Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
client side vulnerabilities and exploits
(subscribe to this query)
570
VMScore
CVE-2020-9482
If NiFi Registry 0.1.0 to 0.5.0 uses an authentication mechanism other than PKI, when the user clicks Log Out, NiFi Registry invalidates the authentication token on the client side but not on the server side. This permits the user's client-side token to be used for up to 12 ...
Apache Nifi Registry
750
VMScore
CVE-2017-17428
Cavium Nitrox SSL, Nitrox V SSL, and TurboSSL software development kits (SDKs) allow remote malicious users to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack.
Cavium Octeon Sdk
Cavium Nitrox V Ssl Sdk
Cavium Nitrox Ssl Sdk
Cavium Octeon Ssl Sdk
Cavium Turbossl Sdk
Cisco Webex Meetings T31
Cisco Webex Conect Im 7.24.1
Cisco Webex Meetings T32
Cisco Ace4710 Application Control Engine Firmware 3.0\\(0\\)a5\\(3.0\\)
Cisco Ace4710 Application Control Engine Firmware 3.0\\(0\\)a5\\(3.5\\)
Cisco Ace4710 Application Control Engine Firmware 3.0\\(0\\)a5\\(2.0\\)
Cisco Ace30 Application Control Engine Module Firmware 3.0\\(0\\)a5\\(3.0\\)
Cisco Ace30 Application Control Engine Module Firmware 3.0\\(0\\)a5\\(3.5\\)
Cisco Ace30 Application Control Engine Module Firmware 3.0\\(0\\)a5\\(2.0\\)
Cisco Adaptive Security Appliance 5520 Firmware 9.1\\(7.16\\)
Cisco Adaptive Security Appliance 5540 Firmware 9.1\\(7.16\\)
Cisco Adaptive Security Appliance 5550 Firmware 9.1\\(7.16\\)
Cisco Adaptive Security Appliance 5510 Firmware 9.1\\(7.16\\)
Cisco Adaptive Security Appliance 5505 Firmware 9.1\\(7.16\\)
591
VMScore
CVE-2019-6111
An issue exists in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are...
Openbsd Openssh
Winscp Winscp
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux Eus 8.1
Redhat Enterprise Linux Eus 8.2
Redhat Enterprise Linux Server Tus 8.2
Redhat Enterprise Linux Server Aus 8.2
Redhat Enterprise Linux Server Tus 8.4
Redhat Enterprise Linux Eus 8.4
Redhat Enterprise Linux Server Aus 8.4
Redhat Enterprise Linux Server Aus 8.6
Redhat Enterprise Linux Server Tus 8.6
Redhat Enterprise Linux Eus 8.6
Fedoraproject Fedora 30
Apache Mina Sshd 2.2.0
2 EDB exploits
3 Github repositories
1 Article
NA
CVE-2023-0581
The PrivateContent plugin for WordPress is vulnerable to protection mechanism bypass due to the use of client side validation in versions up to, and including, 8.4.3. This is due to the plugin checking if an IP had been blocklist via client-side scripts rather than server-side. T...
Lcweb Privatecontent
NA
CVE-2023-36535
Client-side enforcement of server-side security in Zoom clients prior to 5.14.10 may allow an authenticated user to enable information disclosure via network access.
Zoom Zoom
Zoom Virtual Desktop Infrastructure
Zoom Rooms
NA
CVE-2023-39218
Client-side enforcement of server-side security in Zoom clients prior to 5.14.10 may allow a privileged user to enable information disclosure via network access.
Zoom Zoom
Zoom Virtual Desktop Infrastructure
Zoom Rooms
1000
VMScore
CVE-2006-0230
Symantec Scan Engine 5.0.0.24, and possibly other versions prior to 5.1.0.7, uses a client-side check to verify a password, which allows remote malicious users to gain administrator privileges via a modified client that sends certain XML requests.
Symantec Antivirus Scan Engine 5.0.0.24
1 EDB exploit
505
VMScore
CVE-2017-3730
In OpenSSL 1.1.0 prior to 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. This could be exploited in a Denial of Service attack.
Openssl Openssl 1.1.0c
Openssl Openssl 1.1.0
Openssl Openssl 1.1.0b
Openssl Openssl 1.1.0a
Oracle Agile Engineering Data Management 6.2.0
Oracle Jd Edwards World Security A9.2
Oracle Communications Eagle Lnp Application Processor 10.1
Oracle Communications Application Session Controller 3.7.1
Oracle Jd Edwards World Security A9.4
Oracle Jd Edwards Enterpriseone Tools 9.2
Oracle Communications Operations Monitor 3.4
Oracle Communications Operations Monitor 4.0
Oracle Agile Engineering Data Management 6.1.3
Oracle Jd Edwards World Security A9.1
Oracle Jd Edwards World Security A9.3
Oracle Communications Eagle Lnp Application Processor 10.0
Oracle Communications Eagle Lnp Application Processor 10.2
Oracle Communications Application Session Controller 3.8.0
1 EDB exploit
1 Github repository
1 Article
641
VMScore
CVE-2020-17024
Windows Client Side Rendering Print Provider Elevation of Privilege Vulnerability
Microsoft Windows Server 2012 R2
Microsoft Windows 10 1607
Microsoft Windows 8.1 -
Microsoft Windows Server 2016 -
Microsoft Windows Rt 8.1 -
Microsoft Windows Server 2012
Microsoft Windows 10 -
Microsoft Windows 10 1803
Microsoft Windows Server 2019 -
Microsoft Windows 10 1809
Microsoft Windows Server 2016 1903
Microsoft Windows 10 1903
Microsoft Windows Server 2016 1909
Microsoft Windows 10 1909
Microsoft Windows 10 2004
Microsoft Windows Server 2016 2004
Microsoft Windows 10 20h2
Microsoft Windows Server 2016 20h2
578
VMScore
CVE-2021-45891
An issue exists in Softwarebuero Zauner ARC 4.2.0.4., that allows malicious users to escalate privileges within the application, since all permission checks are done client-side, not server-side.
Zauner Arc 4.2.0.4
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
administrator privileges
CVE-2024-1579
hardcoded
CVE-2023-20198
CVE-2024-33587
CVE-2024-33449
CVE-2024-4308
HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »