Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
policy automation vulnerabilities and exploits
(subscribe to this query)
5.9
CVSSv3
CVE-2021-21295
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.60.Final there is a vulnerability that enables request ...
Netty Netty
Netapp Oncommand Workflow Automation -
Netapp Oncommand Api Services -
Debian Debian Linux 10.0
Quarkus Quarkus
Apache Kudu
Apache Zookeeper 3.5.9
Oracle Communications Cloud Native Core Policy 1.14.0
1 Github repository
8.8
CVSSv3
CVE-2023-46281
A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Por...
Siemens Totally Integrated Automation Portal 18
Siemens Simatic Pcs Neo
Siemens Totally Integrated Automation Portal
Siemens Totally Integrated Automation Portal -
Siemens Opcenter Quality -
Siemens Sinumerik Integrate Runmyhmi \\/automotive -
7.5
CVSSv3
CVE-2021-26118
While investigating ARTEMIS-2964 it was found that the creation of advisory messages in the OpenWire protocol head of Apache ActiveMQ Artemis 2.15.0 bypassed policy based access control for the entire session. Production of advisory messages was not subject to access control in e...
Apache Activemq Artemis 2.15.0
Netapp Oncommand Workflow Automation -
7.5
CVSSv3
CVE-2020-28196
MIT Kerberos 5 (aka krb5) prior to 1.17.2 and 1.18.x prior to 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite lengths lacks a recursion limit.
Mit Kerberos 5
Fedoraproject Fedora 31
Netapp Cloud Backup -
Netapp Snapcenter -
Netapp Oncommand Workflow Automation -
Netapp Oncommand Insight -
Netapp Active Iq Unified Manager -
Oracle Communications Offline Mediation Controller 12.0.0.3.0
Oracle Mysql Server
Oracle Communications Pricing Design Center 12.0.0.3.0
Oracle Communications Cloud Native Core Policy 1.14.0
9.8
CVSSv3
CVE-2019-17195
Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authentication bypass.
Connect2id Nimbus Jose\\+jwt
Apache Hadoop 3.2.1
Oracle Solaris Cluster 4.0
Oracle Weblogic Server 12.2.1.3.0
Oracle Weblogic Server 12.2.1.4.0
Oracle Peoplesoft Enterprise Peopletools 8.58
Oracle Enterprise Manager Base Platform 13.4.0.0
Oracle Primavera Gateway 19.12.0
Oracle Data Integrator 12.2.1.4.0
Oracle Peoplesoft Enterprise Peopletools 8.59
Oracle Primavera Gateway
Oracle Communications Pricing Design Center 12.0.0.3.0
Oracle Jd Edwards Enterpriseone Tools
Oracle Policy Automation
Oracle Communications Cloud Native Core Security Edge Protection Proxy 1.7.0
Oracle Insurance Policy Administration
Oracle Healthcare Data Repository 8.1.0
Oracle Jd Edwards Enterpriseone Orchestrator
6.1
CVSSv3
CVE-2022-36033
jsoup is a Java HTML parser, built for HTML editing, cleaning, scraping, and cross-site scripting (XSS) safety. jsoup may incorrectly sanitize HTML including `javascript:` URL expressions, which could allow XSS attacks when a reader subsequently clicks that link. If the non-defau...
Jsoup Jsoup
Netapp Oncommand Workflow Automation -
Netapp Management Services For Element Software -
Netapp Management Services For Netapp Hci -
9.8
CVSSv3
CVE-2023-46747
Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands. Note: Software versions which have reached End of Techni...
F5 Big-ip Access Policy Manager
F5 Big-ip Advanced Firewall Manager
F5 Big-ip Advanced Web Application Firewall
F5 Big-ip Carrier-grade Nat
F5 Big-ip Ddos Hybrid Defender
F5 Big-ip Ssl Orchestrator
F5 Big-ip Domain Name System
F5 Big-ip Local Traffic Manager
F5 Big-ip Policy Enforcement Manager
F5 Big-ip Automation Toolchain
F5 Big-ip Container Ingress Services
F5 Big-ip Application Security Manager
F5 Big-ip Analytics
F5 Big-ip Application Acceleration Manager
F5 Big-ip Application Visibility And Reporting
F5 Big-ip Fraud Protection Services
F5 Big-ip Global Traffic Manager
F5 Big-ip Link Controller
F5 Big-ip Webaccelerator
F5 Big-ip Websafe
12 Github repositories
4 Articles
8.8
CVSSv3
CVE-2023-46748
An authenticated SQL injection vulnerability exists in the BIG-IP Configuration utility which may allow an authenticated attacker with network access to the Configuration utility through the BIG-IP management port and/or self IP addresses to execute arbitrary system commands. Not...
F5 Big-ip Access Policy Manager
F5 Big-ip Advanced Firewall Manager
F5 Big-ip Carrier-grade Nat
F5 Big-ip Ddos Hybrid Defender
F5 Big-ip Ssl Orchestrator
F5 Big-ip Local Traffic Manager
F5 Big-ip Policy Enforcement Manager
F5 Big-ip Automation Toolchain
F5 Big-ip Container Ingress Services
F5 Big-ip Advanced Web Application Firewall
F5 Big-ip Domain Name System
F5 Big-ip Application Security Manager
F5 Big-ip Analytics
F5 Big-ip Application Acceleration Manager
F5 Big-ip Application Visibility And Reporting
F5 Big-ip Fraud Protection Services
F5 Big-ip Global Traffic Manager
F5 Big-ip Link Controller
F5 Big-ip Webaccelerator
F5 Big-ip Websafe
2 Articles
7.5
CVSSv3
CVE-2021-35515
When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress' sevenz package.
Apache Commons Compress
Netapp Oncommand Insight -
Netapp Active Iq Unified Manager -
Oracle Flexcube Universal Banking 12.4.0
Oracle Business Process Management Suite 12.2.1.3.0
Oracle Peoplesoft Enterprise Peopletools 8.57
Oracle Primavera Unifier 18.8
Oracle Primavera Unifier
Oracle Banking Digital Experience 19.1
Oracle Flexcube Universal Banking
Oracle Peoplesoft Enterprise Peopletools 8.58
Oracle Primavera Unifier 19.12
Oracle Banking Digital Experience 20.1
Oracle Primavera Unifier 20.12
Oracle Business Process Management Suite 12.2.1.4.0
Oracle Communications Messaging Server 8.1
Oracle Commerce Guided Search 11.3.2
Oracle Peoplesoft Enterprise Peopletools 8.59
Oracle Insurance Policy Administration 11.3.0
Oracle Insurance Policy Administration 11.0.2
Oracle Financial Services Enterprise Case Management 8.0.8.1.0
Oracle Financial Services Enterprise Case Management 8.0.7.2.0
7.5
CVSSv3
CVE-2021-35516
When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' sevenz pa...
Apache Commons Compress
Netapp Oncommand Insight -
Netapp Active Iq Unified Manager -
Oracle Flexcube Universal Banking 12.4.0
Oracle Webcenter Portal 12.2.1.3.0
Oracle Business Process Management Suite 12.2.1.3.0
Oracle Peoplesoft Enterprise Peopletools 8.57
Oracle Primavera Unifier 18.8
Oracle Primavera Unifier
Oracle Banking Digital Experience 19.1
Oracle Flexcube Universal Banking
Oracle Peoplesoft Enterprise Peopletools 8.58
Oracle Primavera Unifier 19.12
Oracle Webcenter Portal 12.2.1.4.0
Oracle Banking Digital Experience 19.2
Oracle Banking Digital Experience 20.1
Oracle Primavera Unifier 20.12
Oracle Business Process Management Suite 12.2.1.4.0
Oracle Communications Messaging Server 8.1
Oracle Commerce Guided Search 11.3.2
Oracle Peoplesoft Enterprise Peopletools 8.59
Oracle Insurance Policy Administration 11.3.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4946
CVE-2024-30309
CVE-2024-4761
CVE-2024-30051
type confusion
memory leak
CVE-2024-30293
reflected XSS
CVE-2024-3126
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »