| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2018-15801 |
345 |
|
Bypass |
2018-12-19 |
2019-01-07 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Spring Security versions 5.1.x prior to 5.1.2 contain an authorization bypass vulnerability during JWT issuer validation. In order to be impacted, the same private key for an honest issuer and a malicious user must be used when signing JWTs. In that case, a malicious user could fashion signed JWTs with the malicious issuer URL that may be granted for the honest issuer. |
|
2 |
CVE-2018-10626 |
345 |
|
+Info |
2018-08-10 |
2018-10-10 |
3.8 |
None |
Local Network |
Medium |
Single system |
Partial |
Partial |
None |
|
A vulnerability was discovered in all versions of Medtronic MyCareLink 24950 and 24952 Patient Monitor. The affected product's update service does not sufficiently verify the authenticity of the data uploaded. An attacker who obtains per-product credentials from the monitor and paired implantable cardiac device information can potentially upload invalid data to the Medtronic CareLink network. |
|
3 |
CVE-2018-10080 |
345 |
|
|
2018-04-13 |
2018-05-22 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Secutech RiS-11, RiS-22, and RiS-33 devices with firmware V5.07.52_es_FRI01 allow DNS settings changes via a goform/AdvSetDns?GO=wan_dns.asp request in conjunction with a crafted admin cookie. |
|
4 |
CVE-2018-7798 |
345 |
|
|
2018-11-02 |
2018-12-13 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
A Insufficient Verification of Data Authenticity (CWE-345) vulnerability exists in the Modicon M221, all versions, which could cause a change of IPv4 configuration (IP address, mask and gateway) when remotely connected to the device. |
|
5 |
CVE-2017-14091 |
345 |
|
|
2017-12-15 |
2017-12-27 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which certain specific installations that utilize a uncommon feature - Other Update Sources - could be exploited to overwrite sensitive files in the ScanMail for Exchange directory. |
|
6 |
CVE-2017-12972 |
345 |
|
Overflow Bypass |
2017-08-20 |
2017-09-01 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
In Nimbus JOSE+JWT before 4.39, there is no integer-overflow check when converting length values from bytes to bits, which allows attackers to conduct HMAC bypass attacks by shifting Additional Authenticated Data (AAD) and ciphertext so that different plaintext is obtained for the same HMAC. |
|
7 |
CVE-2017-12740 |
345 |
|
|
2017-12-25 |
2018-01-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Siemens LOGO! Soft Comfort (All versions before V8.2) lacks integrity verification of software packages downloaded via an unprotected communication channel. This could allow a remote attacker to manipulate the software package while performing a Man-in-the-Middle (MitM) attack. |
|
8 |
CVE-2017-11379 |
345 |
|
|
2017-08-01 |
2017-08-07 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Configuration and database backup archives are not signed or validated in Trend Micro Deep Discovery Director 1.1. |
|
9 |
CVE-2017-11103 |
345 |
|
|
2017-07-13 |
2017-11-13 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In _krb5_extract_ticket() the KDC-REP service name must be obtained from the encrypted version stored in 'enc_part' instead of the unencrypted version stored in 'ticket'. Use of the unencrypted version provides an opportunity for successful server impersonation and other attacks. NOTE: this CVE is only for Heimdal and other products that embed Heimdal code; it does not apply to other instances in which this part of the Kerberos 5 protocol specification is violated. |
|
10 |
CVE-2017-10862 |
345 |
|
|
2017-10-12 |
2017-11-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
jwt-scala 1.2.2 and earlier fails to verify token signatures correctly which may lead to an attacker being able to pass specially crafted JWT data as a correctly signed token. |
|
11 |
CVE-2017-10624 |
345 |
|
|
2017-10-13 |
2017-11-02 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
Insufficient verification of node certificates in Juniper Networks Junos Space may allow a man-in-the-middle type of attacker to make unauthorized modifications to Space database or add nodes. Affected releases are Juniper Networks Junos Space all versions prior to 17.1R1. |
|
12 |
CVE-2017-8201 |
345 |
|
DoS |
2017-11-22 |
2017-12-06 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
MAX PRESENCE V100R001C00, TP3106 V100R002C00, TP3206 V100R002C00 have an a memory leak vulnerability in H323 protocol. An attacker logs in to the system as a user and send crafted packets to the affected products. Due to insufficient verification of the packets, successful exploit could cause a memory leak and eventual denial of service (DoS) condition. |
|
13 |
CVE-2017-7674 |
345 |
|
|
2017-08-10 |
2018-06-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The CORS Filter in Apache Tomcat 9.0.0.M1 to 9.0.0.M21, 8.5.0 to 8.5.15, 8.0.0.RC1 to 8.0.44 and 7.0.41 to 7.0.78 did not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and server side cache poisoning in some circumstances. |
|
14 |
CVE-2017-3224 |
345 |
|
DoS |
2018-07-24 |
2018-10-04 |
4.3 |
None |
Local Network |
Medium |
Not required |
None |
Partial |
Partial |
|
Open Shortest Path First (OSPF) protocol implementations may improperly determine Link State Advertisement (LSA) recency for LSAs with MaxSequenceNumber. According to RFC 2328 section 13.1, for two instances of the same LSA, recency is determined by first comparing sequence numbers, then checksums, and finally MaxAge. In a case where the sequence numbers are the same, the LSA with the larger checksum is considered more recent, and will not be flushed from the Link State Database (LSDB). Since the RFC does not explicitly state that the values of links carried by a LSA must be the same when prematurely aging a self-originating LSA with MaxSequenceNumber, it is possible in vulnerable OSPF implementations for an attacker to craft a LSA with MaxSequenceNumber and invalid links that will result in a larger checksum and thus a 'newer' LSA that will not be flushed from the LSDB. Propagation of the crafted LSA can result in the erasure or alteration of the routing tables of routers within the routing domain, creating a denial of service condition or the re-routing of traffic on the network. CVE-2017-3224 has been reserved for Quagga and downstream implementations (SUSE, openSUSE, and Red Hat packages). |
|
15 |
CVE-2017-3218 |
345 |
|
|
2017-06-21 |
2017-07-03 |
8.3 |
None |
Local Network |
Low |
Not required |
Complete |
Complete |
Complete |
|
Samsung Magician 5.0 fails to validate TLS certificates for HTTPS software update traffic. Prior to version 5.0, Samsung Magician uses HTTP for software updates. |
|
16 |
CVE-2017-2701 |
345 |
|
DoS |
2017-11-22 |
2017-12-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Mate 9 with software MHA-AL00AC00B125 has a denial of service (DoS) vulnerability. An attacker tricks a user into installing a malicious application. Since the system does not verify the broadcasting message from the application, it could be exploited to cause some functions of system unavailable. |
|
17 |
CVE-2017-1773 |
345 |
|
|
2018-01-31 |
2018-02-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
IBM DataPower Gateways 7.1, 7,2, 7.5, and 7.6 could allow an attacker using man-in-the-middle techniques to spoof DNS responses to perform DNS cache poisoning and redirect Internet traffic. IBM X-Force ID: 136817. |
|
18 |
CVE-2017-1405 |
345 |
|
|
2018-06-08 |
2018-07-27 |
4.0 |
None |
Remote |
Low |
Single system |
None |
Partial |
None |
|
IBM Security Identity Manager Virtual Appliance 7.0 processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code. IBM X-Force ID: 127392. |
|
19 |
CVE-2016-9450 |
345 |
|
|
2016-11-25 |
2016-11-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The user password reset form in Drupal 8.x before 8.2.3 allows remote attackers to conduct cache poisoning attacks by leveraging failure to specify a correct cache context. |
|
20 |
CVE-2016-4554 |
345 |
|
Bypass |
2016-05-10 |
2016-11-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin restrictions and possibly conduct cache-poisoning attacks via a crafted HTTP Host header, aka a "header smuggling" issue. |
|
21 |
CVE-2016-4553 |
345 |
|
|
2016-05-10 |
2016-11-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host header when absolute-URI is provided, which allows remote attackers to conduct cache-poisoning attacks via an HTTP request. |
|
22 |
CVE-2016-3983 |
345 |
|
Bypass |
2016-04-08 |
2016-04-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
McAfee Advanced Threat Defense (ATD) before 3.4.8.178 might allow remote attackers to bypass malware detection by leveraging information about the parent process. |
|
23 |
CVE-2016-3677 |
345 |
|
|
2016-06-13 |
2016-11-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The Huawei Wear App application before 15.0.0.307 for Android does not validate SSL certificates, which allows local users to have unspecified impact via unknown vectors, aka HWPSIRT-2016-03008. |
|
24 |
CVE-2016-3016 |
345 |
|
|
2017-02-01 |
2017-02-07 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
IBM Security Access Manager for Web processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code, which could allow an authenticated attacker to load malicious code. |
|
25 |
CVE-2016-2346 |
345 |
|
Exec Code |
2016-04-25 |
2016-05-04 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Allround Automations PL/SQL Developer 11 before 11.0.6 relies on unverified HTTP data for updates, which allows man-in-the-middle attackers to execute arbitrary code by modifying fields in the client-server data stream. |
|
26 |
CVE-2016-2309 |
345 |
|
DoS |
2016-05-29 |
2017-01-10 |
8.0 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Complete |
|
iRZ RUH2 before 2b does not validate firmware patches, which allows remote authenticated users to modify data or cause a denial of service via unspecified vectors. |
|
27 |
CVE-2016-1731 |
345 |
|
|
2016-03-13 |
2016-12-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Apple Software Update before 2.2 on Windows does not use HTTPS, which makes it easier for man-in-the-middle attackers to spoof updates by modifying the client-server data stream. |
|
28 |
CVE-2016-1493 |
345 |
|
Exec Code |
2016-01-29 |
2018-10-09 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
Intel Driver Update Utility before 2.4 retrieves driver updates in cleartext, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted file. |
|
29 |
CVE-2016-0818 |
345 |
|
|
2016-03-12 |
2016-11-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The caching functionality in the TrustManagerImpl class in TrustManagerImpl.java in Conscrypt in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 mishandles the distinction between an intermediate CA and a trusted root CA, which allows man-in-the-middle attackers to spoof servers by leveraging access to an intermediate CA to issue a certificate, aka internal bug 26232830. |
|
30 |
CVE-2015-9232 |
345 |
|
|
2017-09-20 |
2017-10-04 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
The Good for Enterprise application 3.0.0.415 for Android does not use signature protection for its Authentication Delegation API intent. Also, the Good Dynamic application activation process does not attempt to detect malicious activation attempts involving modified names beginning with a com.good.gdgma substring. Consequently, an attacker could obtain access to intranet data. This issue is only relevant in cases where the user has already downloaded a malicious Android application. |
|
31 |
CVE-2015-8254 |
345 |
|
|
2015-12-26 |
2015-12-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The Frontel protocol before 3 on RSI Video Technologies Videofied devices does not use integrity protection, which makes it easier for man-in-the-middle attackers to (1) initiate a false alarm or (2) deactivate an alarm by modifying the client-server data stream. |
|
32 |
CVE-2015-7539 |
345 |
|
Exec Code |
2016-02-03 |
2016-06-13 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
The Plugins Manager in Jenkins before 1.640 and LTS before 1.625.2 does not verify checksums for plugin files referenced in update site data, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted plugin. |
|
33 |
CVE-2015-6854 |
345 |
|
DoS +Info |
2016-03-23 |
2016-12-02 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
|
The non-Domino web agents in CA Single Sign-On (aka SSO, formerly SiteMinder) R6, R12.0 before SP3 CR13, R12.0J before SP3 CR1.2, and R12.5 before CR5 allow remote attackers to cause a denial of service (daemon crash) or obtain sensitive information via a crafted request. |
|
34 |
CVE-2015-6853 |
345 |
|
DoS +Info |
2016-03-23 |
2016-12-02 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
|
The Domino web agent in CA Single Sign-On (aka SSO, formerly SiteMinder) R6, R12.0 before SP3 CR13, R12.0J before SP3 CR1.2, R12.5 before CR5, R12.51 before CR4, and R12.52 before SP1 CR3 allows remote attackers to cause a denial of service (daemon crash) or obtain sensitive information via a crafted request. |
|
35 |
CVE-2015-4674 |
345 |
|
Exec Code |
2015-08-06 |
2018-10-09 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The autoupdate implementation in TimeDoctor Pro 1.4.72.3 on Windows relies on unsigned installer files that are retrieved without use of SSL, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted file. |
|
36 |
CVE-2015-3908 |
345 |
|
|
2015-08-12 |
2018-10-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Ansible before 1.9.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. |
|
37 |
CVE-2015-2908 |
345 |
|
Exec Code |
2015-08-23 |
2015-08-24 |
9.0 |
None |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
|
** DISPUTED ** Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, do not validate firmware updates, which allows remote attackers to execute arbitrary code by specifying an update server. NOTE: the vendor states "This was a flaw for the developer/debugging devices, and was fixed in production version about 3 years ago." |
|
38 |
CVE-2015-0259 |
345 |
|
|
2015-04-01 |
2018-11-16 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
OpenStack Compute (Nova) before 2014.1.4, 2014.2.x before 2014.2.3, and kilo before kilo-3 does not validate the origin of websocket requests, which allows remote attackers to hijack the authentication of users for access to consoles via a crafted webpage. |
|
39 |
CVE-2015-0251 |
345 |
|
|
2015-04-08 |
2018-10-30 |
4.0 |
None |
Remote |
Low |
Single system |
None |
Partial |
None |
|
The mod_dav_svn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 through 1.8.11 allows remote authenticated users to spoof the svn:author property via a crafted v1 HTTP protocol request sequences. |
|
40 |
CVE-2015-0008 |
345 |
|
Exec Code |
2015-02-10 |
2018-10-12 |
8.3 |
None |
Local Network |
Low |
Not required |
Complete |
Complete |
Complete |
|
The UNC implementation in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not include authentication from the server to the client, which allows remote attackers to execute arbitrary code by making crafted data available on a UNC share, as demonstrated by Group Policy data from a spoofed domain controller, aka "Group Policy Remote Code Execution Vulnerability." |
|
41 |
CVE-2014-8165 |
345 |
|
Exec Code |
2015-02-19 |
2018-01-04 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
scripts/amsvis/powerpcAMS/amsnet.py in powerpc-utils-python uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object. |
|
42 |
CVE-2014-5406 |
345 |
|
|
2015-07-06 |
2015-07-08 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The Hospira LifeCare PCA Infusion System before 7.0 does not validate network traffic associated with sending a (1) drug library, (2) software update, or (3) configuration change, which allows remote attackers to modify settings or medication data via packets on the (a) TELNET, (b) HTTP, (c) HTTPS, or (d) UPNP port. NOTE: this issue might overlap CVE-2015-3459. |
|
43 |
CVE-2014-4936 |
345 |
|
Exec Code |
2014-12-16 |
2016-12-06 |
9.3 |
Admin |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The upgrade functionality in Malwarebytes Anti-Malware (MBAM) consumer before 2.0.3 and Malwarebytes Anti-Exploit (MBAE) consumer 1.04.1.1012 and earlier allow man-in-the-middle attackers to execute arbitrary code by spoofing the update server and uploading an executable. |
|
44 |
CVE-2014-4883 |
345 |
|
|
2014-11-27 |
2015-01-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
resolv.c in the DNS resolver in uIP, and dns.c in the DNS resolver in lwIP 1.4.1 and earlier, does not use random values for ID fields and source ports of DNS query packets, which makes it easier for man-in-the-middle attackers to conduct cache-poisoning attacks via spoofed reply packets. |
|
45 |
CVE-2014-2718 |
345 |
|
Exec Code |
2014-11-04 |
2017-08-28 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
Complete |
None |
|
ASUS RT-AC68U, RT-AC66R, RT-AC66U, RT-AC56R, RT-AC56U, RT-N66R, RT-N66U, RT-N56R, RT-N56U, and possibly other RT-series routers before firmware 3.0.0.4.376.x do not verify the integrity of firmware (1) update information or (2) downloaded updates, which allows man-in-the-middle (MITM) attackers to execute arbitrary code via a crafted image. |
|
46 |
CVE-2013-7398 |
345 |
|
|
2015-06-24 |
2018-01-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
main/java/com/ning/http/client/AsyncHttpClientConfig.java in Async Http Client (aka AHC or async-http-client) before 1.9.0 does not require a hostname match during verification of X.509 certificates, which allows man-in-the-middle attackers to spoof HTTPS servers via an arbitrary valid certificate. |
|
47 |
CVE-2013-7397 |
345 |
|
|
2015-06-24 |
2018-01-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Async Http Client (aka AHC or async-http-client) before 1.9.0 skips X.509 certificate verification unless both a keyStore location and a trustStore location are explicitly set, which allows man-in-the-middle attackers to spoof HTTPS servers by presenting an arbitrary certificate during use of a typical AHC configuration, as demonstrated by a configuration that does not send client certificates. |
