client side vulnerabilities and exploits

10
CVSSv2
CVE-2017-8864

Client-side enforcement using JavaScript of server-side security options on the Cohu 3960HD allows an attacker to manipulate options sent to the camera and cause malfunction or code execution, as demonstrated by a client-side "if (!passwordsAreEqual())" test....

NA
CVE-2019-12421

When using an authentication mechanism other than PKI, when the user clicks Log Out in NiFi versions 1.0.0 to 1.9.2, NiFi invalidates the authentication token on the client side but not on the server side. This permits the user's client-side token to be used for up to 12...

6.8
CVSSv2
CVE-2017-14013

A Client-Side Enforcement of Server-Side Security issue was discovered in ProMinent MultiFLEX M10a Controller web interface. The log out function in the application removes the user's session only on the client side. This may allow an attacker to bypass protection...

6.8
CVSSv2
CVE-2014-3466

Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a long session id in a...

GnuGnutls
10
CVSSv2
CVE-2018-16590

FURUNO FELCOM 250 and 500 devices use only client-side JavaScript in login.js for authentication....

3.6
CVSSv2
CVE-2019-4133

IBM Cloud Automation Manager 3.1.2 could allow a malicious user on the client side (with access to client computer) to run a custom script. IBM X-Force ID: 158278....

4.3
CVSSv2
CVE-2018-12705

DIGISOL DG-BR4000NG devices have XSS via the SSID (it is validated only on the client side)....

DigisolDg-br4000ng Firmware
7.5
CVSSv2
CVE-2003-0685

Buffer overflow in Netris 0.52 and earlier, and possibly other versions, allows remote malicious Netris servers to execute arbitrary code on netris clients via a long server response....

4.3
CVSSv2
CVE-2011-2800

Google Chrome before 13.0.782.107 allows remote attackers to obtain potentially sensitive information about client-side redirect targets via a crafted web site....

4.3
CVSSv2
CVE-2017-3150

Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating use cookies that could be accessible to client-side script....