Total
329 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2013-7397 | 2 Async-http-client Project, Redhat | 2 Async-http-client, Jboss Fuse | 2023-12-10 | 4.3 MEDIUM | N/A |
Async Http Client (aka AHC or async-http-client) before 1.9.0 skips X.509 certificate verification unless both a keyStore location and a trustStore location are explicitly set, which allows man-in-the-middle attackers to spoof HTTPS servers by presenting an arbitrary certificate during use of a typical AHC configuration, as demonstrated by a configuration that does not send client certificates. | |||||
CVE-2015-6854 | 1 Broadcom | 1 Single Sign-on | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
The non-Domino web agents in CA Single Sign-On (aka SSO, formerly SiteMinder) R6, R12.0 before SP3 CR13, R12.0J before SP3 CR1.2, and R12.5 before CR5 allow remote attackers to cause a denial of service (daemon crash) or obtain sensitive information via a crafted request. | |||||
CVE-2014-4883 | 1 Lwip Project | 1 Lwip | 2023-12-10 | 4.3 MEDIUM | N/A |
resolv.c in the DNS resolver in uIP, and dns.c in the DNS resolver in lwIP 1.4.1 and earlier, does not use random values for ID fields and source ports of DNS query packets, which makes it easier for man-in-the-middle attackers to conduct cache-poisoning attacks via spoofed reply packets. | |||||
CVE-2014-0364 | 1 Igniterealtime | 1 Smack | 2023-12-10 | 5.0 MEDIUM | N/A |
The ParseRoster component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify the from attribute of a roster-query IQ stanza, which allows remote attackers to spoof IQ responses via a crafted attribute. | |||||
CVE-2014-8165 | 1 Powerpc-utils Project | 1 Powerpc-utils | 2023-12-10 | 10.0 HIGH | N/A |
scripts/amsvis/powerpcAMS/amsnet.py in powerpc-utils-python uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object. | |||||
CVE-2015-0259 | 1 Openstack | 1 Nova | 2023-12-10 | 5.1 MEDIUM | N/A |
OpenStack Compute (Nova) before 2014.1.4, 2014.2.x before 2014.2.3, and kilo before kilo-3 does not validate the origin of websocket requests, which allows remote attackers to hijack the authentication of users for access to consoles via a crafted webpage. | |||||
CVE-2014-2718 | 2 Asus, T-mobile | 10 Rt-ac56r, Rt-ac66r, Rt-ac66u and 7 more | 2023-12-10 | 7.1 HIGH | N/A |
ASUS RT-AC68U, RT-AC66R, RT-AC66U, RT-AC56R, RT-AC56U, RT-N66R, RT-N66U, RT-N56R, RT-N56U, and possibly other RT-series routers before firmware 3.0.0.4.376.x do not verify the integrity of firmware (1) update information or (2) downloaded updates, which allows man-in-the-middle (MITM) attackers to execute arbitrary code via a crafted image. | |||||
CVE-2014-4936 | 1 Malwarebytes | 2 Malwarebytes Anti-exploit, Malwarebytes Anti-malware | 2023-12-10 | 9.3 HIGH | N/A |
The upgrade functionality in Malwarebytes Anti-Malware (MBAM) consumer before 2.0.3 and Malwarebytes Anti-Exploit (MBAE) consumer 1.04.1.1012 and earlier allow man-in-the-middle attackers to execute arbitrary code by spoofing the update server and uploading an executable. | |||||
CVE-2015-0251 | 5 Apache, Apple, Opensuse and 2 more | 9 Subversion, Xcode, Opensuse and 6 more | 2023-12-10 | 4.0 MEDIUM | N/A |
The mod_dav_svn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 through 1.8.11 allows remote authenticated users to spoof the svn:author property via a crafted v1 HTTP protocol request sequences. |