Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
acl vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2019-12254
In multiple Tecson Tankspion and GOKs SmartBox 4 products the affected application doesn't properly restrict access to an endpoint that is responsible for saving settings, to a unauthenticated user with limited access rights. Based on the lack of adequately implemented acces...
Gok Smartbox 4 Lan Firmware
Gok Smartbox 4 Lan Pro Firmware
Tecson Lx-q-net Firmware
Tecson Lx-net Firmware
Tecson E-litro Net Firmware
10
CVSSv2
CVE-2020-8010
CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains an improper ACL handling vulnerability in the robot (controller) component. A remote attacker can execute commands, read from, or write to the target system.
Broadcom Unified Infrastructure Management
Broadcom Unified Infrastructure Management 20.1
1 Github repository
10
CVSSv2
CVE-2019-10509
Device record of the pairing device used after free during ACL disconnection in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W, MSM...
Qualcomm Msm8909w Firmware -
Qualcomm Msm8996au Firmware -
Qualcomm Qca6574au Firmware -
Qualcomm Qcs405 Firmware -
Qualcomm Qcs605 Firmware -
Qualcomm Sd 425 Firmware -
Qualcomm Sd 427 Firmware -
Qualcomm Sd 430 Firmware -
Qualcomm Sd 435 Firmware -
Qualcomm Sd 439 Firmware -
Qualcomm Sd 429 Firmware -
Qualcomm Sd 450 Firmware -
Qualcomm Sd 625 Firmware -
Qualcomm Sd 632 Firmware -
Qualcomm Sd 636 Firmware -
Qualcomm Sd 665 Firmware -
Qualcomm Sd 675 Firmware -
Qualcomm Sd 712 Firmware -
Qualcomm Sd 710 Firmware -
Qualcomm Sd 670 Firmware -
Qualcomm Sd 730 Firmware -
Qualcomm Sd 820 Firmware -
2 Articles
10
CVSSv2
CVE-2017-12786
Network interfaces of the cliengine and noviengine services, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, can be inadvertently exposed if an operator attempts to modify ACLs, because of a bug when ACL modifications are appli...
Noviflow Noviware
1 EDB exploit
10
CVSSv2
CVE-2017-12787
A network interface of the novi_process_manager_daemon service, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, can be inadvertently exposed if an operator attempts to modify ACLs, because of a bug when ACL modifications are ap...
Noviflow Noviware
1 EDB exploit
10
CVSSv2
CVE-2016-3955
The usbip_recv_xbuff function in drivers/usb/usbip/usbip_common.c in the Linux kernel prior to 4.5.3 allows remote malicious users to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted length value in a USB/IP packet.
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 15.10
Canonical Ubuntu Linux 14.04
Linux Linux Kernel
Debian Debian Linux 8.0
1 Github repository
10
CVSSv2
CVE-2012-2974
The web interface on the SMC SMC8024L2 switch allows remote malicious users to bypass authentication and obtain administrative access via a direct request to a .html file under (1) status/, (2) system/, (3) ports/, (4) trunks/, (5) vlans/, (6) qos/, (7) rstp/, (8) dot1x/, (9) sec...
Smc Smc8024l2 Switch
10
CVSSv2
CVE-2007-2815
The "hit-highlighting" functionality in webhits.dll in Microsoft Internet Information Services (IIS) Web Server 5.0 only uses Windows NT ACL configuration, which allows remote malicious users to bypass NTLM and basic authentication mechanisms and access private web dire...
Microsoft Internet Information Services 5.0
1 EDB exploit
10
CVSSv2
CVE-2005-2700
ssl_engine_kernel.c in mod_ssl prior to 2.8.24, when using "SSLVerifyClient optional" in the global virtual host configuration, does not properly enforce "SSLVerifyClient require" in a per-location context, which allows remote malicious users to bypass intende...
Apache Http Server
Debian Debian Linux 3.1
Debian Debian Linux 3.0
Canonical Ubuntu Linux 4.10
Canonical Ubuntu Linux 5.04
10
CVSSv2
CVE-2005-0194
Squid 2.5, when processing the configuration file, parses empty Access Control Lists (ACLs), including proxy_auth ACLs without defined auth schemes, in a way that effectively removes arguments, which could allow remote malicious users to bypass intended ACLs if the administrator ...
Squid Squid 2.0.release
Squid Squid 2.1.patch1
Squid Squid 2.2.pre1
Squid Squid 2.2.pre2
Squid Squid 2.3.devel3
Squid Squid 2.3.stable1
Squid Squid 2.4.stable3
Squid Squid 2.4.stable4
Squid Squid 2.5.stable6
Squid Squid 2.0.patch2
Squid Squid 2.0.pre1
Squid Squid 2.1.release
Squid Squid 2.2.devel3
Squid Squid 2.2.devel4
Squid Squid 2.2.stable5
Squid Squid 2.3.devel2
Squid Squid 2.4.stable1
Squid Squid 2.4.stable2
Squid Squid 2.5.stable4
Squid Squid 2.5.stable5
Squid Squid 2.1.patch2
Squid Squid 2.1.pre1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »