Total
329 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-3016 | 1 Ibm | 6 Security Access Manager 9.0 Firmware, Security Access Manager For Mobile 8.0 Firmware, Security Access Manager For Mobile Appliance and 3 more | 2023-12-10 | 3.5 LOW | 4.4 MEDIUM |
IBM Security Access Manager for Web processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code, which could allow an authenticated attacker to load malicious code. | |||||
CVE-2017-0563 | 1 Linux | 1 Linux Kernel | 2023-12-10 | 9.3 HIGH | 7.8 HIGH |
An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-32089409. | |||||
CVE-2016-9450 | 1 Drupal | 1 Drupal | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The user password reset form in Drupal 8.x before 8.2.3 allows remote attackers to conduct cache poisoning attacks by leveraging failure to specify a correct cache context. | |||||
CVE-2015-2908 | 1 Mobile Devices | 1 C4 Obd-ii Dongle Firmware | 2023-12-10 | 9.0 HIGH | N/A |
Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, do not validate firmware updates, which allows remote attackers to execute arbitrary code by specifying an update server. | |||||
CVE-2013-7398 | 2 Async-http-client Project, Redhat | 2 Async-http-client, Jboss Fuse | 2023-12-10 | 4.3 MEDIUM | N/A |
main/java/com/ning/http/client/AsyncHttpClientConfig.java in Async Http Client (aka AHC or async-http-client) before 1.9.0 does not require a hostname match during verification of X.509 certificates, which allows man-in-the-middle attackers to spoof HTTPS servers via an arbitrary valid certificate. | |||||
CVE-2015-8254 | 1 Rsi Video Technologies | 1 Frontel Protocol | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
The Frontel protocol before 3 on RSI Video Technologies Videofied devices does not use integrity protection, which makes it easier for man-in-the-middle attackers to (1) initiate a false alarm or (2) deactivate an alarm by modifying the client-server data stream. | |||||
CVE-2016-4554 | 3 Canonical, Oracle, Squid-cache | 3 Ubuntu Linux, Linux, Squid | 2023-12-10 | 5.0 MEDIUM | 8.6 HIGH |
mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin restrictions and possibly conduct cache-poisoning attacks via a crafted HTTP Host header, aka a "header smuggling" issue. | |||||
CVE-2016-3983 | 1 Mcafee | 1 Advanced Threat Defense | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
McAfee Advanced Threat Defense (ATD) before 3.4.8.178 might allow remote attackers to bypass malware detection by leveraging information about the parent process. | |||||
CVE-2016-2346 | 1 Allroundautomations | 1 Pl\/sql Developer | 2023-12-10 | 6.8 MEDIUM | 8.1 HIGH |
Allround Automations PL/SQL Developer 11 before 11.0.6 relies on unverified HTTP data for updates, which allows man-in-the-middle attackers to execute arbitrary code by modifying fields in the client-server data stream. | |||||
CVE-2016-1731 | 1 Apple | 1 Software Update | 2023-12-10 | 5.0 MEDIUM | 5.9 MEDIUM |
Apple Software Update before 2.2 on Windows does not use HTTPS, which makes it easier for man-in-the-middle attackers to spoof updates by modifying the client-server data stream. | |||||
CVE-2015-7539 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2023-12-10 | 7.6 HIGH | 7.5 HIGH |
The Plugins Manager in Jenkins before 1.640 and LTS before 1.625.2 does not verify checksums for plugin files referenced in update site data, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted plugin. | |||||
CVE-2016-3677 | 1 Huawei | 2 Hilink App, Wear App | 2023-12-10 | 6.8 MEDIUM | 6.5 MEDIUM |
The Huawei Wear App application before 15.0.0.307 for Android does not validate SSL certificates, which allows local users to have unspecified impact via unknown vectors, aka HWPSIRT-2016-03008. | |||||
CVE-2016-0818 | 1 Google | 1 Android | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
The caching functionality in the TrustManagerImpl class in TrustManagerImpl.java in Conscrypt in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 mishandles the distinction between an intermediate CA and a trusted root CA, which allows man-in-the-middle attackers to spoof servers by leveraging access to an intermediate CA to issue a certificate, aka internal bug 26232830. | |||||
CVE-2015-6853 | 1 Broadcom | 1 Single Sign-on | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
The Domino web agent in CA Single Sign-On (aka SSO, formerly SiteMinder) R6, R12.0 before SP3 CR13, R12.0J before SP3 CR1.2, R12.5 before CR5, R12.51 before CR4, and R12.52 before SP1 CR3 allows remote attackers to cause a denial of service (daemon crash) or obtain sensitive information via a crafted request. | |||||
CVE-2014-5406 | 1 Hospira | 3 Lifecare Pca3, Lifecare Pca5, Lifecare Pcainfusion Firmware | 2023-12-10 | 9.3 HIGH | N/A |
The Hospira LifeCare PCA Infusion System before 7.0 does not validate network traffic associated with sending a (1) drug library, (2) software update, or (3) configuration change, which allows remote attackers to modify settings or medication data via packets on the (a) TELNET, (b) HTTP, (c) HTTPS, or (d) UPNP port. NOTE: this issue might overlap CVE-2015-3459. | |||||
CVE-2016-4553 | 3 Canonical, Oracle, Squid-cache | 3 Ubuntu Linux, Linux, Squid | 2023-12-10 | 5.0 MEDIUM | 8.6 HIGH |
client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host header when absolute-URI is provided, which allows remote attackers to conduct cache-poisoning attacks via an HTTP request. | |||||
CVE-2015-4674 | 1 Timedoctor | 1 Timedoctor | 2023-12-10 | 9.3 HIGH | N/A |
The autoupdate implementation in TimeDoctor Pro 1.4.72.3 on Windows relies on unsigned installer files that are retrieved without use of SSL, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted file. | |||||
CVE-2016-1493 | 1 Intel | 1 Driver Update Utility | 2023-12-10 | 7.6 HIGH | 7.5 HIGH |
Intel Driver Update Utility before 2.4 retrieves driver updates in cleartext, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted file. | |||||
CVE-2015-3908 | 1 Redhat | 1 Ansible | 2023-12-10 | 4.3 MEDIUM | N/A |
Ansible before 1.9.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||
CVE-2016-2309 | 1 Irz | 1 Ruh2 | 2023-12-10 | 8.0 HIGH | 7.2 HIGH |
iRZ RUH2 before 2b does not validate firmware patches, which allows remote authenticated users to modify data or cause a denial of service via unspecified vectors. |