Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
on-premise vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2023-32605
Affected versions Trend Micro Apex Central (on-premise) are vulnerable to potential authenticated reflected cross-site scripting (XSS) attacks due to user input validation and sanitization issues. Please note: an attacker must first obtain authentication to Apex Central on the ta...
Trendmicro Apex Central 2019
7.2
CVSSv3
CVE-2020-29299
Certain Zyxel products allow command injection by an admin via an input string to chg_exp_pwd during a password-change action. This affects VPN On-premise before ZLD V4.39 week38, VPN Orchestrator before SD-OS V10.03 week32, USG before ZLD V4.39 week38, USG FLEX before ZLD V4.55 ...
Zyxel Vpn Orchestrator
Zyxel Zld
Zyxel Nsg Firmware
Zyxel Nsg Firmware 1.33
Zyxel Usg Flex Firmware -
5.9
CVSSv3
CVE-2018-18568
Polycom VVX 500 and 601 devices 5.8.0.12848 and previous versions allows man-in-the-middle malicious users to obtain sensitive credential information by leveraging failure to validate X.509 certificates when used with an on-premise installation with Skype for Business.
Polycom Unified Communications Software
Polycom Vvx 601 Firmware -
Polycom Vvx 500 Firmware -
8.1
CVSSv3
CVE-2022-31122
Wire is an encrypted communication and collaboration platform. Versions before 2022-07-12/Chart 4.19.0 are subject to Token Recipient Confusion. If an attacker has certain details of SAML IdP metadata, and configures their own SAML on the same backend, the attacker can delete all...
Wire Wire Server
7.5
CVSSv3
CVE-2022-1359
The affected On-Premise cnMaestro is vulnerable to an arbitrary file-write through improper limitation of a pathname to a restricted directory inside a specific route. If an attacker supplied path traversal charters (../) as part of a filename, the server will save the file where...
Cambiumnetworks Cnmaestro 2.4.2
Cambiumnetworks Cnmaestro 3.0.0
Cambiumnetworks Cnmaestro 3.0.3
8.1
CVSSv3
CVE-2023-24546
On affected versions of the CloudVision Portal improper access controls on the connection from devices to CloudVision could enable a malicious actor with network access to CloudVision to get broader access to telemetry and configuration data within the system than intended. This ...
Arista Cloudvision Portal 2022.1.0
Arista Cloudvision Portal 2022.1.1
Arista Cloudvision Portal 2022.2.0
Arista Cloudvision Portal 2022.2.1
Arista Cloudvision Portal 2022.3.0
Arista Cloudvision Portal
9.8
CVSSv3
CVE-2020-12145
Silver Peak Unity Orchestrator versions before 8.9.11+, 8.10.11+, or 9.0.1+ uses HTTP headers to authenticate REST API calls from localhost. This makes it possible to log in to Orchestrator by introducing an HTTP HOST header set to 127.0.0.1 or localhost. Orchestrator instances t...
Silver-peak Unity Orchestrator
5.3
CVSSv3
CVE-2020-28861
OpenAsset Digital Asset Management (DAM) 12.0.19 and previous versions failed to implement access controls on /Stream/ProjectsCSV endpoint, allowing unauthenticated malicious users to gain access to potentially sensitive project information stored by the application.
Openasset Digital Asset Management
9.8
CVSSv3
CVE-2022-24082
If an on-premise installation of the Pega Platform is configured with the port for the JMX interface exposed to the Internet and port filtering is not properly configured, then it may be possible to upload serialized payloads to attack the underlying system. This does not affect ...
Pega Infinity
5.3
CVSSv3
CVE-2021-44876
Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to User enumeration. The Systeam application is an ERP system that uses a mixed architecture based on SaaS tenant and user management, and on-premise database and web application counterparts. This issue occurs during the id...
Dalmark Systeam Enterprise Resource Planning 2.22.8
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5324
path traversal
CVE-2024-4743
CVE-2024-5184
TCP
CVE-2024-27822
code injection
CVE-2024-28995
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »