Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
core security vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2008-0365
Multiple buffer overflows in CORE FORCE prior to 0.95.172 allow local users to cause a denial of service (system crash) and possibly execute arbitrary code in the kernel context via crafted arguments to (1) IOCTL functions in the Firewall module or (2) SSDT hook handler functions...
Core Security Technologies Core Force
1 EDB exploit
NA
CVE-2008-0366
CORE FORCE prior to 0.95.172 does not properly validate arguments to SSDT hook handler functions in the Registry module, which allows local users to cause a denial of service (system crash) and possibly execute arbitrary code in the kernel context via crafted arguments.
Core Security Technologies Core Force
9.8
CVSSv3
CVE-2022-41923
Grails Spring Security Core plugin is vulnerable to privilege escalation. The vulnerability allows an attacker access to one endpoint (i.e. the targeted endpoint) using the authorization requirements of a different endpoint (i.e. the donor endpoint). In some Grails framework appl...
Grails Spring Security Core
1 Github repository
7.5
CVSSv3
CVE-2021-22119
Spring Security versions 5.5.x before 5.5.1, 5.4.x before 5.4.7, 5.3.x before 5.3.10 and 5.2.x before 5.2.11 are susceptible to a Denial-of-Service (DoS) attack via the initiation of the Authorization Request in an OAuth 2.0 Client Web and WebFlux application. A malicious user or...
Vmware Spring Security
Oracle Communications Cloud Native Core Policy 1.14.0
5.9
CVSSv3
CVE-2021-33880
The aaugustin websockets library prior to 9.1 for Python has an Observable Timing Discrepancy on servers when HTTP Basic Authentication is enabled with basic_auth_protocol_factory(credentials=...). An attacker may be able to guess a password via a timing attack.
Websockets Project Websockets
Oracle Communications Cloud Native Core Policy 1.14.0
Oracle Communications Cloud Native Core Unified Data Repository 1.14.0
Oracle Communications Cloud Native Core Service Communication Proxy 1.14.0
Oracle Communications Cloud Native Core Security Edge Protection Proxy 1.5.0
NA
CVE-2021-2471
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Con...
Oracle Communications Cloud Native Core Security Edge Protection Proxy 1.7.0
Oracle Mysql Connectors
Oracle Communications Cloud Native Core Console 1.9.0
Oracle Communications Cloud Native Core Policy 1.15.0
Oracle Communications Cloud Native Core Network Slice Selection Function 1.8.0
Quarkus Quarkus
3 Github repositories
5.5
CVSSv3
CVE-2022-22946
In spring cloud gateway versions before 3.1.1+ , applications that are configured to enable HTTP2 and no key store or trusted certificates are set will be configured to use an insecure TrustManager. This makes the gateway able to connect to remote services with invalid or custom ...
Vmware Spring Cloud Gateway 3.1.0
Oracle Commerce Guided Search 11.3.2
Oracle Communications Cloud Native Core Binding Support Function 22.1.3
Oracle Communications Cloud Native Core Network Repository Function 22.2.0
Oracle Communications Cloud Native Core Security Edge Protection Proxy 22.1.1
Oracle Communications Cloud Native Core Console 22.2.0
Oracle Communications Cloud Native Core Network Repository Function 22.1.2
1 Github repository
5.5
CVSSv3
CVE-2018-11055
RSA BSAFE Micro Edition Suite, versions before 4.0.11 (in 4.0.x) and before 4.1.6.1 (in 4.1.x), contains an Improper Clearing of Heap Memory Before Release ('Heap Inspection') vulnerability. Decoded PKCS #12 data in heap memory is not zeroized by MES before releasing th...
Dell Bsafe
Oracle Jd Edwards Enterpriseone Tools 9.2
Oracle Security Service 12.1.3.0.0
Oracle Enterprise Manager Ops Center 12.3.3
Oracle Security Service 11.1.1.9.0
Oracle Security Service 12.2.1.3.0
Oracle Application Testing Suite 13.3.0.1
Oracle Retail Predictive Application Server 15.0.3
Oracle Enterprise Manager Ops Center 12.4.0
Oracle Communications Ip Service Activator 7.4.0
Oracle Communications Ip Service Activator 7.3.0
Oracle Core Rdbms 11.2.0.4
Oracle Core Rdbms 12.2.0.1
Oracle Core Rdbms 12.1.0.2
Oracle Core Rdbms 19c
Oracle Core Rdbms 18c
Oracle Retail Predictive Application Server 16.0.3.0
Oracle Goldengate Application Adapters 12.3.2.1.0
Oracle Communications Analytics 12.1.1
Oracle Real User Experience Insight 13.3.1.0
Oracle Real User Experience Insight 13.1.2.1
Oracle Real User Experience Insight 13.2.3.1
7.5
CVSSv3
CVE-2018-11054
RSA BSAFE Micro Edition Suite, version 4.1.6, contains an integer overflow vulnerability. A remote attacker could use maliciously constructed ASN.1 data to potentially cause a Denial Of Service.
Dell Bsafe 4.1.6
Oracle Jd Edwards Enterpriseone Tools 9.2
Oracle Security Service 12.1.3.0.0
Oracle Enterprise Manager Ops Center 12.3.3
Oracle Security Service 11.1.1.9.0
Oracle Security Service 12.2.1.2.0
Oracle Application Testing Suite 13.3.0.1
Oracle Retail Predictive Application Server 15.0.3
Oracle Enterprise Manager Ops Center 12.4.0
Oracle Communications Ip Service Activator 7.4.0
Oracle Core Rdbms 11.2.0.4
Oracle Core Rdbms 12.2.0.1
Oracle Core Rdbms 12.1.0.2
Oracle Core Rdbms 19c
Oracle Core Rdbms 18c
Oracle Goldengate Application Adapters 12.3.2.1.0
Oracle Communications Analytics 12.1.1
Oracle Real User Experience Insight 13.3.1.0
Oracle Retail Predictive Application Server 16.0.3
Oracle Communications Ip Service Activator 7.3.4
Oracle Real User Experience Insight 13.1.2.1
Oracle Real User Experience Insight 13.2.3.1
5.9
CVSSv3
CVE-2018-11057
RSA BSAFE Micro Edition Suite, versions before 4.0.11 (in 4.0.x) and before 4.1.6.1 (in 4.1.x) contains a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. A remote attacker may be able to recover a RSA key.
Dell Bsafe
Oracle Jd Edwards Enterpriseone Tools 9.2
Oracle Security Service 12.1.3.0.0
Oracle Enterprise Manager Ops Center 12.3.3
Oracle Security Service 11.1.1.9.0
Oracle Security Service 12.2.1.3.0
Oracle Application Testing Suite 13.3.0.1
Oracle Retail Predictive Application Server 15.0.3
Oracle Enterprise Manager Ops Center 12.4.0
Oracle Communications Ip Service Activator 7.4.0
Oracle Communications Ip Service Activator 7.3.0
Oracle Core Rdbms 11.2.0.4
Oracle Core Rdbms 12.2.0.1
Oracle Core Rdbms 12.1.0.2
Oracle Core Rdbms 19c
Oracle Core Rdbms 18c
Oracle Retail Predictive Application Server 16.0.3.0
Oracle Goldengate Application Adapters 12.3.2.1.0
Oracle Communications Analytics 12.1.1
Oracle Real User Experience Insight 13.3.1.0
Oracle Real User Experience Insight 13.1.2.1
Oracle Real User Experience Insight 13.2.3.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-9474
CVE-2024-36620
file inclusion
cache poisoning
man-in-the-middle
CVE-2024-20138
CVE-2024-0012
CVE-2024-20131
CVE-2024-11995
Home
/
Search Results
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »