Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
oracle jsp vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2022-29885
The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an untrusted network. This was not correct. While the EncryptInterceptor ...
Apache Tomcat 10.1.0
Apache Tomcat
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Oracle Hospitality Cruise Shipboard Property Management System 20.2.1
5 Github repositories
7.5
CVSSv2
CVE-2022-22965
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e....
Vmware Spring Framework
Cisco Cx Cloud Agent
Oracle Sd-wan Edge 9.0
Oracle Retail Xstore Point Of Service 20.0.1
Oracle Communications Cloud Native Core Security Edge Protection Proxy 1.7.0
Oracle Financial Services Analytical Applications Infrastructure 8.1.1
Oracle Sd-wan Edge 9.1
Siemens Siveillance Identity 1.6
Siemens Siveillance Identity 1.5
Siemens Sipass Integrated 2.85
Siemens Sipass Integrated 2.80
Oracle Product Lifecycle Analytics 3.6.1
Oracle Financial Services Enterprise Case Management 8.1.1.0
Oracle Financial Services Enterprise Case Management 8.1.1.1
Oracle Financial Services Behavior Detection Platform 8.1.2.0
Oracle Financial Services Behavior Detection Platform 8.1.1.1
Oracle Financial Services Behavior Detection Platform 8.1.1.0
Oracle Communications Cloud Native Core Console 1.9.0
Oracle Communications Cloud Native Core Policy 1.15.0
Oracle Communications Cloud Native Core Unified Data Repository 1.15.0
Oracle Communications Cloud Native Core Unified Data Repository 22.1.0
Oracle Communications Cloud Native Core Security Edge Protection Proxy 22.1.0
176 Github repositories
7 Articles
3.7
CVSSv2
CVE-2022-23181
The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local malicious user to perform actions with the privileges of the user that t...
Apache Tomcat 10.0.0
Apache Tomcat 10.1.0
Apache Tomcat
Oracle Managed File Transfer 12.2.1.3.0
Oracle Agile Engineering Data Management 6.2.1.0
Oracle Managed File Transfer 12.2.1.4.0
Oracle Mysql Enterprise Monitor
Oracle Communications Cloud Native Core Policy 1.15.0
Oracle Financial Services Crime And Compliance Management Studio 8.0.8.2.0
Oracle Financial Services Crime And Compliance Management Studio 8.0.8.3.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
5
CVSSv2
CVE-2021-42340
The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the c...
Apache Tomcat 10.0.0
Apache Tomcat 10.1.0
Apache Tomcat
Netapp Hci -
Netapp Management Services For Element Software -
Debian Debian Linux 11.0
Oracle Managed File Transfer 12.2.1.3.0
Oracle Sd-wan Edge 9.0
Oracle Agile Engineering Data Management 6.2.1.0
Oracle Managed File Transfer 12.2.1.4.0
Oracle Hospitality Cruise Shipboard Property Management System 20.1.0
Oracle Sd-wan Edge 9.1
Oracle Communications Diameter Signaling Router
Oracle Big Data Spatial And Graph
Oracle Middleware Common Libraries And Tools 12.2.1.4.0
Oracle Retail Customer Insights 15.0.2
Oracle Retail Customer Insights 16.0.2
Oracle Taleo Platform
Oracle Payment Interface 20.3
Oracle Payment Interface 19.1
Oracle Retail Eftlink 21.0.0
Oracle Retail Data Extractor For Merchandising 16.0.2
5
CVSSv2
CVE-2021-33037
Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ign...
Apache Tomcat
Apache Tomee 8.0.6
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Oracle Managed File Transfer 12.2.1.3.0
Oracle Instantis Enterprisetrack 17.1
Oracle Instantis Enterprisetrack 17.2
Oracle Instantis Enterprisetrack 17.3
Oracle Agile Plm 9.3.6
Oracle Communications Policy Management 12.5.0
Oracle Sd-wan Edge 9.0
Oracle Managed File Transfer 12.2.1.4.0
Oracle Secure Global Desktop 5.6
Oracle Hospitality Cruise Shipboard Property Management System 20.1.0
Oracle Communications Pricing Design Center 12.0.0.3.0
Oracle Communications Session Route Manager
Oracle Mysql Enterprise Monitor
Oracle Communications Session Report Manager
Oracle Sd-wan Edge 9.1
Oracle Utilities Testing Accelerator 6.0.0.2.2
Oracle Utilities Testing Accelerator 6.0.0.3.1
Oracle Utilities Testing Accelerator 6.0.0.1.1
5.8
CVSSv2
CVE-2021-30640
A vulnerability in the JNDI Realm of Apache Tomcat allows an malicious user to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0...
Apache Tomcat
Oracle Hospitality Cruise Shipboard Property Management System 20.1.0
Oracle Communications Diameter Signaling Router
Oracle Communications Pricing Design Center 12.0.0.3.0
Oracle Tekelec Platform Distribution
Oracle Communications Cloud Native Core Policy 1.14.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
4.4
CVSSv2
CVE-2021-25329
The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note tha...
Apache Tomcat 9.0.0
Apache Tomcat 10.0.0
Apache Tomcat
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Oracle Managed File Transfer 12.2.1.3.0
Oracle Instantis Enterprisetrack 17.1
Oracle Instantis Enterprisetrack 17.2
Oracle Instantis Enterprisetrack 17.3
Oracle Agile Plm 9.3.3
Oracle Agile Plm 9.3.6
Oracle Database 12.2.0.1
Oracle Database 19c
Oracle Managed File Transfer 12.2.1.4.0
Oracle Siebel Ui Framework
Oracle Mysql Enterprise Monitor
Oracle Graph Server And Client
Oracle Database 21c
Oracle Siebel Ui Framework 21.9
Oracle Communications Cloud Native Core Policy 1.14.0
Oracle Communications Instant Messaging Server 10.0.1.5.0
Oracle Communications Cloud Native Core Security Edge Protection Proxy 1.6.0
5
CVSSv2
CVE-2021-25122
When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results...
Apache Tomcat 9.0.0
Apache Tomcat 10.0.0
Apache Tomcat
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Oracle Managed File Transfer 12.2.1.3.0
Oracle Instantis Enterprisetrack 17.1
Oracle Instantis Enterprisetrack 17.2
Oracle Instantis Enterprisetrack 17.3
Oracle Agile Plm 9.3.3
Oracle Agile Plm 9.3.6
Oracle Database 12.2.0.1
Oracle Database 19c
Oracle Managed File Transfer 12.2.1.4.0
Oracle Siebel Ui Framework
Oracle Mysql Enterprise Monitor
Oracle Graph Server And Client
Oracle Graph Server And Client 21.3.0
Oracle Database 21c
Oracle Communications Cloud Native Core Policy 1.14.0
Oracle Communications Instant Messaging Server 10.0.1.5.0
Oracle Communications Cloud Native Core Security Edge Protection Proxy 1.6.0
4.3
CVSSv2
CVE-2021-24122
When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 and 7.0.0 to 7.0.106 were susceptible to JSP source code disclosure in some configurations. The root cause was the unexpec...
Apache Tomcat 9.0.0
Apache Tomcat 10.0.0
Apache Tomcat
Debian Debian Linux 9.0
Oracle Agile Plm 9.3.3
Oracle Agile Plm 9.3.6
5
CVSSv2
CVE-2020-17527
While investigating bug 64830 it exists that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. Whi...
Apache Tomcat 9.0.0
Apache Tomcat 10.0.0
Apache Tomcat 9.0.36
Apache Tomcat 9.0.37
Apache Tomcat 9.0.38
Apache Tomcat 9.0.39
Apache Tomcat 9.0.35-3.39.1
Apache Tomcat 9.0.35-3.57.3
Apache Tomcat
Netapp Oncommand System Manager
Netapp Element Plug-in -
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Oracle Instantis Enterprisetrack 17.1
Oracle Instantis Enterprisetrack 17.2
Oracle Instantis Enterprisetrack 17.3
Oracle Sd-wan Edge 9.0
Oracle Workload Manager 18c
Oracle Workload Manager 19c
Oracle Mysql Enterprise Monitor
Oracle Communications Cloud Native Core Binding Support Function 1.10.0
Oracle Communications Cloud Native Core Policy 1.14.0
2 Github repositories
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-6280
CVE-2024-5346
CVE-2024-30078
CVE-2022-45803
CVE-2024-36886
SQL
CVE-2024-24553
IMAP
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »