Total
462 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-2309 | 1 Irz | 1 Ruh2 | 2025-04-12 | 8.0 HIGH | 7.2 HIGH |
| iRZ RUH2 before 2b does not validate firmware patches, which allows remote authenticated users to modify data or cause a denial of service via unspecified vectors. | |||||
| CVE-2014-2718 | 2 Asus, T-mobile | 10 Rt-ac56r, Rt-ac66r, Rt-ac66u and 7 more | 2025-04-12 | 7.1 HIGH | N/A |
| ASUS RT-AC68U, RT-AC66R, RT-AC66U, RT-AC56R, RT-AC56U, RT-N66R, RT-N66U, RT-N56R, RT-N56U, and possibly other RT-series routers before firmware 3.0.0.4.376.x do not verify the integrity of firmware (1) update information or (2) downloaded updates, which allows man-in-the-middle (MITM) attackers to execute arbitrary code via a crafted image. | |||||
| CVE-2016-2346 | 1 Allroundautomations | 1 Pl\/sql Developer | 2025-04-12 | 6.8 MEDIUM | 8.1 HIGH |
| Allround Automations PL/SQL Developer 11 before 11.0.6 relies on unverified HTTP data for updates, which allows man-in-the-middle attackers to execute arbitrary code by modifying fields in the client-server data stream. | |||||
| CVE-2016-3677 | 1 Huawei | 2 Hilink App, Wear App | 2025-04-12 | 6.8 MEDIUM | 6.5 MEDIUM |
| The Huawei Wear App application before 15.0.0.307 for Android does not validate SSL certificates, which allows local users to have unspecified impact via unknown vectors, aka HWPSIRT-2016-03008. | |||||
| CVE-2014-5406 | 1 Hospira | 3 Lifecare Pca3, Lifecare Pca5, Lifecare Pcainfusion Firmware | 2025-04-12 | 9.3 HIGH | N/A |
| The Hospira LifeCare PCA Infusion System before 7.0 does not validate network traffic associated with sending a (1) drug library, (2) software update, or (3) configuration change, which allows remote attackers to modify settings or medication data via packets on the (a) TELNET, (b) HTTP, (c) HTTPS, or (d) UPNP port. NOTE: this issue might overlap CVE-2015-3459. | |||||
| CVE-2015-8254 | 1 Rsi Video Technologies | 1 Frontel Protocol | 2025-04-12 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Frontel protocol before 3 on RSI Video Technologies Videofied devices does not use integrity protection, which makes it easier for man-in-the-middle attackers to (1) initiate a false alarm or (2) deactivate an alarm by modifying the client-server data stream. | |||||
| CVE-2014-4883 | 1 Lwip Project | 1 Lwip | 2025-04-12 | 4.3 MEDIUM | N/A |
| resolv.c in the DNS resolver in uIP, and dns.c in the DNS resolver in lwIP 1.4.1 and earlier, does not use random values for ID fields and source ports of DNS query packets, which makes it easier for man-in-the-middle attackers to conduct cache-poisoning attacks via spoofed reply packets. | |||||
| CVE-2016-4554 | 3 Canonical, Oracle, Squid-cache | 3 Ubuntu Linux, Linux, Squid | 2025-04-12 | 5.0 MEDIUM | 8.6 HIGH |
| mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin restrictions and possibly conduct cache-poisoning attacks via a crafted HTTP Host header, aka a "header smuggling" issue. | |||||
| CVE-2013-7397 | 2 Async-http-client Project, Redhat | 2 Async-http-client, Jboss Fuse | 2025-04-12 | 4.3 MEDIUM | N/A |
| Async Http Client (aka AHC or async-http-client) before 1.9.0 skips X.509 certificate verification unless both a keyStore location and a trustStore location are explicitly set, which allows man-in-the-middle attackers to spoof HTTPS servers by presenting an arbitrary certificate during use of a typical AHC configuration, as demonstrated by a configuration that does not send client certificates. | |||||
| CVE-2016-1493 | 1 Intel | 1 Driver Update Utility | 2025-04-12 | 7.6 HIGH | 7.5 HIGH |
| Intel Driver Update Utility before 2.4 retrieves driver updates in cleartext, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted file. | |||||
| CVE-2016-3983 | 1 Mcafee | 1 Advanced Threat Defense | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| McAfee Advanced Threat Defense (ATD) before 3.4.8.178 might allow remote attackers to bypass malware detection by leveraging information about the parent process. | |||||
| CVE-2016-4553 | 3 Canonical, Oracle, Squid-cache | 3 Ubuntu Linux, Linux, Squid | 2025-04-12 | 5.0 MEDIUM | 8.6 HIGH |
| client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host header when absolute-URI is provided, which allows remote attackers to conduct cache-poisoning attacks via an HTTP request. | |||||
| CVE-2015-0251 | 5 Apache, Apple, Opensuse and 2 more | 9 Subversion, Xcode, Opensuse and 6 more | 2025-04-12 | 4.0 MEDIUM | N/A |
| The mod_dav_svn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 through 1.8.11 allows remote authenticated users to spoof the svn:author property via a crafted v1 HTTP protocol request sequences. | |||||
| CVE-2015-7539 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-04-12 | 7.6 HIGH | 7.5 HIGH |
| The Plugins Manager in Jenkins before 1.640 and LTS before 1.625.2 does not verify checksums for plugin files referenced in update site data, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted plugin. | |||||
| CVE-2021-26396 | 1 Amd | 48 Epyc 7003, Epyc 7003 Firmware, Epyc 72f3 and 45 more | 2025-04-09 | N/A | 4.4 MEDIUM |
| Insufficient validation of address mapping to IO in ASP (AMD Secure Processor) may result in a loss of memory integrity in the SNP guest. | |||||
| CVE-2021-26403 | 1 Amd | 82 Epyc 7001, Epyc 7001 Firmware, Epyc 7002 and 79 more | 2025-04-08 | N/A | 6.5 MEDIUM |
| Insufficient checks in SEV may lead to a malicious hypervisor disclosing the launch secret potentially resulting in compromise of VM confidentiality. | |||||
| CVE-2022-46370 | 1 Maxum | 1 Rumpus | 2025-04-08 | N/A | 7.3 HIGH |
| Rumpus - FTP server version 9.0.7.1 Improper Token Verification– vulnerability may allow bypassing identity verification. | |||||
| CVE-2024-1554 | 1 Mozilla | 1 Firefox | 2025-04-02 | N/A | 9.8 CRITICAL |
| The `fetch()` API and navigation incorrectly shared the same cache, as the cache key did not include the optional headers `fetch()` may contain. Under the correct circumstances, an attacker may have been able to poison the local browser cache by priming it with a `fetch()` response controlled by the additional headers. Upon navigation to the same URL, the user would see the cached response instead of the expected response. This vulnerability affects Firefox < 123. | |||||
| CVE-2023-52546 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-28 | N/A | 7.5 HIGH |
| Vulnerability of package name verification being bypassed in the Calendar app. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2023-20570 | 1 Amd | 94 Alveo U200, Alveo U200 Firmware, Alveo U250 and 91 more | 2025-03-22 | N/A | 3.3 LOW |
| Insufficient verification of data authenticity in the configuration state machine may allow a local attacker to potentially load arbitrary bitstreams. | |||||