Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
discovery vulnerabilities and exploits
(subscribe to this query)
5.5
CVSSv3
CVE-2013-4040
IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2.x prior to 7.2.1.5 and 7.2.x prior to 7.2.2.0 on Unix use weak permissions (755) for unspecified configuration and log files, which allows local users to obtain sensitive information by reading the files. IBM X-For...
Ibm Tivoli Application Dependency Discovery Manager
Ibm Tivoli Application Dependency Discovery Manager 7.1.2
7.5
CVSSv3
CVE-2013-3017
IBM Tivoli Application Dependency Discovery Manager (TADDM) prior to 7.2.1.5 and 7.2.x prior to 7.2.2 make it easier for remote malicious users to defeat cryptographic protection mechanisms by leveraging support for weak SSL ciphers. IBM X-Force ID: 84353.
Ibm Tivoli Application Dependency Discovery Manager
Ibm Tivoli Application Dependency Discovery Manager 7.1.2
9.8
CVSSv3
CVE-2018-11747
Previously, Puppet Discovery was shipped with a default generated TLS certificate in the nginx container. In version 1.4.0, a unique certificate will be generated on installation or the user will be able to provide their own TLS certificate for ingress.
Puppet Discovery
7.5
CVSSv3
CVE-2022-23464
Nepxion Discovery is a solution for Spring Cloud. Discovery is vulnerable to a potential Server-Side Request Forgery (SSRF). RouterResourceImpl uses RestTemplate’s getForEntity to retrieve the contents of a URL containing user-controlled input, potentially resulting in Info...
Nepxion Discovery
5.3
CVSSv3
CVE-2024-23688
Consensys Discovery versions less than 0.4.5 uses the same AES/GCM nonce for the entire session. which should ideally be unique for every message. The node's private key isn't compromised, only the session key generated for specific peer communication is exposed.
Consensys Discovery
9.8
CVSSv3
CVE-2018-11746
In Puppet Discovery before 1.2.0, when running Discovery against Windows hosts, WinRM connections can fall back to using basic auth over insecure channels if a HTTPS server is not available. This can expose the login credentials being used by Puppet Discovery.
Puppet Discovery
9.8
CVSSv3
CVE-2022-23463
Nepxion Discovery is a solution for Spring Cloud. Discover is vulnerable to SpEL Injection in discovery-commons. DiscoveryExpressionResolver’s eval method is evaluating expression with a StandardEvaluationContext, allowing the expression to reach and interact with Java clas...
Nepxion Discovery
8.8
CVSSv3
CVE-2018-1455
IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 is vulnerable to cross-site request forgery which could allow an malicious user to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 11029.
Ibm Tivoli Application Dependency Discovery Manager 7.3.0
Ibm Tivoli Application Dependency Discovery Manager 7.2.2
8.8
CVSSv3
CVE-2020-15816
In Western Digital WD Discovery prior to 4.0.251.0, a malicious application running with standard user permissions could potentially execute code in the application's process through library injection by using DYLD environment variables.
Westerndigital Wd Discovery
NA
CVE-2003-1603
GE Healthcare Discovery VH has a default password of (1) interfile for the ftpclient user of the Interfile server or (2) "2" for the LOCAL user of the FTP server for the Codonics printer, which has unspecified impact and attack vectors.
Gehealthcare Discovery Vh -
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671
unauthorized
CVE-2024-4776
CVE-2024-3407
CVE-2024-26026
CVE-2024-32888
wireless
CVE-2024-4656
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »