Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
reflection vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2015-2984
I-O DATA DEVICE WN-G54/R2 routers with firmware prior to 1.03 and NP-BBRS routers allow remote malicious users to cause a denial of service (SSDP reflection) via UPnP requests.
Iodata Wn-g54\\/r2 Firmware
5
CVSSv2
CVE-2013-5211
The monlist feature in ntp_request.c in ntpd in NTP prior to 4.2.7p26 allows remote malicious users to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013.
Opensuse Opensuse 11.4
Ntp Ntp 4.2.7
Ntp Ntp
Oracle Linux 6
Oracle Linux 7
1 EDB exploit
9 Github repositories
5
CVSSv2
CVE-2011-2483
crypt_blowfish prior to 1.1, as used in PHP prior to 5.3.7 on certain platforms, PostgreSQL prior to 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent malicious users to determine a cleartext password by leveraging k...
Php Php
Postgresql Postgresql
Openwall Crypt Blowfish
1 Github repository
5
CVSSv2
CVE-2011-3182
PHP prior to 5.3.7 does not properly check the return values of the malloc, calloc, and realloc library functions, which allows context-dependent malicious users to cause a denial of service (NULL pointer dereference and application crash) or trigger a buffer overflow by leveragi...
Php Php 4.3.3
Php Php 4.3.6
Php Php 4.4.6
Php Php 4.4.7
Php Php 4.3.9
Php Php 5.2.8
Php Php 4.4.0
Php Php 5.0.4
Php Php 5.2.9
Php Php 5.0.0
Php Php 5.1.6
Php Php 5.2.0
Php Php 2.0b10
Php Php 2.0
Php Php 3.0.11
Php Php 3.0.10
Php Php 3.0.3
Php Php 3.0.15
Php Php 3.0.7
Php Php 3.0.8
Php Php 4.0
Php Php 4.0.6
1 EDB exploit
4.3
CVSSv2
CVE-2020-26558
Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 up to and including 5.2 may permit a nearby man-in-the-middle malicious user to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the au...
Bluetooth Bluetooth Core Specification
Fedoraproject Fedora 34
Debian Debian Linux 9.0
Linux Linux Kernel
Intel Ax210 Firmware -
Intel Ax201 Firmware -
Intel Ax200 Firmware -
Intel Ac 9560 Firmware -
Intel Ac 9462 Firmware -
Intel Ac 9461 Firmware -
Intel Ac 9260 Firmware -
Intel Ac 8265 Firmware -
Intel Ac 8260 Firmware -
Intel Ac 3168 Firmware -
Intel Ac 7265 Firmware -
Intel Ac 3165 Firmware -
Intel Ax1675 Firmware -
Intel Ax1650 Firmware -
Intel Ac 1550 Firmware -
4.3
CVSSv2
CVE-2020-8160
MendixSSO <= 2.1.1 contains endpoints that make use of the openid handler, which is suffering from a Cross-Site Scripting vulnerability via the URL path. This is caused by the reflection of user-supplied data without appropriate HTML escaping or output encoding. As a result, a...
Mendix Mendixsso
4.3
CVSSv2
CVE-2020-4038
GraphQL Playground (graphql-playground-html NPM package) before version 1.6.22 have a severe XSS Reflection attack vulnerability. All unsanitized user input passed into renderPlaygroundPage() method could trigger this vulnerability. This has been patched in graphql-playground-htm...
Prisma Graphql-playground-html
Prisma Graphql-playground-middleware-express
Prisma Graphql-playground-middleware-hapi
Prisma Graphql-playground-middleware-koa
Prisma Graphql-playground-middleware-lambda
4 Github repositories
4.3
CVSSv2
CVE-2020-8617
Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server. Since BIND, by default, configures a local session key even on servers whos...
Isc Bind
Isc Bind 9.12.4
Isc Bind 9.11.7
Isc Bind 9.11.3
Isc Bind 9.11.6
Isc Bind 9.10.5
Isc Bind 9.11.5
Isc Bind 9.9.3
Isc Bind 9.10.7
Isc Bind 9.11.8
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Opensuse Leap 15.1
Opensuse Leap 15.2
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 19.10
Canonical Ubuntu Linux 20.04
Canonical Ubuntu Linux 16.04
3 Github repositories
4.3
CVSSv2
CVE-2019-5286
There is a reflection XSS vulnerability in the HedEx products. Remote attackers send malicious links to users and trick users to click. Successfully exploit cloud allow the malicious user to initiate XSS attacks. Affects HedEx Lite versions earlier than V200R006C00SPC007.
Huawei Hedex Lite
4.3
CVSSv2
CVE-2019-9494
The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password...
W1.fi Hostapd
W1.fi Wpa Supplicant
Fedoraproject Fedora 28
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Opensuse Leap 15.1
Opensuse Backports Sle 15.0
Synology Radius Server 3.0
Synology Router Manager
Freebsd Freebsd 11.2
Freebsd Freebsd 12.0
1 Article
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »