Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
digest vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-23546
In version 2.9.0.beta14 of Discourse, an open-source discussion platform, maliciously embedded urls can leak an admin's digest of recent topics, possibly exposing private information. A patch is available for version 2.9.0.beta15. There are no known workarounds for this issu...
Discourse Discourse 2.9.0
Discourse Discourse
9.3
CVSSv2
CVE-2015-8892
platform/msm_shared/boot_verifier.c in the Qualcomm components in Android prior to 2016-07-05 on Nexus 5X and 6P devices allows malicious users to bypass intended access restrictions via a digest with trailing data, aka Android internal bug 28822807 and Qualcomm internal bug CR90...
Google Android
5
CVSSv2
CVE-2014-2212
The remember me feature in portal/scr_authentif.php in POSH (aka Posh portal or Portaneo) 3.0, 3.2.1, 3.3.0, and previous versions stores the username and MD5 digest of the password in cleartext in a cookie, which allows malicious users to obtain sensitive information by reading ...
Posh Project Posh 3.0
Posh Project Posh 2.3
Posh Project Posh 2.2.1
Posh Project Posh 2.2
Posh Project Posh 2.1
Posh Project Posh 2.2.3
Posh Project Posh 3.0.1
Posh Project Posh 3.0.3
Posh Project Posh 3.2.1
Posh Project Posh 3.0.4
Posh Project Posh 2.0
Posh Project Posh 3.1.0
Posh Project Posh
Posh Project Posh 1.5
Posh Project Posh 1.3.0
Posh Project Posh 1.1.0
Posh Project Posh 1.5.1
Posh Project Posh 1.4.2
Posh Project Posh 1.3.2
Posh Project Posh 3.1.1
Posh Project Posh 3.0.2
Posh Project Posh 3.1.2
5
CVSSv2
CVE-2014-8179
Docker Engine prior to 1.8.3 and CS Docker Engine prior to 1.6.2-CS7 does not properly validate and extract the manifest object from its JSON representation during a pull, which allows malicious users to inject new attributes in a JSON object and bypass pull-by-digest validation.
Docker Cs Engine
Docker Docker
Opensuse Opensuse 13.2
7.5
CVSSv2
CVE-2012-1184
Stack-based buffer overflow in the ast_parse_digest function in main/utils.c in Asterisk 1.8.x prior to 1.8.10.1 and 10.x prior to 10.2.1 allows remote malicious users to cause a denial of service (crash) or possibly execute arbitrary code via a long string in an HTTP Digest Auth...
Digium Asterisk 1.8.0
Digium Asterisk 1.8.2.2
Digium Asterisk 1.8.2.1
Digium Asterisk 1.8.3
Digium Asterisk 1.8.3.2
Digium Asterisk 1.8.4.1
Digium Asterisk 1.8.4.3
Digium Asterisk 1.8.6.0
Digium Asterisk 1.8.8.0
Digium Asterisk 1.8.9.3
Digium Asterisk 1.8.9.0
Digium Asterisk 1.8.10.0
Digium Asterisk 1.8.3.3
Digium Asterisk 1.8.4
Digium Asterisk 1.8.5
Digium Asterisk 1.8.5.0
Digium Asterisk 1.8.7.0
Digium Asterisk 1.8.7.1
Digium Asterisk 1.8.8.2
Digium Asterisk 1.8.9.1
Digium Asterisk 1.8.2.3
Digium Asterisk 1.8.3.1
1 EDB exploit
7.5
CVSSv2
CVE-2007-3319
The Avaya 4602SW IP Phone (Model 4602D02A) with 2.2.2 and previous versions SIP firmware does not use the cnonce parameter in the Authorization header of SIP requests during MD5 digest authentication, which allows remote malicious users to conduct man-in-the-middle attacks and hi...
Avaya 4602sw Ip Phone R2.2
6.4
CVSSv2
CVE-2007-3946
mod_auth (http_auth.c) in lighttpd prior to 1.4.16 allows remote malicious users to cause a denial of service (daemon crash) via unspecified vectors involving (1) a memory leak, (2) use of md5-sess without a cnonce, (3) base64 encoded strings, and (4) trailing whitespace in the A...
Lighttpd Lighttpd
5
CVSSv2
CVE-2011-5062
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x prior to 5.5.34, 6.x prior to 6.0.33, and 7.x prior to 7.0.12 does not check qop values, which might allow remote malicious users to bypass intended integrity-protection requirements via a qop=auth value,...
Apache Tomcat 5.5.27
Apache Tomcat 5.5.18
Apache Tomcat 5.5.12
Apache Tomcat 5.5.14
Apache Tomcat 5.5.10
Apache Tomcat 5.5.4
Apache Tomcat 5.5.7
Apache Tomcat 5.5.1
Apache Tomcat 5.5.11
Apache Tomcat 5.5.28
Apache Tomcat 5.5.6
Apache Tomcat 5.5.26
Apache Tomcat 5.5.20
Apache Tomcat 5.5.15
Apache Tomcat 5.5.5
Apache Tomcat 5.5.30
Apache Tomcat 5.5.21
Apache Tomcat 5.5.22
Apache Tomcat 5.5.3
Apache Tomcat 5.5.32
Apache Tomcat 5.5.31
Apache Tomcat 5.5.9
6.8
CVSSv2
CVE-2018-8715
The Embedthis HTTP library, and Appweb versions prior to 7.0.3, have a logic flaw related to the authCondition function in http/httpLib.c. With a forged HTTP request, it is possible to bypass authentication for the form and digest login types.
Embedthis Appweb
3 Github repositories
3.5
CVSSv2
CVE-2015-1619
Cross-site scripting (XSS) vulnerability in the Secure Web Mail Client user interface in McAfee Email Gateway (MEG) 7.6.x prior to 7.6.3.2, 7.5.x prior to 75.6, 7.0.x up to and including 7.0.5, 5.6, and previous versions allows remote authenticated users to inject arbitrary web s...
Mcafee Email Gateway 7.6.1
Mcafee Email Gateway 7.6.2
Mcafee Email Gateway 7.6.3
Mcafee Email Gateway 7.5
Mcafee Email Gateway 7.5.1
Mcafee Email Gateway 7.0
Mcafee Email Gateway 7.0.1
Mcafee Email Gateway 7.0.2
Mcafee Email Gateway 7.0.3
Mcafee Email Gateway 7.6
Mcafee Email Gateway 7.5.3
Mcafee Email Gateway 7.5.5
Mcafee Email Gateway 7.0.4
Mcafee Email Gateway
Mcafee Email Gateway 7.5.2
Mcafee Email Gateway 7.5.4
Mcafee Email Gateway 7.0.5
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »