Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
digest vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2018-8715
The Embedthis HTTP library, and Appweb versions prior to 7.0.3, have a logic flaw related to the authCondition function in http/httpLib.c. With a forged HTTP request, it is possible to bypass authentication for the form and digest login types.
Embedthis Appweb
3 Github repositories
3.5
CVSSv2
CVE-2015-1619
Cross-site scripting (XSS) vulnerability in the Secure Web Mail Client user interface in McAfee Email Gateway (MEG) 7.6.x prior to 7.6.3.2, 7.5.x prior to 75.6, 7.0.x up to and including 7.0.5, 5.6, and previous versions allows remote authenticated users to inject arbitrary web s...
Mcafee Email Gateway 7.6.1
Mcafee Email Gateway 7.6.2
Mcafee Email Gateway 7.6.3
Mcafee Email Gateway 7.5
Mcafee Email Gateway 7.5.1
Mcafee Email Gateway 7.0
Mcafee Email Gateway 7.0.1
Mcafee Email Gateway 7.0.2
Mcafee Email Gateway 7.0.3
Mcafee Email Gateway 7.6
Mcafee Email Gateway 7.5.3
Mcafee Email Gateway 7.5.5
Mcafee Email Gateway 7.0.4
Mcafee Email Gateway
Mcafee Email Gateway 7.5.2
Mcafee Email Gateway 7.5.4
Mcafee Email Gateway 7.0.5
5
CVSSv2
CVE-2011-5062
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x prior to 5.5.34, 6.x prior to 6.0.33, and 7.x prior to 7.0.12 does not check qop values, which might allow remote malicious users to bypass intended integrity-protection requirements via a qop=auth value,...
Apache Tomcat 5.5.27
Apache Tomcat 5.5.18
Apache Tomcat 5.5.12
Apache Tomcat 5.5.14
Apache Tomcat 5.5.10
Apache Tomcat 5.5.4
Apache Tomcat 5.5.7
Apache Tomcat 5.5.1
Apache Tomcat 5.5.11
Apache Tomcat 5.5.28
Apache Tomcat 5.5.6
Apache Tomcat 5.5.26
Apache Tomcat 5.5.20
Apache Tomcat 5.5.15
Apache Tomcat 5.5.5
Apache Tomcat 5.5.30
Apache Tomcat 5.5.21
Apache Tomcat 5.5.22
Apache Tomcat 5.5.3
Apache Tomcat 5.5.32
Apache Tomcat 5.5.31
Apache Tomcat 5.5.9
5
CVSSv2
CVE-2022-24773
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS#1 v1.5 signature verification code does not properly check `DigestInfo` for a proper ASN.1 structure. This can lead to successful verification w...
Digitalbazaar Forge
5
CVSSv2
CVE-2009-3086
A certain algorithm in Ruby on Rails 2.1.0 up to and including 2.2.2, and 2.3.x prior to 2.3.4, leaks information about the complexity of message-digest signature verification in the cookie store, which might allow remote malicious users to forge a digest via multiple attempts.
Rubyonrails Rails 2.1.1
Rubyonrails Rails 2.3.2
Rubyonrails Rails 2.1.0
Rubyonrails Rails 2.2.2
Rubyonrails Rails 2.2.0
Rubyonrails Rails 2.1.2
Rubyonrails Rails 2.2.1
Rubyonrails Rails 2.3.3
NA
CVE-2022-48686
In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: fix UAF when detecting digest errors We should also bail from the io_work loop when we set rd_enabled to true, so we don't attempt to read data from the socket when the TCP stream is already out-of...
Linux Linux Kernel
5
CVSSv2
CVE-2021-33900
While investigating DIRSTUDIO-1219 it was noticed that configured StartTLS encryption was not applied when any SASL authentication mechanism (DIGEST-MD5, GSSAPI) was used. While investigating DIRSTUDIO-1220 it was noticed that any configured SASL confidentiality layer was not app...
Apache Directory Studio 2.0.0
Apache Directory Studio
7.5
CVSSv2
CVE-2010-4300
Heap-based buffer overflow in the dissect_ldss_transfer function (epan/dissectors/packet-ldss.c) in the LDSS dissector in Wireshark 1.2.0 up to and including 1.2.12 and 1.4.0 up to and including 1.4.1 allows remote malicious users to cause a denial of service (crash) and possibly...
Wireshark Wireshark 1.2.9
Wireshark Wireshark 1.2.10
Wireshark Wireshark 1.2.6
Wireshark Wireshark 1.2.1
Wireshark Wireshark 1.2.3
Wireshark Wireshark 1.2.4
Wireshark Wireshark 1.2.12
Wireshark Wireshark 1.4.0
Wireshark Wireshark 1.2.0
Wireshark Wireshark 1.2.7
Wireshark Wireshark 1.4.1
Wireshark Wireshark 1.2.8
Wireshark Wireshark 1.2.5
Wireshark Wireshark 1.2.2
Wireshark Wireshark 1.2.11
1 EDB exploit
6
CVSSv2
CVE-2020-11061
In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow allows a malicious client to corrupt the director's memory via oversized digest strings sent during initialization of a verify job. Disabling verify jobs mitigates the problem. This...
Bareos Bareos
Bareos Bareos 18.2.4
Debian Debian Linux 9.0
4
CVSSv2
CVE-2021-41190
The OCI Distribution Spec project defines an API protocol to facilitate and standardize the distribution of content. In the OCI Distribution Specification version 1.0.0 and prior, the Content-Type header alone was used to determine the type of document during push and pull operat...
Linuxfoundation Open Container Initiative Image Format Specification
Linuxfoundation Open Container Initiative Distribution Specification
Fedoraproject Fedora 34
Fedoraproject Fedora 35
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »