Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
update-manager vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2012-0950
The Apport hook (DistUpgradeApport.py) in Update Manager, as used by Ubuntu 12.04 LTS, 11.10, and 11.04, uploads the /var/log/dist-upgrade directory when reporting bugs to Launchpad, which allows remote malicious users to read repository credentials by viewing a public bug report...
Canonical Ubuntu Linux 11.04
Canonical Ubuntu Linux 11.10
Canonical Ubuntu Linux 12.04
6.5
CVSSv3
CVE-2021-22018
The vCenter Server contains an arbitrary file deletion vulnerability in a VMware vSphere Life-cycle Manager plug-in. A malicious actor with network access to port 9087 on vCenter Server may exploit this issue to delete non critical files.
Vmware Cloud Foundation
Vmware Vcenter Server 7.0
NA
CVE-2010-1183
Certain patch-installation scripts in Oracle Solaris allow local users to append data to arbitrary files via a symlink attack on the /tmp/CLEANUP temporary file, related to use of Update Manager.
Sun Solaris
3 EDB exploits
NA
CVE-2013-6208
Unspecified vulnerability in HP Smart Update Manager 5.3.5 before build 70 on Linux allows local users to gain privileges via unknown vectors.
Hp Smart Update Manager 5.3.5
NA
CVE-2015-7303
Use-after-free vulnerability in the Update Manager service in Avira Management Console allows remote malicious users to execute arbitrary code via a large header.
Avira Management Console
NA
CVE-2012-1612
Cross-site scripting (XSS) vulnerability in the update manager in Joomla! 2.5.x prior to 2.5.4 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Joomla Joomla\\! 2.5.2
Joomla Joomla\\! 2.5.3
Joomla Joomla\\! 2.5.0
Joomla Joomla\\! 2.5.1
9.8
CVSSv3
CVE-2020-28653
Zoho ManageEngine OpManager Stable build prior to 125203 (and Released build prior to 125233) allows Remote Code Execution via the Smart Update Manager (SUM) servlet.
Zohocorp Manageengine Opmanager
Zohocorp Manageengine Opmanager 12.5
3 Github repositories
NA
CVE-2014-2608
Unspecified vulnerability in HP Smart Update Manager 6.x prior to 6.4.1 on Windows, and 6.2.x up to and including 6.4.x prior to 6.4.1 on Linux, allows local users to obtain sensitive information, and consequently gain privileges, via unknown vectors.
Hpe Smart Update Manager
9.8
CVSSv3
CVE-2021-45389
A flaw was found with the JWT token. A self-signed JWT token could be injected into the update manager and bypass the authentication process, thus could escalate privileges. This affects StarWind SAN and NAS build 1578 and StarWind Command Center build 6864.
Starwind Command Center 6864
Starwind San\\&nas 1578
NA
CVE-2009-1523
Directory traversal vulnerability in the HTTP server in Mort Bay Jetty 5.1.14, 6.x prior to 6.1.17, and 7.x up to and including 7.0.0.M2 allows remote malicious users to access arbitrary files via directory traversal sequences in the URI.
Mortbay Jetty 6.1.15
Mortbay Jetty 6.1.12
Mortbay Jetty 6.1.6
Mortbay Jetty 6.1.5
Mortbay Jetty 6.1.2
Mortbay Jetty 6.1.1
Mortbay Jetty 5.1.13
Mortbay Jetty 5.1.14
Mortbay Jetty 6.0.1
Mortbay Jetty 6.0.0
Mortbay Jetty 5.1.8
Mortbay Jetty 5.1.7
Mortbay Jetty 5.1.4
Mortbay Jetty 5.1.3
Mortbay Jetty 5.1.1
Mortbay Jetty 5.1.0
Mortbay Jetty 5.1
Mortbay Jetty 5.0.0
Mortbay Jetty 4.2.22
Mortbay Jetty 4.2.16
Mortbay Jetty 5.0
Mortbay Jetty 4.2.14
2 EDB exploits
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
encryption
CVE-2024-4331
CVE-2024-26925
arbitrary code
CVE-2006-4304
CVE-2024-25458
CVE-2024-27077
reflected XSS
CVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »