Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jboss enterprise web platform vulnerabilities and exploits
(subscribe to this query)
447
VMScore
CVE-2010-1428
The Web Console (aka web-console) in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 prior to 4.2.0.CP09 and 4.3 prior to 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote malicious users to obtain sens...
Redhat Jboss Enterprise Application Platform 4.2.0
Redhat Jboss Enterprise Application Platform 4.3.0
Redhat Jboss Enterprise Application Platform
Redhat Jboss Enterprise Application Platform 4.2
Redhat Jboss Enterprise Application Platform 4.3
446
VMScore
CVE-2022-21299
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vul...
Oracle Graalvm 21.3.0
Oracle Jre 17.0.1
Oracle Jre 1.7.0
Oracle Jre 11.0.13
Oracle Graalvm 20.3.4
Oracle Jre 1.8.0
Oracle Jdk 17.0.1
Oracle Jdk 1.7.0
Oracle Jdk 11.0.13
Oracle Jdk 1.8.0
Netapp Snapmanager -
Netapp Oncommand Workflow Automation -
Netapp Oncommand Insight -
Netapp E-series Santricity Storage Manager -
Netapp Solidfire -
Netapp Hci Management Node -
Netapp Active Iq Unified Manager -
Netapp Santricity Unified Manager -
Netapp E-series Santricity Web Services -
Netapp 7-mode Transition Tool -
Netapp E-series Santricity Os Controller
Netapp Cloud Insights Acquisition Unit -
446
VMScore
CVE-2020-17527
While investigating bug 64830 it exists that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. Whi...
Apache Tomcat 9.0.0
Apache Tomcat 10.0.0
Apache Tomcat 9.0.36
Apache Tomcat 9.0.37
Apache Tomcat 9.0.38
Apache Tomcat 9.0.39
Apache Tomcat 9.0.35-3.39.1
Apache Tomcat 9.0.35-3.57.3
Apache Tomcat
Netapp Oncommand System Manager
Netapp Element Plug-in -
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Oracle Instantis Enterprisetrack 17.1
Oracle Instantis Enterprisetrack 17.2
Oracle Instantis Enterprisetrack 17.3
Oracle Sd-wan Edge 9.0
Oracle Workload Manager 18c
Oracle Workload Manager 19c
Oracle Mysql Enterprise Monitor
Oracle Communications Cloud Native Core Binding Support Function 1.10.0
Oracle Communications Cloud Native Core Policy 1.14.0
2 Github repositories
446
VMScore
CVE-2020-13934
An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56 did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryException could occur leading to a denial ...
Apache Tomcat 9.0.0
Apache Tomcat 10.0.0
Apache Tomcat
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Netapp Oncommand System Manager
Opensuse Leap 15.1
Opensuse Leap 15.2
Canonical Ubuntu Linux 20.04
Oracle Managed File Transfer 12.2.1.3.0
Oracle Instantis Enterprisetrack 17.1
Oracle Instantis Enterprisetrack 17.2
Oracle Instantis Enterprisetrack 17.3
Oracle Agile Plm 9.3.3
Oracle Agile Plm 9.3.5
Oracle Agile Plm 9.3.6
Oracle Workload Manager 18c
Oracle Workload Manager 19c
Oracle Workload Manager 12.2.0.1
Oracle Agile Engineering Data Management 6.2.1.0
Oracle Siebel Ui Framework
Oracle Mysql Enterprise Monitor
446
VMScore
CVE-2020-13935
The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lea...
Apache Tomcat 9.0.0
Apache Tomcat 10.0.0
Apache Tomcat
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Netapp Oncommand System Manager
Opensuse Leap 15.1
Opensuse Leap 15.2
Canonical Ubuntu Linux 20.04
Canonical Ubuntu Linux 16.04
Mcafee Epolicy Orchestrator 5.9.0
Mcafee Epolicy Orchestrator 5.9.1
Mcafee Epolicy Orchestrator 5.10.0
Oracle Managed File Transfer 12.2.1.3.0
Oracle Instantis Enterprisetrack 17.1
Oracle Instantis Enterprisetrack 17.2
Oracle Instantis Enterprisetrack 17.3
Oracle Agile Plm 9.3.3
Oracle Agile Plm 9.3.5
Oracle Agile Plm 9.3.6
Oracle Workload Manager 18c
Oracle Workload Manager 19c
3 Github repositories
445
VMScore
CVE-2020-25710
A flaw was found in OpenLDAP in versions prior to 2.4.56. This flaw allows an attacker who sends a malicious packet processed by OpenLDAP to force a failed assertion in csnNormalize23(). The highest threat from this vulnerability is to system availability.
Openldap Openldap
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 6.0
Redhat Jboss Enterprise Web Server 2.0.0
Redhat Enterprise Linux 5.0
Redhat Jboss Enterprise Application Platform 5.0.0
Redhat Jboss Core Services -
Debian Debian Linux 9.0
Fedoraproject Fedora 33
445
VMScore
CVE-2012-5626
EJB method in Red Hat JBoss BRMS 5; Red Hat JBoss Enterprise Application Platform 5; Red Hat JBoss Operations Network 3.1; Red Hat JBoss Portal 4 and 5; Red Hat JBoss SOA Platform 4.2, 4.3, and 5; in Red Hat JBoss Enterprise Web Server 1 ignores roles specified using the @RunAs a...
Redhat Jboss Brms 5
Redhat Jboss Enterprise Application Platform 5.0.0
Redhat Jboss Enterprise Web Server 1.0.0
Redhat Jboss Operations Network 3.1
Redhat Jboss Portal 4.0.0
Redhat Jboss Portal 5.0.0
Redhat Jboss Soa Platform 4.2
Redhat Jboss Soa Platform 4.3
Redhat Jboss Soa Platform 5
445
VMScore
CVE-2019-19906
cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl.
Cyrusimap Cyrus-sasl
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 19.10
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 12.04
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 6.0
Redhat Jboss Enterprise Web Server 2.0.0
Redhat Enterprise Linux 5.0
Redhat Enterprise Linux 8.0
Apple Mac Os X 10.14.6
Redhat Enterprise Linux Server Tus 8.4
Redhat Enterprise Linux Eus 8.4
Redhat Enterprise Linux Server Aus 8.4
Redhat Enterprise Linux Server Update Services For Sap Solutions 8.4
Redhat Enterprise Linux For Power Little Endian 8.0
445
VMScore
CVE-2019-10184
undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api.
Redhat Undertow
Redhat Jboss Data Grid -
Redhat Jboss Enterprise Application Platform -
Redhat Jboss Enterprise Application Platform 7.0.0
Redhat Openshift Application Runtimes -
Redhat Openshift Application Runtimes 1.0
Redhat Single Sign-on -
Redhat Single Sign-on 7.0
Redhat Jboss Enterprise Application Platform 7.2
Redhat Jboss Enterprise Application Platform 7.3
Redhat Jboss Enterprise Application Platform 7.4
Redhat Single Sign-on 7.3
Netapp Active Iq Unified Manager -
1 Github repository
445
VMScore
CVE-2019-3888
A vulnerability was found in Undertow web server prior to 2.0.21. An information exposure of plain text credentials through log files because Connectors.executeRootHandler:402 logs the HttpServerExchange object at ERROR level using UndertowLogger.REQUEST_LOGGER.undertowRequestFai...
Redhat Undertow
Redhat Virtualization 4.0
Redhat Virtualization Host 4.0
Redhat Jboss Data Grid -
Redhat Openshift Application Runtimes -
Netapp Active Iq Unified Manager -
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »