute arbitrary Java code via vectors related to Apache Commons JEXL expressions, "derived schema definition," "user / role templates," and "account links of re...
Apache Syncope
6.1
CVSSv3
CVE-2023-29506
XWiki Commons are technical libraries common to several other top level XWiki projects. It was possible to inject some code using the URL of authenticated endpoints. This problem has been patched on XWiki 13.10.11, 14.4.7 and 14.10.
Xwiki Xwiki 14.10
Xwiki Xwiki
Xwiki Xwiki 14.6
NA
CVE-2014-2600
Unspecified vulnerability in HP IceWall Identity Manager 4.0 through SP1 and 5.0 and IceWall SSO 10.0 Password Reset Option, when Apache Commons FileUpload is used, allows remote authenticated users to cause a denial of service via unknown vectors.
Hp Icewall Identity Manager 4.0
Hp Icewall Sso Password Reset Option 10.0
Hp Icewall Identity Manager 5.0
NA
CVE-2006-4778
SQL injection vulnerability in Creative Commons Tools ccHost prior to 3.0 allows remote malicious users to execute arbitrary SQL commands via a crafted URL, which is used to populate the file ID. NOTE: Some details are obtained from third party information.
Cchost Cchost
9.8
CVSSv3
CVE-2016-4368
HPE Universal CMDB 10.0 up to and including 10.21, Universal CMDB Configuration Manager 10.0 up to and including 10.21, and Universal Discovery 10.0 up to and including 10.21 allow remote malicious users to execute arbitrary commands via a crafted serialized Java object, related ...
Hp Universal Cmbd Foundation 10.20
Hp Universal Cmbd Foundation 10.11
Hp Universal Cmbd Foundation 10.10
Hp Universal Cmbd Foundation 10.01
Hp Universal Cmbd Foundation 10.0
Hp Universal Cmbd Foundation 10.21
Hp Universal Cmbd Configuration Manager 10.10
Hp Universal Cmbd Configuration Manager 10.11
Hp Universal Cmbd Configuration Manager 10.20
Hp Universal Cmbd Configuration Manager 10.21
Hp Universal Cmbd Configuration Manager 10.01
Hp Universal Cmbd Configuration Manager 10.0
Hp Universal Discovery 10.11
Hp Universal Discovery 10.20
Hp Universal Discovery 10.21
Hp Universal Discovery 10.01
Hp Universal Discovery 10.0
Hp Universal Discovery 10.10
8.8
CVSSv3
CVE-2016-4369
HPE Discovery and Dependency Mapping Inventory (DDMi) 9.30, 9.31, 9.32, 9.32 update 1, 9.32 update 2, and 9.32 update 3 allows remote authenticated users to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
Hp Discovery And Dependency Mapping Inventory 9.31
Hp Discovery And Dependency Mapping Inventory 9.30
Hp Discovery And Dependency Mapping Inventory 9.32
9.8
CVSSv3
CVE-2015-7450
Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote malicious users to execute arbitrary commands via a crafted serialized Java object, related to the InvokerTransformer class in the ...
Ibm Tivoli Common Reporting 3.1.2
Ibm Tivoli Common Reporting 3.1.0.2
Ibm Tivoli Common Reporting 3.1.0.1
Ibm Tivoli Common Reporting 3.1
Ibm Tivoli Common Reporting 3.1.2.1
Ibm Tivoli Common Reporting 2.1
Ibm Tivoli Common Reporting 2.1.1.2
Ibm Tivoli Common Reporting 2.1.1
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »