Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
digest vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2010-2978
Cisco Unified Wireless Network (UWN) Solution 7.x prior to 7.0.98.0 does not use an adequate message-digest algorithm for a self-signed certificate, which allows remote malicious users to bypass intended access restrictions via vectors involving collisions, aka Bug ID CSCtd67660.
Cisco Unified Wireless Network Solution Software 7.0
Cisco Unified Wireless Network Solution Software 7.0.98.0
5.5
CVSSv3
CVE-2022-23546
In version 2.9.0.beta14 of Discourse, an open-source discussion platform, maliciously embedded urls can leak an admin's digest of recent topics, possibly exposing private information. A patch is available for version 2.9.0.beta15. There are no known workarounds for this issu...
Discourse Discourse 2.9.0
Discourse Discourse
7.8
CVSSv3
CVE-2015-8892
platform/msm_shared/boot_verifier.c in the Qualcomm components in Android prior to 2016-07-05 on Nexus 5X and 6P devices allows malicious users to bypass intended access restrictions via a digest with trailing data, aka Android internal bug 28822807 and Qualcomm internal bug CR90...
Google Android
NA
CVE-2014-2212
The remember me feature in portal/scr_authentif.php in POSH (aka Posh portal or Portaneo) 3.0, 3.2.1, 3.3.0, and previous versions stores the username and MD5 digest of the password in cleartext in a cookie, which allows malicious users to obtain sensitive information by reading ...
Posh Project Posh 3.0
Posh Project Posh 2.3
Posh Project Posh 2.2.1
Posh Project Posh 2.2
Posh Project Posh 2.1
Posh Project Posh 2.2.3
Posh Project Posh 3.0.1
Posh Project Posh 3.0.3
Posh Project Posh 3.2.1
Posh Project Posh 3.0.4
Posh Project Posh 2.0
Posh Project Posh 3.1.0
Posh Project Posh
Posh Project Posh 1.5
Posh Project Posh 1.3.0
Posh Project Posh 1.1.0
Posh Project Posh 1.5.1
Posh Project Posh 1.4.2
Posh Project Posh 1.3.2
Posh Project Posh 3.1.1
Posh Project Posh 3.0.2
Posh Project Posh 3.1.2
7.5
CVSSv3
CVE-2014-8179
Docker Engine prior to 1.8.3 and CS Docker Engine prior to 1.6.2-CS7 does not properly validate and extract the manifest object from its JSON representation during a pull, which allows malicious users to inject new attributes in a JSON object and bypass pull-by-digest validation.
Docker Cs Engine
Docker Docker
Opensuse Opensuse 13.2
NA
CVE-2024-37032
Ollama prior to 0.1.34 does not validate the format of the digest (sha256 with 64 hex digits) when getting the model path, and thus mishandles the TestGetBlobsPath test cases such as fewer than 64 hex digits, more than 64 hex digits, or an initial ../ substring.
NA
CVE-2007-3319
The Avaya 4602SW IP Phone (Model 4602D02A) with 2.2.2 and previous versions SIP firmware does not use the cnonce parameter in the Authorization header of SIP requests during MD5 digest authentication, which allows remote malicious users to conduct man-in-the-middle attacks and hi...
Avaya 4602sw Ip Phone R2.2
NA
CVE-2007-3946
mod_auth (http_auth.c) in lighttpd prior to 1.4.16 allows remote malicious users to cause a denial of service (daemon crash) via unspecified vectors involving (1) a memory leak, (2) use of md5-sess without a cnonce, (3) base64 encoded strings, and (4) trailing whitespace in the A...
Lighttpd Lighttpd
NA
CVE-2012-1184
Stack-based buffer overflow in the ast_parse_digest function in main/utils.c in Asterisk 1.8.x prior to 1.8.10.1 and 10.x prior to 10.2.1 allows remote malicious users to cause a denial of service (crash) or possibly execute arbitrary code via a long string in an HTTP Digest Auth...
Digium Asterisk 1.8.0
Digium Asterisk 1.8.2.2
Digium Asterisk 1.8.2.1
Digium Asterisk 1.8.3
Digium Asterisk 1.8.3.2
Digium Asterisk 1.8.4.1
Digium Asterisk 1.8.4.3
Digium Asterisk 1.8.6.0
Digium Asterisk 1.8.8.0
Digium Asterisk 1.8.9.3
Digium Asterisk 1.8.9.0
Digium Asterisk 1.8.10.0
Digium Asterisk 1.8.3.3
Digium Asterisk 1.8.4
Digium Asterisk 1.8.5
Digium Asterisk 1.8.5.0
Digium Asterisk 1.8.7.0
Digium Asterisk 1.8.7.1
Digium Asterisk 1.8.8.2
Digium Asterisk 1.8.9.1
Digium Asterisk 1.8.2.3
Digium Asterisk 1.8.3.1
1 EDB exploit
8.1
CVSSv3
CVE-2018-8715
The Embedthis HTTP library, and Appweb versions prior to 7.0.3, have a logic flaw related to the authCondition function in http/httpLib.c. With a forged HTTP request, it is possible to bypass authentication for the form and digest login types.
Embedthis Appweb
3 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »