Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
By Recent Activity
CVE-2021-45232 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2021-45232
In Apache APISIX Dashboard before 2.10.1, the Manager API uses two frameworks and introduces framework `droplet` on the basis of framework `gin`, all APIs and authentication middleware are developed based on framework `droplet`, but some API directly use the interface of...
Apache Apisix Dashboard
21 Github repositories available
4
CVSSv2
CVE-2020-13945
In Apache APISIX, the user enabled the Admin API and deleted the Admin API access IP restriction rules. Eventually, the default token is allowed to access APISIX management data. This affects versions 1.2, 1.3, 1.4, 1.5....
Apache Apisix
1 Github repository available
4.6
CVSSv2
CVE-2018-6574
Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow "go get" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not blocked....
Golang Go 1.10
Golang Go 1.9
Golang Go 1.9.2
Golang Go 1.9.3
Golang Go
Golang Go 1.9.1
Debian Debian Linux 9.0
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux Server Eus 7.6
Redhat Enterprise Linux Server Aus 7.6
Redhat Enterprise Linux Server Tus 7.6
35 Github repositories available
7.5
CVSSv2
CVE-2022-24112
An attacker can abuse the batch-requests plugin to send requests to bypass the IP restriction of Admin API. A default configuration of Apache APISIX (with default API key) is vulnerable to remote code execution. When the admin key was changed or the port of Admin API was changed...
Apache Apisix
11 Github repositories available
7.5
CVSSv2
CVE-2017-7504
HTTPServerILServlet.java in JMS over HTTP Invocation Layer of the JbossMQ implementation, which is enabled by default in Red Hat Jboss Application Server <= Jboss 4.X does not restrict the classes for which it performs deserialization, which allows remote attackers to execute...
Redhat Jboss Enterprise Application Platform
28 Github repositories available
7.5
CVSSv2
CVE-2007-1036
The default configuration of JBoss does not restrict access to the (1) console and (2) web management interfaces, which allows remote attackers to bypass authentication and gain administrative access via direct requests....
Jboss Jboss Application Server
2 EDB exploits available
2 Metasploit modules available
8 Github repositories available
6.8
CVSSv2
CVE-2010-1871
JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, does not properly sanitize inputs for JBoss Expression Language (EL) expressions, which allows remote attackers to execute arbitrary code via a crafted URL. NOTE: this is only...
Redhat Jboss Enterprise Application Platform 4.3.0
1 EDB exploit available
2 Metasploit modules available
12 Github repositories available
10
CVSSv2
CVE-2015-7501
Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform...
Redhat Jboss Enterprise Web Server 3.0.0
Redhat Jboss Enterprise Soa Platform 5.0.0
Redhat Jboss Bpm Suite 6.0.0
Redhat Jboss A-mq 6.0.0
Redhat Subscription Asset Manager 1.3.0
Redhat Openshift 3.0
Redhat Jboss Enterprise Application Platform 5.0.0
Redhat Jboss Enterprise Application Platform 4.3.0
Redhat Jboss Portal 6.0.0
Redhat Jboss Operations Network 3.0
Redhat Jboss Fuse Service Works 6.0
Redhat Jboss Enterprise Brms Platform 5.0.0
Redhat Jboss Data Virtualization 6.0.0
Redhat Data Grid 6.0.0
Redhat Xpaas 3.0.0
Redhat Jboss Fuse 6.0.0
Redhat Jboss Enterprise Application Platform 6.0.0
Redhat Jboss Data Virtualization 5.0.0
Redhat Jboss Enterprise Brms Platform 6.0.0
56 Github repositories available
10
CVSSv2
CVE-2013-4810
HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, Identity Driven Manager (IDM) 4.0, and Application Lifecycle Management allow remote attackers to execute arbitrary code via a marshalled object to (1) EJBInvokerServlet or (2) JMXInvokerServlet, aka ZDI-CAN-1760. NOTE:...
Hp Application Lifecycle Management -
Hp Procurve Manager 4.0
Hp Identity Driven Manager 4.0
Hp Procurve Manager 3.20
1 EDB exploit available
9 Github repositories available
5
CVSSv2
CVE-2021-28169
For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to `/concat?/%2557EB-INF/web.xml` can retrieve the...
Eclipse Jetty
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Oracle Rest Data Services
Oracle Communications Cloud Native Core Policy 1.14.0
Netapp Snap Creator Framework -
Netapp Hci -
Netapp Active Iq Unified Manager -
Netapp Management Services For Element Software -
8 Github repositories available
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2021-31805
dos
CVE-2022-26727
CVE-2022-26712
CVE-2022-1529
CVE-2022-20807
template injection
CVE-2022-26690
cross-site scripting
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »
Vulmon