Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
security manager vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-30315
Honeywell Experion PKS Safety Manager (SM and FSC) through 2022-05-06 has Insufficient Verification of Data Authenticity. According to FSCT-2022-0053, there is a Honeywell Experion PKS Safety Manager insufficient logic security controls issue. The affected components are characte...
Honeywell Safety Manager Firmware -
9.8
CVSSv3
CVE-2022-20798
A vulnerability in the external authentication functionality of Cisco Secure Email and Web Manager, formerly known as Cisco Security Management Appliance (SMA), and Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote malicious user to bypass authentication...
Cisco Email Security Appliance 7.1.5
Cisco Email Security Appliance
Cisco Secure Email And Web Manager
9.8
CVSSv3
CVE-2022-22972
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.
Vmware Identity Manager 3.3.3
Vmware Identity Manager 3.3.4
Vmware Identity Manager 3.3.5
Vmware Identity Manager 3.3.6
Vmware Vrealize Automation 7.6
Vmware Workspace One Access 20.10.0.0
Vmware Workspace One Access 20.10.0.1
Vmware Workspace One Access 21.08.0.0
Vmware Workspace One Access 21.08.0.1
Vmware Cloud Foundation 4.0
Vmware Cloud Foundation 4.0.1
Vmware Vrealize Suite Lifecycle Manager 8.0
Vmware Vrealize Suite Lifecycle Manager 8.0.1
Vmware Vrealize Suite Lifecycle Manager 8.1
Vmware Vrealize Suite Lifecycle Manager 8.2
Vmware Cloud Foundation 3.0
Vmware Cloud Foundation 3.0.1
Vmware Cloud Foundation 3.0.1.1
Vmware Cloud Foundation 3.5
Vmware Cloud Foundation 3.5.1
Vmware Cloud Foundation 3.7
Vmware Cloud Foundation 3.7.1
6 Github repositories
2 Articles
9.8
CVSSv3
CVE-2022-22978
In spring security versions before 5.4.11+, 5.5.7+ , 5.6.4+ and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with `.` in the regular expression are possibly vulnerable...
Vmware Spring Security
Oracle Financial Services Crime And Compliance Management Studio 8.0.8.2.0
Oracle Financial Services Crime And Compliance Management Studio 8.0.8.3.0
Netapp Active Iq Unified Manager -
28 Github repositories
9.8
CVSSv3
CVE-2022-1388
On F5 BIG-IP 16.1.x versions before 16.1.2.2, 15.1.x versions before 15.1.5.1, 14.1.x versions before 14.1.4.6, 13.1.x versions before 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. Note: Software versions which have reac...
F5 Big-ip Access Policy Manager
F5 Big-ip Advanced Firewall Manager
F5 Big-ip Analytics
F5 Big-ip Application Acceleration Manager
F5 Big-ip Application Security Manager
F5 Big-ip Domain Name System
F5 Big-ip Fraud Protection Service
F5 Big-ip Global Traffic Manager
F5 Big-ip Link Controller
F5 Big-ip Local Traffic Manager
F5 Big-ip Policy Enforcement Manager
82 Github repositories
4 Articles
9.8
CVSSv3
CVE-2022-1292
The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the ...
Openssl Openssl
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Netapp Santricity Smi-s Provider -
Netapp Snapcenter -
Netapp Oncommand Workflow Automation -
Netapp Oncommand Insight -
Netapp Clustered Data Ontap -
Netapp Smi-s Provider -
Netapp Clustered Data Ontap Antivirus Connector -
Netapp Solidfire \\& Hci Management Node -
Netapp Active Iq Unified Manager -
Netapp Solidfire\\, Enterprise Sds \\& Hci Storage Node -
Netapp Snapmanager -
Netapp A700s Firmware -
Netapp H300s Firmware -
Netapp H500s Firmware -
Netapp H700s Firmware -
Netapp H300e Firmware -
Netapp H500e Firmware -
Netapp H700e Firmware -
7 Github repositories
1 Article
9.8
CVSSv3
CVE-2022-23457
ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. Prior to version 2.3.0.0, the default implementation of `Validator.getValidDirectoryPath(String, String, File, boolean)` may incorrectly treat the tested input string as a ...
Owasp Enterprise Security Api
Oracle Weblogic Server 12.2.1.3.0
Oracle Weblogic Server 12.2.1.4.0
Oracle Weblogic Server 14.1.1.0.0
Netapp Oncommand Workflow Automation -
Netapp Active Iq Unified Manager -
9.8
CVSSv3
CVE-2022-22965
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e....
Vmware Spring Framework
Cisco Cx Cloud Agent
Oracle Sd-wan Edge 9.0
Oracle Retail Xstore Point Of Service 20.0.1
Oracle Communications Cloud Native Core Security Edge Protection Proxy 1.7.0
Oracle Financial Services Analytical Applications Infrastructure 8.1.1
Oracle Sd-wan Edge 9.1
Siemens Siveillance Identity 1.6
Siemens Siveillance Identity 1.5
Siemens Sipass Integrated 2.85
Siemens Sipass Integrated 2.80
Oracle Product Lifecycle Analytics 3.6.1
Oracle Financial Services Enterprise Case Management 8.1.1.0
Oracle Financial Services Enterprise Case Management 8.1.1.1
Oracle Financial Services Behavior Detection Platform 8.1.2.0
Oracle Financial Services Behavior Detection Platform 8.1.1.1
Oracle Financial Services Behavior Detection Platform 8.1.1.0
Oracle Communications Cloud Native Core Console 1.9.0
Oracle Communications Cloud Native Core Policy 1.15.0
Oracle Communications Cloud Native Core Unified Data Repository 1.15.0
Oracle Communications Cloud Native Core Unified Data Repository 22.1.0
Oracle Communications Cloud Native Core Security Edge Protection Proxy 22.1.0
171 Github repositories
7 Articles
9.8
CVSSv3
CVE-2021-44906
Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).
Substack Minimist
4 Github repositories
9.8
CVSSv3
CVE-2022-22720
Apache HTTP Server 2.4.52 and previous versions fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling
Apache Http Server
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Debian Debian Linux 9.0
Oracle Http Server 12.2.1.3.0
Oracle Http Server 12.2.1.4.0
Oracle Enterprise Manager Ops Center 12.4.0.0
Oracle Zfs Storage Appliance Kit 8.8
Apple Macos
Apple Mac Os X 10.15.7
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »