Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
logic flaw vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-50291
Insufficiently Protected Credentials vulnerability in Apache Solr. This issue affects Apache Solr: from 6.0.0 up to and including 8.11.2, from 9.0.0 prior to 9.3.0. One of the two endpoints that publishes the Solr process' Java system properties, /admin/info/properties, was ...
Apache Solr
NA
CVE-2022-45142
The fix for CVE-2022-3437 included changing memcmp to be constant time and a workaround for a compiler bug by adding "!= 0" comparisons to the result of memcmp. When these patches were backported to the heimdal-7.7.1 and heimdal-7.8.0 branches (and possibly other branch...
Heimdal Project Heimdal 7.8.0
Heimdal Project Heimdal 7.7.1
481
VMScore
CVE-2020-27825
A use-after-free flaw was found in kernel/trace/ring_buffer.c in Linux kernel (prior to 5.10-rc1). There was a race problem in trace_open and resize of cpu buffer running parallely on different cpus, may cause a denial of service problem (DOS). This flaw could even allow a local ...
Linux Linux Kernel 5.10
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 8.0
Redhat Enterprise Mrg 2.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Netapp Cloud Backup -
Netapp Solidfire Baseboard Management Controller Firmware -
Netapp H410c Firmware -
NA
CVE-2023-4853
A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions. This issue could allow an malicious user to bypass the security policy altogether, resul...
Quarkus Quarkus
Redhat Decision Manager 7.0
Redhat Jboss Middleware Text-only Advisories 1.0
Redhat Jboss Middleware 1
Redhat Integration Service Registry -
Redhat Integration Camel Quarkus -
Redhat Build Of Quarkus
Redhat Openshift Serverless -
Redhat Integration Camel K
Redhat Process Automation Manager 7.0
Redhat Build Of Optaplanner 8.0
Redhat Openshift Serverless 1.0
Redhat Openshift Container Platform 4.10
Redhat Openshift Container Platform 4.11
Redhat Openshift Container Platform 4.12
3 Github repositories
NA
CVE-2022-25369
Logic Flaw Leading to remote code execution in Dynamicweb 9.5.0 - 9.12.7.
NA
CVE-2023-47004
Buffer Overflow vulnerability in Redis RedisGraph v.2.x through v.2.12.8 and fixed in v.2.12.9 allows an malicious user to execute arbitrary code via the code logic after valid authentication.
Redislabs Redisgraph
NA
CVE-2024-23284
A logic issue was addressed with improved state management. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, Safari 17.4. Processing maliciously crafted web content may prevent Content Securit...
NA
CVE-2023-6291
A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the malicious user to impersonate other users.
Redhat Single Sign-on -
Redhat Keycloak
Redhat Openshift Container Platform 4.11
Redhat Openshift Container Platform 4.12
Redhat Openshift Container Platform For Ibm Z 4.9
Redhat Openshift Container Platform For Ibm Z 4.10
Redhat Openshift Container Platform For Linuxone 4.9
Redhat Openshift Container Platform For Linuxone 4.10
Redhat Openshift Container Platform For Power 4.9
Redhat Openshift Container Platform For Power 4.10
Redhat Single Sign-on 7.6
Redhat Migration Toolkit For Applications 6.0
Redhat Migration Toolkit For Applications 7.0
668
VMScore
CVE-2022-30600
A flaw was found in moodle where logic used to count failed login attempts could result in the account lockout threshold being bypassed.
Moodle Moodle
Moodle Moodle 4.0.0
Redhat Enterprise Linux 8.0
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Fedoraproject Fedora 36
1 Github repository
NA
CVE-2024-24576
Rust is a programming language. The Rust Security Response WG was notified that the Rust standard library prior to version 1.77.2 did not properly escape arguments when invoking batch files (with the `bat` and `cmd` extensions) on Windows using the `Command`. An attacker able to ...
13 Github repositories
2 Articles
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
firewall
CVE-2024-35649
stored XSS
CVE-2022-28654
CVE-2020-35153
CVE-2024-27348
CVE-2022-28652
local users
CVE-2017-3506
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »