Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

microsoft internet information services 8.0 vulnerabilities and exploits

(subscribe to this query)
5.1
CVSSv2
CVE-2014-4078
The IP Security feature in Microsoft Internet Information Services (IIS) 8.0 and 8.5 does not properly process wildcard allow and deny rules for domains within the "IP Address and Domain Restrictions" list, which makes it easier for remote malicious users to bypass an i...
Microsoft Internet Information Services 8.5Microsoft Internet Information Services 8.0
4.3
CVSSv2
CVE-2019-11358
jQuery prior to 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
Jquery JqueryDebian Debian Linux 8.0Debian Debian Linux 9.0Debian Debian Linux 10.0Drupal DrupalBackdropcms BackdropFedoraproject Fedora 28Fedoraproject Fedora 29Fedoraproject Fedora 30Opensuse Leap 15.1Opensuse Backports Sle 15.0Netapp Snapcenter -Netapp Oncommand System ManagerRedhat Cloudforms 4.7Redhat Virtualization Manager 4.3Oracle Service Bus 12.1.3.0.0Oracle Primavera Unifier 16.2Oracle Jd Edwards Enterpriseone Tools 9.2Oracle Weblogic Server 12.1.3.0.0Oracle Service Bus 11.1.1.9.0Oracle Jdeveloper 11.1.1.9.0Oracle Primavera Unifier 16.1
4.3
CVSSv2
CVE-2015-4000
The TLS protocol 1.2 and previous versions, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle malicious users to conduct cipher-downgrade attacks by rewriting a ClientHello with D...
Openssl OpensslCanonical Ubuntu Linux 12.04Canonical Ubuntu Linux 14.10Canonical Ubuntu Linux 14.04Canonical Ubuntu Linux 15.04Hp Hp-ux B.11.31Ibm Content Manager 8.5Oracle Jrockit R28.3.6Debian Debian Linux 8.0Debian Debian Linux 7.0Oracle Jdk 1.8.0Oracle Jre 1.7.0Oracle Jre 1.6.0Oracle Jre 1.8.0Oracle Jdk 1.7.0Oracle Jdk 1.6.0Suse Linux Enterprise Server 11.0Suse Linux Enterprise Software Development Kit 12Suse Linux Enterprise Desktop 12Suse Suse Linux Enterprise Server 12Apple Mac Os XApple Iphone Os
5.8
CVSSv2
CVE-2009-3555
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and previous versions, OpenSSL prior to 0.9.8l, GnuTLS 2.8.5 and previous versions, Mozilla Network Security Ser...
Openssl Openssl 1.0Apache Http ServerOpenssl OpensslGnu GnutlsMozilla NssDebian Debian Linux 5.0Canonical Ubuntu Linux 10.10Fedoraproject Fedora 11Fedoraproject Fedora 13Debian Debian Linux 4.0Debian Debian Linux 8.0Debian Debian Linux 7.0Canonical Ubuntu Linux 9.04Debian Debian Linux 6.0Fedoraproject Fedora 12Canonical Ubuntu Linux 8.04Canonical Ubuntu Linux 10.04Canonical Ubuntu Linux 8.10Canonical Ubuntu Linux 9.10Fedoraproject Fedora 14F5 Nginx
7.5
CVSSv2
CVE-2020-11651
An issue exists in SaltStack Salt prior to 2019.2.4 and 3000 prior to 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods can be used to retrieve user toke...
Saltstack SaltOpensuse Leap 15.1Debian Debian Linux 8.0Debian Debian Linux 9.0Debian Debian Linux 10.0Canonical Ubuntu Linux 18.04Canonical Ubuntu Linux 16.04Vmware Application Remote Collector 8.0.0Vmware Application Remote Collector 7.5.0
4
CVSSv2
CVE-2020-11652
An issue exists in SaltStack Salt prior to 2019.2.4 and 3000 prior to 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users.
Saltstack SaltOpensuse Leap 15.1Debian Debian Linux 8.0Debian Debian Linux 9.0Debian Debian Linux 10.0Canonical Ubuntu Linux 18.04Canonical Ubuntu Linux 16.04Blackberry Workspaces Server 9.1.0Blackberry Workspaces ServerVmware Application Remote Collector 8.0.0Vmware Application Remote Collector 7.5.0
4
CVSSv2
CVE-2015-7850
ntpd in NTP 4.2.x prior to 4.2.8p4, and 4.3.x prior to 4.3.77 allows remote authenticated users to cause a denial of service (infinite loop or crash) by pointing the key file at the log file.
Ntp NtpNtp Ntp 4.2.8Debian Debian Linux 7.0Debian Debian Linux 8.0Debian Debian Linux 9.0Netapp Oncommand Balance -Netapp Oncommand Performance Manager -Netapp Oncommand Unified Manager -Netapp Clustered Data Ontap -Netapp Data Ontap -
4
CVSSv2
CVE-2015-7855
The decodenetnum function in ntpd in NTP 4.2.x prior to 4.2.8p4, and 4.3.x prior to 4.3.77 allows remote malicious users to cause a denial of service (assertion failure) via a 6 or mode 7 packet containing a long data value.
Ntp NtpNtp Ntp 4.2.8Debian Debian Linux 7.0Debian Debian Linux 8.0Debian Debian Linux 9.0Netapp Oncommand Balance -Netapp Oncommand Performance Manager -Netapp Oncommand Unified Manager -Netapp Clustered Data Ontap -Netapp Data Ontap -Siemens Tim 4r-ie FirmwareSiemens Tim 4r-ie Dnp3 Firmware
7.5
CVSSv2
CVE-2015-7871
Crypto-NAK packets in ntpd in NTP 4.2.x prior to 4.2.8p4, and 4.3.x prior to 4.3.77 allows remote malicious users to bypass authentication.
Ntp Ntp 4.2.5Ntp NtpNtp Ntp 4.2.8Debian Debian Linux 7.0Debian Debian Linux 8.0Debian Debian Linux 9.0Netapp Oncommand Balance -Netapp Oncommand Performance Manager -Netapp Oncommand Unified Manager -Netapp Clustered Data Ontap -Netapp Data Ontap -
6.8
CVSSv2
CVE-2015-0209
Use-after-free vulnerability in the d2i_ECPrivateKey function in crypto/ec/ec_asn1.c in OpenSSL prior to 0.9.8zf, 1.0.0 prior to 1.0.0r, 1.0.1 prior to 1.0.1m, and 1.0.2 prior to 1.0.2a might allow remote malicious users to cause a denial of service (memory corruption and applica...
Openssl Openssl 1.0.1jOpenssl Openssl 1.0.0nOpenssl Openssl 1.0.0cOpenssl Openssl 1.0.0iOpenssl Openssl 1.0.1hOpenssl Openssl 1.0.0mOpenssl Openssl 1.0.1cOpenssl Openssl 1.0.1gOpenssl Openssl 1.0.0hOpenssl Openssl 1.0.0eOpenssl Openssl 1.0.0fOpenssl Openssl 1.0.0dOpenssl Openssl 1.0.0jOpenssl Openssl 1.0.0pOpenssl Openssl 1.0.1aOpenssl Openssl 1.0.0oOpenssl Openssl 1.0.1dOpenssl Openssl 1.0.0kOpenssl Openssl 1.0.1kOpenssl Openssl 1.0.0Openssl Openssl 1.0.1bOpenssl Openssl 1.0.1e
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322CVE-2006-4304wirelessCVE-2023-23022local file inclusionCVE-2024-27058CVE-2024-33820open redirectCVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook