Vulnerabilities (CVE)

Filtered by CWE-358
Total 48 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-15091 1 Powerdns 1 Authoritative 2024-11-21 5.5 MEDIUM 7.1 HIGH
An issue has been found in the API component of PowerDNS Authoritative 4.x up to and including 4.0.4 and 3.x up to and including 3.4.11, where some operations that have an impact on the state of the server are still allowed even though the API has been configured as read-only via the api-readonly keyword. This missing check allows an attacker with valid API credentials to flush the cache, trigger a zone transfer or send a NOTIFY.
CVE-2017-12303 1 Cisco 1 Asyncos 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
A vulnerability in the Advanced Malware Protection (AMP) file filtering feature of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to bypass a configured AMP file filtering rule. The file types affected are zipped or archived file types. The vulnerability is due to incorrect and different file hash values when AMP scans the file. An attacker could exploit this vulnerability by sending a crafted email file attachment through the targeted device. An exploit could allow the attacker to bypass a configured AMP file filter. Cisco Bug IDs: CSCvf52943.
CVE-2016-8635 2 Mozilla, Redhat 7 Network Security Services, Enterprise Linux Desktop, Enterprise Linux Server and 4 more 2024-11-21 4.3 MEDIUM 5.3 MEDIUM
It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group.
CVE-2016-3017 1 Ibm 6 Security Access Manager 9.0 Firmware, Security Access Manager For Mobile 8.0 Firmware, Security Access Manager For Mobile Appliance and 3 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
IBM Security Access Manager for Web could allow a remote attacker to obtain sensitive information due to security misconfigurations.
CVE-2016-10834 1 Cpanel 1 Cpanel 2024-11-21 6.5 MEDIUM 8.8 HIGH
cPanel before 55.9999.141 allows account-suspension bypass via ftp (SEC-105).
CVE-2016-10825 1 Cpanel 1 Cpanel 2024-11-21 5.5 MEDIUM 8.1 HIGH
cPanel before 55.9999.141 allows attackers to bypass a Security Policy by faking static documents (SEC-92).
CVE-2016-10229 2 Google, Linux 2 Android, Linux Kernel 2024-11-21 10.0 HIGH 9.8 CRITICAL
udp.c in the Linux kernel before 4.5 allows remote attackers to execute arbitrary code via UDP traffic that triggers an unsafe second checksum calculation during execution of a recv system call with the MSG_PEEK flag.
CVE-2014-4843 1 Ibm 1 Curam Social Program Management 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
Curam Universal Access in IBM Curam Social Program Management (SPM) 6.0 SP2 before EP26, 6.0.4 before 6.0.4.6, and 6.0.5 before 6.0.5.5 iFix5 allows remote attackers to obtain sensitive information about internal caseworker usernames via vectors related to a URL.
CVE-2024-33510 2024-11-13 N/A 4.3 MEDIUM
AnĀ improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability [CWE-74] in FortiOS version 7.4.3 and below, version 7.2.8 and below, version 7.0.16 and below; FortiProxy version 7.4.3 and below, version 7.2.9 and below, version 7.0.16 and below; FortiSASE version 24.2.b SSL-VPN web user interface may allow a remote unauthenticated attacker to perform phishing attempts via crafted requests.
CVE-2023-39403 1 Huawei 2 Emui, Harmonyos 2024-10-09 N/A 9.1 CRITICAL
Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.
CVE-2024-36511 1 Fortinet 1 Fortiadc 2024-09-20 N/A 3.7 LOW
An improperly implemented security check for standard vulnerability [CWE-358] in FortiADC Web Application Firewall (WAF) 7.4.0 through 7.4.4, 7.2 all versions, 7.1 all versions, 7.0 all versions, 6.2 all versions, 6.1 all versions, 6.0 all versions when cookie security policy is enabled may allow an attacker, under specific conditions, to retrieve the initial encrypted and signed cookie protected by the feature
CVE-2024-7965 2 Google, Microsoft 2 Chrome, Edge Chromium 2024-09-18 N/A 8.8 HIGH
Inappropriate implementation in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2024-40650 2024-09-12 N/A 7.8 HIGH
In wifi_item_edit_content of styles.xml , there is a possible FRP bypass due to Missing check for FRP state. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2023-40445 1 Apple 2 Ipados, Iphone Os 2024-09-10 N/A 7.5 HIGH
The issue was addressed with improved UI handling. This issue is fixed in iOS 17.1 and iPadOS 17.1. A device may persistently fail to lock.
CVE-2024-2174 2024-08-28 N/A 8.8 HIGH
Inappropriate implementation in V8 in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2024-41907 1 Siemens 1 Sinec Traffic Analyzer 2024-08-14 N/A 5.4 MEDIUM
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). The affected application is missing general HTTP security headers in the web server. This could allow an attacker to make the servers more prone to clickjacking attack.
CVE-2024-6995 1 Google 2 Android, Chrome 2024-08-07 N/A 4.7 MEDIUM
Inappropriate implementation in Fullscreen in Google Chrome on Android prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)
CVE-2024-7003 1 Google 1 Chrome 2024-08-07 N/A 4.3 MEDIUM
Inappropriate implementation in FedCM in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
CVE-2024-6772 2024-08-06 N/A 8.8 HIGH
Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
CVE-2024-3844 2024-08-06 N/A 4.3 MEDIUM
Inappropriate implementation in Extensions in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low)