Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
client side vulnerabilities and exploits
(subscribe to this query)
1000
VMScore
CVE-2002-0005
Buffer overflow in AOL Instant Messenger (AIM) 4.7.2480, 4.8.2616, and other versions allows remote malicious users to execute arbitrary code via a long argument in a game request (AddGame).
Aol Instant Messenger 4.5
Aol Instant Messenger 4.3
Aol Instant Messenger 4.6
Aol Instant Messenger 4.3.2229
Aol Instant Messenger 4.8.2616
Aol Instant Messenger 4.7
Aol Instant Messenger 4.7.2480
Aol Instant Messenger 4.4
1 EDB exploit
591
VMScore
CVE-2019-6111
An issue exists in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are...
Openbsd Openssh
Winscp Winscp
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux Eus 8.1
Redhat Enterprise Linux Eus 8.2
Redhat Enterprise Linux Server Tus 8.2
Redhat Enterprise Linux Server Aus 8.2
Redhat Enterprise Linux Server Tus 8.4
Redhat Enterprise Linux Eus 8.4
Redhat Enterprise Linux Server Aus 8.4
Redhat Enterprise Linux Server Aus 8.6
Redhat Enterprise Linux Server Tus 8.6
Redhat Enterprise Linux Eus 8.6
Fedoraproject Fedora 30
Apache Mina Sshd 2.2.0
2 EDB exploits
3 Github repositories
1 Article
NA
CVE-2024-32512
Client-Side Enforcement of Server-Side Security vulnerability in weForms allows Removing Important Client Functionality.This issue affects weForms: from n/a up to and including 1.6.20.
890
VMScore
CVE-2017-8864
Client-side enforcement using JavaScript of server-side security options on the Cohu 3960HD allows an malicious user to manipulate options sent to the camera and cause malfunction or code execution, as demonstrated by a client-side "if (!passwordsAreEqual())" test.
Cohuhd 3960hd Firmware -
NA
CVE-2024-32521
Client-Side Enforcement of Server-Side Security vulnerability in Highfivery LLC Zero Spam allows Removing Important Client Functionality.This issue affects Zero Spam: from n/a up to and including 5.5.6.
NA
CVE-2023-42787
A client-side enforcement of server-side security [CWE-602] vulnerability in Fortinet FortiManager version 7.4.0 and prior to 7.2.3 and FortiAnalyzer version 7.4.0 and prior to 7.2.3 may allow a remote attacker with low privileges to access a privileged web console via client sid...
Fortinet Fortianalyzer
Fortinet Fortimanager
Fortinet Fortianalyzer 7.4.0
Fortinet Fortimanager 7.4.0
668
VMScore
CVE-2021-43355
Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 allows user input to be validated on the client side without authentication by the server. The server should not rely on the correctness of the data because users might not support or block JavaScript or...
Fresenius-kabi Vigilant Centerium 1.0
Fresenius-kabi Vigilant Mastermed 1.0
Fresenius-kabi Vigilant Insight 1.0
Fresenius-kabi Agilia Partner Maintenance Software
Fresenius-kabi Agilia Connect Firmware
Fresenius-kabi Link+ Agilia Firmware
Fresenius-kabi Link+ Agilia Firmware 3.0
605
VMScore
CVE-2017-14013
A Client-Side Enforcement of Server-Side Security issue exists in ProMinent MultiFLEX M10a Controller web interface. The log out function in the application removes the user's session only on the client side. This may allow an malicious user to bypass protection mechanisms, ...
Prominent Multiflex M10a Controller Firmware
578
VMScore
CVE-2019-12421
When using an authentication mechanism other than PKI, when the user clicks Log Out in NiFi versions 1.0.0 to 1.9.2, NiFi invalidates the authentication token on the client side but not on the server side. This permits the user's client-side token to be used for up to 12 hou...
Apache Nifi
750
VMScore
CVE-2017-17428
Cavium Nitrox SSL, Nitrox V SSL, and TurboSSL software development kits (SDKs) allow remote malicious users to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack.
Cavium Nitrox V Ssl Sdk
Cavium Nitrox Ssl Sdk
Cavium Turbossl Sdk
Cavium Octeon Ssl Sdk
Cavium Octeon Sdk
Cisco Webex Meetings T31
Cisco Webex Meetings T32
Cisco Webex Conect Im 7.24.1
Cisco Ace4710 Application Control Engine Firmware 3.0(0)a5(2.0)
Cisco Ace4710 Application Control Engine Firmware 3.0(0)a5(3.0)
Cisco Ace4710 Application Control Engine Firmware 3.0(0)a5(3.5)
Cisco Ace30 Application Control Engine Module Firmware 3.0(0)a5(2.0)
Cisco Ace30 Application Control Engine Module Firmware 3.0(0)a5(3.0)
Cisco Ace30 Application Control Engine Module Firmware 3.0(0)a5(3.5)
Cisco Adaptive Security Appliance 5520 Firmware 9.1(7.16)
Cisco Adaptive Security Appliance 5540 Firmware 9.1(7.16)
Cisco Adaptive Security Appliance 5550 Firmware 9.1(7.16)
Cisco Adaptive Security Appliance 5510 Firmware 9.1(7.16)
Cisco Adaptive Security Appliance 5505 Firmware 9.1(7.16)
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »