Lucene search
K

12 matches found

CNNVD
CNNVD
added 2026/03/17 12:0 a.m.9 views

GL-iNet Comet 安全漏洞

GL-iNet Comet is a portable, multi-functional network device developed by GL-iNet Corporation in China. There is a security vulnerability in GL-iNet Comet, which stems from the lack of certificate verification during the initialization process when connecting to the GL-iNet site. This vulnerabili...

6.3CVSS6AI score0.00332EPSS
Exploits0References3
OSV
OSV
added 2026/03/12 4:38 p.m.4 views

GHSA-XG2Q-62G2-CVCM Tinyauth's OIDC authorization codes are not bound to client on token exchange

Summary The OIDC token endpoint does not verify that the client exchanging an authorization code is the same client the code was issued to. A malicious OIDC client operator can exchange another client's authorization code using their own client credentials, obtaining tokens for users who never...

6.5CVSS5.9AI score0.0025EPSS
Exploits1References6
Snyk
Snyk
added 2024/06/06 2:26 p.m.4 views

Observable Timing Discrepancy

Overview Affected versions of this package are vulnerable to Observable Timing Discrepancy due to the handling of RSA premaster secrets when an invalid secret is received. An attacker can potentially observe timing differences by exploiting the additional processing performed when the premaster...

3.7CVSS6.9AI score
Exploits0References2
OSV
OSV
added 2020/01/27 5:15 a.m.5 views

CVE-2019-20428

In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds read and panic due to the lack of validation for specific fields of packets sent by a client. The ldlrequestcancel function mishandles a large lockcount parameter...

7.5CVSS7.1AI score0.01821EPSS
Exploits0References4
CNVD
CNVD
added 2020/01/13 12:0 a.m.2 views

Hospital Management System Cross-Site Scripting Vulnerability

Hospity is a cloud-based software for EMR maintenance in hospitals, clinics, labs, and pharmacies. A cross-site scripting vulnerability exists in Hospital Management System version 4.0, which stems from a lack of proper validation of client-side data in the WEB application and can be exploited by...

6.1CVSS6.4AI score0.00923EPSS
Exploits2References1
CNVD
CNVD
added 2019/06/28 12:0 a.m.5 views

Nippon Telegraph and Telephone Hikari Denwa Phone Home Gateway Cross-Site Scripting Vulnerability

Nippon Telegraph and Telephone Hikari Denwa Phone Home Gateway is an IP telephony service from Nippon Telegraph and Telephone for its fiber optic service subscribers. A cross-site scripting vulnerability exists in Nippon Telegraph and Telephone Hikari Denwa Phone Home Gateway. The vulnerability...

6.1CVSS6.4AI score0.0089EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:5 a.m.24 views

Security Bulletin: IBM WebSphere MQ Invalid client protocol flows could cause denial of service (CVE-2016-0379)

Summary An invalid MQ client protocol flow could cause a memory access violation on the server which could impact other channels running in the same process. Vulnerability Details CVEID: CVE-2016-0379 DESCRIPTION: IBM WebSphere MQ could allow an authenticated user with queue manager rights to cau...

3.5CVSS0.8AI score0.00811EPSS
Exploits0Affected Software1
OSV
OSV
added 2014/12/25 11:59 a.m.3 views

UBUNTU-CVE-2014-3971

The CmdAuthenticate::authenticateX509 function in db/commands/authenticationcommands.cpp in mongod in MongoDB 2.6.x before 2.6.2 allows remote attackers to cause a denial of service daemon crash by attempting authentication with an invalid X.509 client certificate...

5CVSS7.3AI score0.01455EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2012/01/06 12:0 a.m.14 views

ICCP Invalid Client Disconnect (SCADA)

Binary data 6254.prm...

7.3AI score
Exploits0
UbuntuCve
UbuntuCve
added 2008/01/08 1:46 a.m.17 views

CVE-2007-5965

QSslSocket in Trolltech Qt 4.3.0 through 4.3.2 does not properly verify SSL certificates, which might make it easier for remote attackers to trick a user into accepting an invalid server certificate for a spoofed service, or trick a service into accepting an invalid client certificate for a user...

4.3CVSS5.9AI score0.0128EPSS
Exploits1References2
Prion
Prion
added 2007/10/09 12:17 a.m.15 views

Design/Logic Flaw

Hitachi Cosminexus Agent 03-00 through 03-05, and Cosminexus Library Standard and Web Edition 04-00 and 04-01, might allow remote attackers to cause a denial of service agent process crash via invalid data from clients other than Cosminexus Manager...

4.3CVSS6.9AI score0.01226EPSS
Exploits0References5Affected Software3
Cvelist
Cvelist
added 2007/02/26 8:0 p.m.32 views

CVE-2007-0009

Stack-based buffer overflow in the SSLv2 support in Mozilla Network Security Services NSS before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, SeaMonkey before 1.0.8, and certain Sun Java System server products before 20070611, allows remote...

7.8AI score0.5036EPSS
Exploits0References66
Rows per page
Query Builder