Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
digest vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2021-24020
A missing cryptographic step in the implementation of the hash digest algorithm in FortiMail 6.4.0 up to and including 6.4.4, and 6.2.0 up to and including 6.2.7 may allow an unauthenticated malicious user to tamper with signed URLs by appending further data which allows bypass o...
Fortinet Fortimail
NA
CVE-2022-23546
In version 2.9.0.beta14 of Discourse, an open-source discussion platform, maliciously embedded urls can leak an admin's digest of recent topics, possibly exposing private information. A patch is available for version 2.9.0.beta15. There are no known workarounds for this issu...
Discourse Discourse 2.9.0
Discourse Discourse
828
VMScore
CVE-2015-8892
platform/msm_shared/boot_verifier.c in the Qualcomm components in Android prior to 2016-07-05 on Nexus 5X and 6P devices allows malicious users to bypass intended access restrictions via a digest with trailing data, aka Android internal bug 28822807 and Qualcomm internal bug CR90...
Google Android
445
VMScore
CVE-2014-2212
The remember me feature in portal/scr_authentif.php in POSH (aka Posh portal or Portaneo) 3.0, 3.2.1, 3.3.0, and previous versions stores the username and MD5 digest of the password in cleartext in a cookie, which allows malicious users to obtain sensitive information by reading ...
Posh Project Posh 3.0
Posh Project Posh 2.3
Posh Project Posh 2.2.1
Posh Project Posh 2.2
Posh Project Posh 2.1
Posh Project Posh 2.2.3
Posh Project Posh 3.0.1
Posh Project Posh 3.0.3
Posh Project Posh 3.2.1
Posh Project Posh 3.0.4
Posh Project Posh 2.0
Posh Project Posh 3.1.0
Posh Project Posh
Posh Project Posh 1.5
Posh Project Posh 1.3.0
Posh Project Posh 1.1.0
Posh Project Posh 1.5.1
Posh Project Posh 1.4.2
Posh Project Posh 1.3.2
Posh Project Posh 3.1.1
Posh Project Posh 3.0.2
Posh Project Posh 3.1.2
445
VMScore
CVE-2014-8179
Docker Engine prior to 1.8.3 and CS Docker Engine prior to 1.6.2-CS7 does not properly validate and extract the manifest object from its JSON representation during a pull, which allows malicious users to inject new attributes in a JSON object and bypass pull-by-digest validation.
Docker Cs Engine
Docker Docker
Opensuse Opensuse 13.2
NA
CVE-2024-37032
Ollama prior to 0.1.34 does not validate the format of the digest (sha256 with 64 hex digits) when getting the model path, and thus mishandles the TestGetBlobsPath test cases such as fewer than 64 hex digits, more than 64 hex digits, or an initial ../ substring.
570
VMScore
CVE-2007-3946
mod_auth (http_auth.c) in lighttpd prior to 1.4.16 allows remote malicious users to cause a denial of service (daemon crash) via unspecified vectors involving (1) a memory leak, (2) use of md5-sess without a cnonce, (3) base64 encoded strings, and (4) trailing whitespace in the A...
Lighttpd Lighttpd
668
VMScore
CVE-2007-3319
The Avaya 4602SW IP Phone (Model 4602D02A) with 2.2.2 and previous versions SIP firmware does not use the cnonce parameter in the Authorization header of SIP requests during MD5 digest authentication, which allows remote malicious users to conduct man-in-the-middle attacks and hi...
Avaya 4602sw Ip Phone R2.2
755
VMScore
CVE-2012-1184
Stack-based buffer overflow in the ast_parse_digest function in main/utils.c in Asterisk 1.8.x prior to 1.8.10.1 and 10.x prior to 10.2.1 allows remote malicious users to cause a denial of service (crash) or possibly execute arbitrary code via a long string in an HTTP Digest Auth...
Digium Asterisk 1.8.0
Digium Asterisk 1.8.2.2
Digium Asterisk 1.8.2.1
Digium Asterisk 1.8.3
Digium Asterisk 1.8.3.2
Digium Asterisk 1.8.4.1
Digium Asterisk 1.8.4.3
Digium Asterisk 1.8.6.0
Digium Asterisk 1.8.8.0
Digium Asterisk 1.8.9.3
Digium Asterisk 1.8.9.0
Digium Asterisk 1.8.10.0
Digium Asterisk 1.8.3.3
Digium Asterisk 1.8.4
Digium Asterisk 1.8.5
Digium Asterisk 1.8.5.0
Digium Asterisk 1.8.7.0
Digium Asterisk 1.8.7.1
Digium Asterisk 1.8.8.2
Digium Asterisk 1.8.9.1
Digium Asterisk 1.8.2.3
Digium Asterisk 1.8.3.1
1 EDB exploit
606
VMScore
CVE-2018-8715
The Embedthis HTTP library, and Appweb versions prior to 7.0.3, have a logic flaw related to the authCondition function in http/httpLib.c. With a forged HTTP request, it is possible to bypass authentication for the form and digest login types.
Embedthis Appweb
3 Github repositories
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »