Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
reflection vulnerabilities and exploits
(subscribe to this query)
605
VMScore
CVE-2019-9498
The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid scalar/element values to complete au...
W1.fi Hostapd
W1.fi Wpa Supplicant
Fedoraproject Fedora 28
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Opensuse Leap 15.1
Opensuse Backports Sle 15.0
Debian Debian Linux 8.0
Synology Router Manager 1.2
Synology Radius Server 3.0
Freebsd Freebsd 11.2
Freebsd Freebsd 12.0
Freebsd Freebsd
605
VMScore
CVE-2019-9499
The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may complete authentication, session key and control of th...
W1.fi Hostapd
W1.fi Wpa Supplicant
Fedoraproject Fedora 28
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Opensuse Leap 15.1
Opensuse Backports Sle 15.0
Debian Debian Linux 8.0
Synology Router Manager 1.2
Synology Radius Server 3.0
Freebsd Freebsd 11.2
Freebsd Freebsd 12.0
Freebsd Freebsd
605
VMScore
CVE-2014-5211
Stack-based buffer overflow in the Attachmate Reflection FTP Client prior to 14.1.433 allows remote FTP servers to execute arbitrary code via a large PWD response.
Attachmate Reflection Ftp Client 14.1.429
605
VMScore
CVE-2009-3983
Mozilla Firefox prior to 3.0.16 and 3.5.x prior to 3.5.6, and SeaMonkey prior to 2.0.1, allows remote malicious users to send authenticated requests to arbitrary applications by replaying the NTLM credentials of a browser user.
Mozilla Firefox 3.5.4
Mozilla Firefox 3.5.5
Mozilla Seamonkey 1.0.4
Mozilla Seamonkey 1.0.3
Mozilla Seamonkey 1.0.9
Mozilla Seamonkey 1.1.14
Mozilla Seamonkey 1.1.2
Mozilla Seamonkey 1.1.13
Mozilla Seamonkey 1.1
Mozilla Seamonkey 1.1.7
Mozilla Seamonkey 2.0
Mozilla Firefox 0.3
Mozilla Firefox 0.4
Mozilla Firefox 0.9.1
Mozilla Firefox 0.9
Mozilla Firefox 0.9.3
Mozilla Firefox 1.0
Mozilla Firefox 1.0.3
Mozilla Firefox 1.5.0.4
Mozilla Firefox 1.4.1
Mozilla Firefox 1.5
Mozilla Firefox 1.5.6
605
VMScore
CVE-2009-3984
Mozilla Firefox prior to 3.0.16 and 3.5.x prior to 3.5.6, and SeaMonkey prior to 2.0.1, allows remote malicious users to spoof an SSL indicator for an http URL or a file URL by setting document.location to an https URL corresponding to a site that responds with a No Content (aka ...
Mozilla Seamonkey 1.5.0.9
Mozilla Seamonkey 2.0
Mozilla Firefox 0.6.1
Mozilla Firefox 0.3
Mozilla Firefox 0.8
Mozilla Firefox 0.9.1
Mozilla Firefox 1.0.1
Mozilla Firefox 1.0
Mozilla Firefox 1.0.8
Mozilla Firefox 1.5.0.4
Mozilla Firefox 1.5.0.1
Mozilla Firefox 1.5.0.10
Mozilla Firefox 1.5.0.8
Mozilla Firefox 1.5.0.9
Mozilla Firefox 1.5.7
Mozilla Firefox 1.5
Mozilla Firefox 2.0.0.15
Mozilla Firefox 2.0.0.16
Mozilla Firefox 2.0.0.4
Mozilla Firefox 2.0.0.5
Mozilla Firefox 2.0 .1
Mozilla Firefox 2.0 .10
605
VMScore
CVE-2009-3985
Mozilla Firefox prior to 3.0.16 and 3.5.x prior to 3.5.6, and SeaMonkey prior to 2.0.1, allows remote malicious users to associate spoofed content with an invalid URL by setting document.location to this URL, and then writing arbitrary web script or HTML to the associated blank d...
Mozilla Firefox 3.5.3
Mozilla Firefox 3.5.4
Mozilla Firefox 3.5.5
Mozilla Seamonkey 1.0.4
Mozilla Seamonkey 1.0.3
Mozilla Seamonkey 1.0.99
Mozilla Seamonkey 1.0.9
Mozilla Seamonkey 1.1.2
Mozilla Seamonkey 1.1.13
Mozilla Seamonkey 1.1
Mozilla Seamonkey 1.1.7
Mozilla Seamonkey 2.0
Mozilla Firefox 0.3
Mozilla Firefox 0.4
Mozilla Firefox 0.9.1
Mozilla Firefox 0.9
Mozilla Firefox 1.0.1
Mozilla Firefox 1.0
Mozilla Firefox 1.5.0.4
Mozilla Firefox 1.4.1
Mozilla Firefox 1.5.0.10
Mozilla Firefox 1.5
578
VMScore
CVE-2019-10174
A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan's privileges. The attacker can use reflection to introduce new, malicious be...
Infinispan Infinispan
Redhat Fuse 1.0
Redhat Jboss Data Grid -
Redhat Jboss Enterprise Application Platform -
Redhat Openshift Application Runtimes -
Redhat Single Sign-on -
Redhat Jboss Enterprise Application Platform 7.2
Netapp Active Iq Unified Manager -
578
VMScore
CVE-2006-0705
Format string vulnerability in a logging function as used by various SFTP servers, including (1) AttachmateWRQ Reflection for Secure IT UNIX Server prior to 6.0.0.9, (2) Reflection for Secure IT Windows Server prior to 6.0 build 38, (3) F-Secure SSH Server for Windows prior to 5....
Attachmatewrq Reflection For Secure It Server 6.0
F-secure F-secure Ssh Server 3.0.0
F-secure F-secure Ssh Server 3.0.6
F-secure F-secure Ssh Server 3.0.7
F-secure F-secure Ssh Server 3.2.3
F-secure F-secure Ssh Server 5.0
F-secure F-secure Ssh Server 3.0.1
F-secure F-secure Ssh Server 3.0.8
F-secure F-secure Ssh Server 3.0.9
F-secure F-secure Ssh Server 5.1
F-secure F-secure Ssh Server 5.2
F-secure F-secure Ssh Server 3.0.2
F-secure F-secure Ssh Server 3.0.3
F-secure F-secure Ssh Server 3.1.0
F-secure F-secure Ssh Server 5.3
F-secure F-secure Ssh Server 3.0.4
F-secure F-secure Ssh Server 3.0.5
F-secure F-secure Ssh Server 3.1.0 Build9
F-secure F-secure Ssh Server 3.2.0
570
VMScore
CVE-2021-39185
Http4s is a minimal, idiomatic Scala interface for HTTP services. In http4s versions 0.21.26 and prior, 0.22.0 up to and including 0.22.2, 0.23.0, 0.23.1, and 1.0.0-M1 up to and including 1.0.0-M24, the default CORS configuration is vulnerable to an origin reflection attack. The ...
Typelevel Http4s
Typelevel Http4s 0.23.0
Typelevel Http4s 0.23.1
Typelevel Http4s 1.0.0
570
VMScore
CVE-2017-6519
avahi-daemon in Avahi up to and including 0.6.32 and 0.7 inadvertently responds to IPv6 unicast queries with source addresses that are not on-link, which allows remote malicious users to cause a denial of service (traffic amplification) and may cause information leakage by obtain...
Avahi Avahi
Avahi Avahi 0.7
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »