Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
storm vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2019-0202
The Apache Storm Logviewer daemon exposes HTTP-accessible endpoints to read/search log files on hosts running Storm. In Apache Storm versions 0.9.1-incubating to 1.2.2, it is possible to read files off the host's file system that were not intended to be accessible via these ...
Apache Storm 0.9.1
Apache Storm 0.9.2
Apache Storm
9.8
CVSSv3
CVE-2018-11779
In Apache Storm versions 1.1.0 to 1.2.2, when the user is using the storm-kafka-client or storm-kafka modules, it is possible to cause the Storm UI daemon to deserialize user provided bytes into a Java class.
Apache Storm
6.5
CVSSv3
CVE-2019-0046
A vulnerability in the pfe-chassisd Chassis Manager (CMLC) daemon of Juniper Networks Junos OS allows an malicious user to cause a Denial of Service (DoS) to the EX4300 when specific valid broadcast packets create a broadcast storm condition when received on the me0 interface of ...
Juniper Junos 16.1
Juniper Junos 17.1
Juniper Junos 17.2
Juniper Junos 17.3
Juniper Junos 17.4
Juniper Junos 18.1
Juniper Junos 18.2
8.8
CVSSv3
CVE-2019-12775
An issue exists on the ENTTEC Datagate MK2, Storm 24, Pixelator, and E-Streamer MK2 with firmware 70044_update_05032019-482. They allow high-privileged root access by www-data via sudo without requiring appropriate access control. (Furthermore, the user account that controls the ...
Enttec Datagate Mk2 Firmware 70044
Enttec Storm 24 Firmware 70044
Enttec Pixelator Firmware 70044
Enttec E-streamer Mk2 Firmware 70044
9.8
CVSSv3
CVE-2019-12776
An issue exists on the ENTTEC Datagate MK2, Storm 24, Pixelator, and E-Streamer MK2 with firmware 70044_update_05032019-482. They include a hard-coded SSH backdoor for remote SSH and SCP access as the root user. A command in the relocate and relocate_revB scripts copies the hardc...
Enttec Datagate Mk2 Firmware 70044
Enttec Storm 24 Firmware 70044
Enttec Pixelator Firmware 70044
Enttec E-streamer Mk2 Firmware 70044
7.8
CVSSv3
CVE-2019-12777
An issue exists on the ENTTEC Datagate MK2, Storm 24, Pixelator, and E-Streamer MK2 with firmware 70044_update_05032019-482. They replace secure and protected directory permissions (set as default by the underlying operating system) with highly insecure read, write, and execute d...
Enttec Datagate Mk2 Firmware 70044
Enttec Storm 24 Firmware 70044
Enttec Pixelator Firmware 70044
Enttec E-streamer Mk2 Firmware 70044
7.5
CVSSv3
CVE-2019-6542
ENTTEC Datagate MK2, Storm 24, Pixelator all firmware versions prior to (70044,70050,70060)_update_05032019-482 allows an unauthenticated user to initiate a remote reboot, which may be used to cause a denial of service condition.
Enttec Datagate Mk2 Firmware
Enttec Storm 24 Firmware
Enttec Pixelator Firmware
6.5
CVSSv3
CVE-2018-0054
On QFX5000 Series and EX4600 switches, a high rate of Ethernet pause frames or an ARP packet storm received on the management interface (fxp0) can cause egress interface congestion, resulting in routing protocol packet drops, such as BGP, leading to peering flaps. The following l...
Juniper Junos 14.1x53
Juniper Junos 15.1
Juniper Junos 15.1x53
Juniper Junos 16.1
Juniper Junos 16.2
Juniper Junos 17.1
Juniper Junos 17.2
Juniper Junos 17.2x75
Juniper Junos 17.3
Juniper Junos 17.4
Juniper Junos 18.1
6.5
CVSSv3
CVE-2018-0029
While experiencing a broadcast storm, placing the fxp0 interface into promiscuous mode via the 'monitor traffic interface fxp0' can cause the system to crash and restart (vmcore). This issue only affects Junos OS 15.1 and later releases, and affects both single core and...
Juniper Junos 15.1
Juniper Junos 15.1x49
Juniper Junos 15.1x53
Juniper Junos 16.1
Juniper Junos 16.2
Juniper Junos 17.1
Juniper Junos 17.2x75
Juniper Junos 17.3
Juniper Junos 17.4
Juniper Junos 17.2
8.8
CVSSv3
CVE-2018-1331
In Apache Storm 0.10.0 up to and including 0.10.2, 1.0.0 up to and including 1.0.6, 1.1.0 up to and including 1.1.2, and 1.2.0 up to and including 1.2.1, an attacker with access to a secure storm cluster in some cases could execute arbitrary code as a different user.
Apache Storm
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »