Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2012-0862

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-04 Jun, 2012 | 20:00
Updated At-06 Aug, 2024 | 18:38
Rejected At-
Credits

builtins.c in Xinetd before 2.3.15 does not check the service type when the tcpmux-server service is enabled, which exposes all enabled services and allows remote attackers to bypass intended access restrictions via a request to tcpmux port 1.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:04 Jun, 2012 | 20:00
Updated At:06 Aug, 2024 | 18:38
Rejected At:
▼CVE Numbering Authority (CNA)

builtins.c in Xinetd before 2.3.15 does not check the service type when the tcpmux-server service is enabled, which exposes all enabled services and allows remote attackers to bypass intended access restrictions via a request to tcpmux port 1.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://www.securitytracker.com/id?1027050
vdb-entry
x_refsource_SECTRACK
http://www.openwall.com/lists/oss-security/2012/05/09/5
mailing-list
x_refsource_MLIST
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081446.html
vendor-advisory
x_refsource_FEDORA
http://www.osvdb.org/81774
vdb-entry
x_refsource_OSVDB
https://exchange.xforce.ibmcloud.com/vulnerabilities/75965
vdb-entry
x_refsource_XF
https://bugzilla.redhat.com/attachment.cgi?id=583311
x_refsource_MISC
http://rhn.redhat.com/errata/RHSA-2013-1302.html
vendor-advisory
x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=790940
x_refsource_MISC
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081428.html
vendor-advisory
x_refsource_FEDORA
http://www.openwall.com/lists/oss-security/2012/05/10/2
mailing-list
x_refsource_MLIST
http://www.securityfocus.com/bid/53720
vdb-entry
x_refsource_BID
http://www.mandriva.com/security/advisories?name=MDVSA-2012:155
vendor-advisory
x_refsource_MANDRIVA
http://www.xinetd.org/#changes
x_refsource_CONFIRM
Hyperlink: http://www.securitytracker.com/id?1027050
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://www.openwall.com/lists/oss-security/2012/05/09/5
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081446.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://www.osvdb.org/81774
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/75965
Resource:
vdb-entry
x_refsource_XF
Hyperlink: https://bugzilla.redhat.com/attachment.cgi?id=583311
Resource:
x_refsource_MISC
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-1302.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=790940
Resource:
x_refsource_MISC
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081428.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://www.openwall.com/lists/oss-security/2012/05/10/2
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://www.securityfocus.com/bid/53720
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2012:155
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: http://www.xinetd.org/#changes
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://www.securitytracker.com/id?1027050
vdb-entry
x_refsource_SECTRACK
x_transferred
http://www.openwall.com/lists/oss-security/2012/05/09/5
mailing-list
x_refsource_MLIST
x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081446.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://www.osvdb.org/81774
vdb-entry
x_refsource_OSVDB
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/75965
vdb-entry
x_refsource_XF
x_transferred
https://bugzilla.redhat.com/attachment.cgi?id=583311
x_refsource_MISC
x_transferred
http://rhn.redhat.com/errata/RHSA-2013-1302.html
vendor-advisory
x_refsource_REDHAT
x_transferred
https://bugzilla.redhat.com/show_bug.cgi?id=790940
x_refsource_MISC
x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081428.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://www.openwall.com/lists/oss-security/2012/05/10/2
mailing-list
x_refsource_MLIST
x_transferred
http://www.securityfocus.com/bid/53720
vdb-entry
x_refsource_BID
x_transferred
http://www.mandriva.com/security/advisories?name=MDVSA-2012:155
vendor-advisory
x_refsource_MANDRIVA
x_transferred
http://www.xinetd.org/#changes
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securitytracker.com/id?1027050
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://www.openwall.com/lists/oss-security/2012/05/09/5
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081446.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://www.osvdb.org/81774
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/75965
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: https://bugzilla.redhat.com/attachment.cgi?id=583311
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-1302.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=790940
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081428.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://www.openwall.com/lists/oss-security/2012/05/10/2
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://www.securityfocus.com/bid/53720
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2012:155
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: http://www.xinetd.org/#changes
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:04 Jun, 2012 | 20:55
Updated At:29 Apr, 2026 | 01:13

builtins.c in Xinetd before 2.3.15 does not check the service type when the tcpmux-server service is enabled, which exposes all enabled services and allows remote attackers to bypass intended access restrictions via a request to tcpmux port 1.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
Type: Primary
Version: 2.0
Base score: 4.3
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N
CPE Matches

xinetd
xinetd
>>xinetd>>Versions up to 2.3.14(inclusive)
cpe:2.3:a:xinetd:xinetd:*:*:*:*:*:*:*:*
xinetd
xinetd
>>xinetd>>2.3.5
cpe:2.3:a:xinetd:xinetd:2.3.5:*:*:*:*:*:*:*
xinetd
xinetd
>>xinetd>>2.3.6
cpe:2.3:a:xinetd:xinetd:2.3.6:*:*:*:*:*:*:*
xinetd
xinetd
>>xinetd>>2.3.7
cpe:2.3:a:xinetd:xinetd:2.3.7:*:*:*:*:*:*:*
xinetd
xinetd
>>xinetd>>2.3.8
cpe:2.3:a:xinetd:xinetd:2.3.8:*:*:*:*:*:*:*
xinetd
xinetd
>>xinetd>>2.3.9
cpe:2.3:a:xinetd:xinetd:2.3.9:*:*:*:*:*:*:*
xinetd
xinetd
>>xinetd>>2.3.10
cpe:2.3:a:xinetd:xinetd:2.3.10:*:*:*:*:*:*:*
xinetd
xinetd
>>xinetd>>2.3.11
cpe:2.3:a:xinetd:xinetd:2.3.11:*:*:*:*:*:*:*
xinetd
xinetd
>>xinetd>>2.3.12
cpe:2.3:a:xinetd:xinetd:2.3.12:*:*:*:*:*:*:*
xinetd
xinetd
>>xinetd>>2.3.13
cpe:2.3:a:xinetd:xinetd:2.3.13:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-20Primarynvd@nist.gov
CWE ID: CWE-20
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081428.htmlsecalert@redhat.com
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081446.htmlsecalert@redhat.com
N/A
http://rhn.redhat.com/errata/RHSA-2013-1302.htmlsecalert@redhat.com
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2012:155secalert@redhat.com
N/A
http://www.openwall.com/lists/oss-security/2012/05/09/5secalert@redhat.com
N/A
http://www.openwall.com/lists/oss-security/2012/05/10/2secalert@redhat.com
N/A
http://www.osvdb.org/81774secalert@redhat.com
N/A
http://www.securityfocus.com/bid/53720secalert@redhat.com
N/A
http://www.securitytracker.com/id?1027050secalert@redhat.com
N/A
http://www.xinetd.org/#changessecalert@redhat.com
N/A
https://bugzilla.redhat.com/attachment.cgi?id=583311secalert@redhat.com
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=790940secalert@redhat.com
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/75965secalert@redhat.com
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081428.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081446.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://rhn.redhat.com/errata/RHSA-2013-1302.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2012:155af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.openwall.com/lists/oss-security/2012/05/09/5af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.openwall.com/lists/oss-security/2012/05/10/2af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.osvdb.org/81774af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/53720af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securitytracker.com/id?1027050af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.xinetd.org/#changesaf854a3a-2127-422b-91ae-364da2661108
N/A
https://bugzilla.redhat.com/attachment.cgi?id=583311af854a3a-2127-422b-91ae-364da2661108
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=790940af854a3a-2127-422b-91ae-364da2661108
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/75965af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081428.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081446.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-1302.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2012:155
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2012/05/09/5
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2012/05/10/2
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.osvdb.org/81774
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/53720
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1027050
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.xinetd.org/#changes
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/attachment.cgi?id=583311
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=790940
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/75965
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081428.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081446.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-1302.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2012:155
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2012/05/09/5
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2012/05/10/2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.osvdb.org/81774
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/53720
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1027050
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.xinetd.org/#changes
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/attachment.cgi?id=583311
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=790940
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/75965
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

115Records found

CVE-2006-1729
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-2.23% / 80.62%
||
7 Day CHG~0.00%
Published-14 Apr, 2006 | 10:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to read arbitrary files by (1) inserting the target filename into a text box, then turning that box into a file upload control, or (2) changing the type of the input control that is associated with an event handler.

Action-Not Available
Vendor-n/aCanonical Ltd.Mozilla Corporation
Product-firefoxmozilla_suiteubuntu_linuxseamonkeyn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-5284
Matching Score-4
Assigner-Mozilla Corporation
ShareView Details
Matching Score-4
Assigner-Mozilla Corporation
CVSS Score-7.4||HIGH
EPSS-2.37% / 81.78%
||
7 Day CHG~0.00%
Published-22 Sep, 2016 | 22:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 rely on unintended expiration dates for Preloaded Public Key Pinning, which allows man-in-the-middle attackers to spoof add-on updates by leveraging possession of an X.509 server certificate for addons.mozilla.org signed by an arbitrary built-in Certification Authority.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2019-9414
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.9||MEDIUM
EPSS-0.56% / 42.78%
||
7 Day CHG~0.00%
Published-27 Sep, 2019 | 18:05
Updated-04 Aug, 2024 | 21:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In wpa_supplicant, there is a possible man in the middle vulnerability due to improper input validation of the basicConstraints field of intermediary certificates. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111893041

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-20
Improper Input Validation
CVE-2016-6465
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-4.3||MEDIUM
EPSS-1.56% / 72.15%
||
7 Day CHG~0.00%
Published-14 Dec, 2016 | 00:37
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the content filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances and Cisco Web Security Appliances could allow an unauthenticated, remote attacker to bypass user filters that are configured for an affected device. Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for both virtual and hardware versions of the following Cisco products: Cisco Email Security Appliances (ESAs) that are configured to use message or content filters that scan incoming email attachments; Cisco Web Security Appliances (WSAs) that are configured to use services that scan accessed web content. More Information: CSCva90076, CSCvb06764. Known Affected Releases: 10.0.0-125 8.5.7-042 9.7.2-047.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-email_security_applianceCisco AsyncOS
CWE ID-CWE-20
Improper Input Validation
CVE-2015-2156
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-5.43% / 91.74%
||
7 Day CHG~0.00%
Published-18 Oct, 2017 | 15:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name and value characters.

Action-Not Available
Vendor-lightbendplayframeworkn/aThe Netty Project
Product-play_frameworknettyn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2022-23998
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-6.2||MEDIUM
EPSS-0.58% / 43.31%
||
7 Day CHG~0.00%
Published-11 Feb, 2022 | 17:40
Updated-03 Aug, 2024 | 03:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control vulnerability in Camera prior to versions 11.1.02.16 in Android R(11), 10.5.03.77 in Android Q(10) and 9.0.6.68 in Android P(9) allows untrusted applications to take a picture in screenlock status.

Action-Not Available
Vendor-Google LLCSamsungSamsung Electronics
Product-cameraandroidSamsung Camera
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-863
Incorrect Authorization
CVE-2015-2412
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-4.3||MEDIUM
EPSS-17.85% / 96.81%
||
7 Day CHG~0.00%
Published-14 Jul, 2015 | 21:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 10 and 11 allows remote attackers to read arbitrary local files via a crafted pathname, aka "Internet Explorer Information Disclosure Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorern/a
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-0626
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-4.3||MEDIUM
EPSS-1.08% / 60.96%
||
7 Day CHG~0.00%
Published-19 Feb, 2015 | 00:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SOAP interface in Cisco Hosted Collaboration Solution (HCS) allows remote attackers to obtain access to system-management tools via crafted Challenge SOAP calls, aka Bug ID CSCuc38114.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-hosted_collaboration_solutionn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2022-21687
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.8||MEDIUM
EPSS-1.00% / 58.66%
||
7 Day CHG~0.00%
Published-01 Feb, 2022 | 11:56
Updated-05 May, 2025 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Command injection in gh-ost

gh-ost is a triggerless online schema migration solution for MySQL. Versions prior to 1.1.3 are subject to an arbitrary file read vulnerability. The attacker must have access to the target host or trick an administrator into executing a malicious gh-ost command on a host running gh-ost, plus network access from host running gh-ost to the attack's malicious MySQL server. The `-database` parameter does not properly sanitize user input which can lead to arbitrary file reads.

Action-Not Available
Vendor-n/aGitHub, Inc.
Product-gh-ostn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-3352
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-4.3||MEDIUM
EPSS-2.82% / 84.86%
||
7 Day CHG~0.00%
Published-30 Aug, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) 2008.3_SP9 and earlier does not properly consider whether a session is a problematic NULL session, which allows remote attackers to obtain sensitive information via crafted packets, related to an "iFrame vulnerability," aka Bug ID CSCuh84801.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-cloud_portaln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-2146
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.5||MEDIUM
EPSS-1.26% / 65.88%
||
7 Day CHG~0.00%
Published-22 Sep, 2016 | 17:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Zone-Based Firewall (ZBFW) functionality in Cisco IOS, possibly 15.4 and earlier, and IOS XE, possibly 3.13 and earlier, mishandles zone checking for existing sessions, which allows remote attackers to bypass intended resource-access restrictions via spoofed traffic that matches one of these sessions, aka Bug IDs CSCun94946 and CSCun96847.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-iosios_xen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-3310
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-4.3||MEDIUM
EPSS-1.20% / 64.53%
||
7 Day CHG~0.00%
Published-10 Jul, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The File Transfer feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx Meeting Center does not verify that a requested file was an offered file, which allows remote attackers to read arbitrary files via a modified request, aka Bug IDs CSCup62442 and CSCup58463.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-webex_meetings_serverwebex_meeting_centern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-1369
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.99% / 58.17%
||
7 Day CHG~0.00%
Published-01 Jul, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit in Apple Safari before 6.1.5 and 7.x before 7.0.5 allows user-assisted remote attackers to access file: URLs by leveraging a URL drag operation that originates at a crafted web site.

Action-Not Available
Vendor-n/aApple Inc.
Product-safarin/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-0034
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-7.41% / 93.68%
||
7 Day CHG~0.00%
Published-07 Jul, 2014 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SecurityTokenService (STS) in Apache CXF before 2.6.12 and 2.7.x before 2.7.9 does not properly validate SAML tokens when caching is enabled, which allows remote attackers to gain access via an invalid SAML token.

Action-Not Available
Vendor-n/aThe Apache Software FoundationRed Hat, Inc.
Product-jboss_enterprise_application_platformcxfn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-0033
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-9.89% / 94.99%
||
7 Day CHG~0.00%
Published-26 Feb, 2014 | 11:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

org/apache/catalina/connector/CoyoteAdapter.java in Apache Tomcat 6.0.33 through 6.0.37 does not consider the disableURLRewriting setting when handling a session ID in a URL, which allows remote attackers to conduct session fixation attacks via a crafted URL.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-tomcatn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-4059
Matching Score-4
Assigner-Chrome
ShareView Details
Matching Score-4
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-1.26% / 66.14%
||
7 Day CHG~0.00%
Published-23 Dec, 2021 | 00:45
Updated-03 Aug, 2024 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient data validation in loader in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Action-Not Available
Vendor-Fedora ProjectGoogle LLCDebian GNU/Linux
Product-chromedebian_linuxfedoraChrome
CWE ID-CWE-20
Improper Input Validation
CVE-2019-13750
Matching Score-4
Assigner-Chrome
ShareView Details
Matching Score-4
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-2.21% / 80.40%
||
7 Day CHG~0.00%
Published-10 Dec, 2019 | 21:01
Updated-05 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient data validation in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass defense-in-depth measures via a crafted HTML page.

Action-Not Available
Vendor-Canonical Ltd.Google LLCRed Hat, Inc.Fedora ProjectDebian GNU/Linux
Product-enterprise_linux_serverubuntu_linuxenterprise_linux_for_scientific_computingdebian_linuxchromeenterprise_linux_workstationfedoraenterprise_linux_desktopChrome
CWE ID-CWE-20
Improper Input Validation
CVE-2021-36006
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-3.3||LOW
EPSS-1.75% / 75.15%
||
7 Day CHG~0.00%
Published-20 Aug, 2021 | 18:10
Updated-23 Apr, 2025 | 19:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Photoshop MP4 File Parsing Uninitialized Variable Information Disclosure Vulnerability

Adobe Photoshop versions 21.2.9 (and earlier) and 22.4.2 (and earlier) are affected by an Improper input validation vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose arbitrary memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-windowsphotoshopmacosPhotoshop
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-665
Improper Initialization
CVE-2019-13707
Matching Score-4
Assigner-Chrome
ShareView Details
Matching Score-4
Assigner-Chrome
CVSS Score-5.5||MEDIUM
EPSS-0.45% / 36.05%
||
7 Day CHG~0.00%
Published-25 Nov, 2019 | 14:22
Updated-05 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient validation of untrusted input in intents in Google Chrome on Android prior to 78.0.3904.70 allowed a local attacker to leak files via a crafted application.

Action-Not Available
Vendor-openSUSEGoogle LLC
Product-chromebackportsChrome
CWE ID-CWE-20
Improper Input Validation
CVE-2021-36014
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-3.3||LOW
EPSS-1.86% / 76.72%
||
7 Day CHG~0.00%
Published-20 Aug, 2021 | 18:10
Updated-23 Apr, 2025 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Media Encoder MP4 File Parsing Uninitialized Variable Information Disclosure Vulnerability

Adobe Media Encoder version 15.2 (and earlier) is affected by an uninitialized pointer vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to read arbitrary file system information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Microsoft Corporation
Product-windowsmedia_encoderMedia Encoder
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-824
Access of Uninitialized Pointer
CVE-2021-34322
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-5.5||MEDIUM
EPSS-1.15% / 63.11%
||
7 Day CHG~0.00%
Published-13 Jul, 2021 | 11:03
Updated-04 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The JPEG2K_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing J2K files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13416)

Action-Not Available
Vendor-Siemens AG
Product-jt2goteamcenter_visualizationJT2GoTeamcenter Visualization
CWE ID-CWE-126
Buffer Over-read
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-20
Improper Input Validation
CVE-2021-31412
Matching Score-4
Assigner-Vaadin Ltd.
ShareView Details
Matching Score-4
Assigner-Vaadin Ltd.
CVSS Score-5.3||MEDIUM
EPSS-1.32% / 67.30%
||
7 Day CHG~0.00%
Published-24 Jun, 2021 | 11:33
Updated-16 Sep, 2024 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Possible route enumeration in production mode via RouteNotFoundError view in Vaadin 10, 11-14, and 15-19

Improper sanitization of path in default RouteNotFoundError view in com.vaadin:flow-server versions 1.0.0 through 1.0.14 (Vaadin 10.0.0 through 10.0.18), 1.1.0 prior to 2.0.0 (Vaadin 11 prior to 14), 2.0.0 through 2.6.1 (Vaadin 14.0.0 through 14.6.1), and 3.0.0 through 6.0.9 (Vaadin 15.0.0 through 19.0.8) allows network attacker to enumerate all available routes via crafted HTTP request when application is running in production mode and no custom handler for NotFoundException is provided.

Action-Not Available
Vendor-vaadinVaadin
Product-flowvaadinflow-serverVaadin
CWE ID-CWE-1295
Debug Messages Revealing Unnecessary Information
CWE ID-CWE-20
Improper Input Validation
CVE-2003-1350
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-2.08% / 79.24%
||
7 Day CHG~0.00%
Published-14 Oct, 2007 | 19:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

List Site Pro 2.0 allows remote attackers to hijack user accounts by inserting a "|" (pipe), which is used as a field delimiter, into the bannerurl field.

Action-Not Available
Vendor-list_site_pron/a
Product-list_site_pron/a
CWE ID-CWE-20
Improper Input Validation
CVE-2012-4072
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.61% / 44.79%
||
7 Day CHG~0.00%
Published-20 Sep, 2013 | 16:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The KVM subsystem in Cisco Unified Computing System (UCS) relies on a hardcoded X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers, and read keyboard and mouse events, by leveraging knowledge of this certificate's private key, aka Bug ID CSCte90327.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-unified_computing_systemn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-4446
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-3.3||LOW
EPSS-0.61% / 44.97%
||
7 Day CHG~0.00%
Published-03 Apr, 2019 | 17:43
Updated-05 Aug, 2024 | 05:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed with improved entitlements. This issue affected versions prior to iOS 12.1.1.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osiOS
CWE ID-CWE-20
Improper Input Validation
CVE-2012-1103
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-2.32% / 81.36%
||
7 Day CHG~0.00%
Published-25 Sep, 2012 | 23:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

emacs/notmuch-mua.el in Notmuch before 0.11.1, when using the Emacs interface, allows user-assisted remote attackers to read arbitrary files via crafted MML tags, which are not properly quoted in an email reply cna cause the files to be attached to the message.

Action-Not Available
Vendor-notmuchmailn/aGNU
Product-emacsnotmuchn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-4346
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.81% / 52.43%
||
7 Day CHG~0.00%
Published-03 Apr, 2019 | 17:43
Updated-05 Aug, 2024 | 05:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A validation issue existed which allowed local file access. This was addressed with input sanitization. This issue affected versions prior to macOS Mojave 10.14.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xmacOS
CWE ID-CWE-20
Improper Input Validation
CVE-2018-4307
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-4.3||MEDIUM
EPSS-1.07% / 60.69%
||
7 Day CHG~0.00%
Published-03 Apr, 2019 | 17:43
Updated-05 Aug, 2024 | 05:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A logic issue was addressed with improved state management. This issue affected versions prior to iOS 12, Safari 12.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_ossafariiOS, Safari
CWE ID-CWE-20
Improper Input Validation
CVE-2018-4418
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.85% / 53.57%
||
7 Day CHG~0.00%
Published-03 Apr, 2019 | 17:43
Updated-05 Aug, 2024 | 05:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A validation issue was addressed with improved input sanitization. This issue affected versions prior to macOS Mojave 10.14.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xmacOS
CWE ID-CWE-20
Improper Input Validation
CVE-2013-1881
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-3.20% / 86.56%
||
7 Day CHG~0.00%
Published-10 Oct, 2013 | 00:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GNOME libsvg before 2.39.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Action-Not Available
Vendor-n/aThe GNOME Project
Product-librsvgn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-4399
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.93% / 56.18%
||
7 Day CHG~0.00%
Published-03 Apr, 2019 | 17:43
Updated-05 Aug, 2024 | 05:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An access issue existed with privileged API calls. This issue was addressed with additional restrictions. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xiphone_oswatchostvosiOS, macOS, tvOS, watchOS
CWE ID-CWE-20
Improper Input Validation
CVE-2021-22924
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-3.7||LOW
EPSS-6.27% / 92.72%
||
7 Day CHG~0.00%
Published-05 Aug, 2021 | 20:16
Updated-09 Jun, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths *case insensitively*,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn't include the 'issuer cert' which a transfer can setto qualify how to verify the server certificate.

Action-Not Available
Vendor-n/aOracle CorporationNetApp, Inc.Fedora ProjectSplunk LLC (Cisco Systems, Inc.)CURLSiemens AGDebian GNU/Linux
Product-scalance_m804pbsimatic_cp_1545-1_firmwarescalance_m826-2simatic_rtu_3041cscalance_m804pb_firmwarescalance_mum856-1_firmwarescalance_m812-1fedoralibcurlsolidfire_\&_hci_management_nodescalance_m874-2simatic_cp_1543-1_firmwaresiplus_net_cp_1543-1_firmwaredebian_linuxcloud_backupsinec_infrastructure_network_servicessimatic_rtu_3041c_firmwarescalance_m876-3simatic_rtu3031c_firmwaresimatic_rtu3031cruggedcomrm_1224_ltescalance_m876-4_firmwarescalance_m876-4scalance_s615simatic_rtu3030cscalance_mum856-1simatic_rtu3010clogo\!_cmr2020logo\!_cmr2040scalance_m826-2_firmwareuniversal_forwarderruggedcomrm_1224_lte_firmwarelogo\!_cmr2020_firmwarescalance_m816-1scalance_m816-1_firmwaremysql_serversinema_remote_connect_serverclustered_data_ontaplogo\!_cmr2040_firmwarescalance_m874-3_firmwaresimatic_cp_1545-1solidfire_baseboard_management_controller_firmwarescalance_s615_firmwarepeoplesoft_enterprise_peopletoolssinema_remote_connectsimatic_cp_1543-1scalance_m874-2_firmwarescalance_m874-3scalance_m812-1_firmwaresimatic_rtu3010c_firmwarescalance_m876-3_firmwaresiplus_net_cp_1543-1simatic_rtu3030c_firmwarehttps://github.com/curl/curl
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-706
Use of Incorrectly-Resolved Name or Reference
CVE-2015-1126
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-4.3||MEDIUM
EPSS-9.96% / 95.02%
||
7 Day CHG~0.00%
Published-10 Apr, 2015 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit, as used in Apple iOS before 8.3 and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, does not properly handle the userinfo field in FTP URLs, which allows remote attackers to trigger incorrect resource access via unspecified vectors.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_ossafarin/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-21060
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-4.6||MEDIUM
EPSS-1.57% / 72.27%
||
7 Day CHG~0.00%
Published-11 Feb, 2021 | 19:42
Updated-23 Apr, 2025 | 19:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Acrobat Pro DC Improper File Parsing Could Lead to Information Disclosure

Adobe Acrobat Pro DC versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an improper input validation vulnerability. An unauthenticated attacker could leverage this vulnerability to disclose sensitive information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Reader
CWE ID-CWE-20
Improper Input Validation
CVE-2021-21221
Matching Score-4
Assigner-Chrome
ShareView Details
Matching Score-4
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-1.57% / 72.35%
||
7 Day CHG~0.00%
Published-26 Apr, 2021 | 16:26
Updated-03 Aug, 2024 | 18:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient validation of untrusted input in Mojo in Google Chrome prior to 90.0.4430.72 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page.

Action-Not Available
Vendor-Fedora ProjectGoogle LLCDebian GNU/Linux
Product-chromedebian_linuxfedoraChrome
CWE ID-CWE-20
Improper Input Validation
CVE-2021-21126
Matching Score-4
Assigner-Chrome
ShareView Details
Matching Score-4
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-8.73% / 94.50%
||
7 Day CHG~0.00%
Published-09 Feb, 2021 | 13:56
Updated-03 Aug, 2024 | 18:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient policy enforcement in extensions in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass site isolation via a crafted Chrome Extension.

Action-Not Available
Vendor-Google LLCMicrosoft Corporation
Product-chromeedge_chromiumChrome
CWE ID-CWE-20
Improper Input Validation
CVE-2011-2382
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-19.30% / 97.00%
||
7 Day CHG~0.00%
Published-03 Jun, 2011 | 17:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 8 and earlier, and Internet Explorer 9 beta, does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing a file: URL, as demonstrated by a Facebook game, related to a "cookiejacking" issue.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorerien/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-1962
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-4.3||MEDIUM
EPSS-13.28% / 95.92%
||
7 Day CHG~0.00%
Published-10 Aug, 2011 | 21:16
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 6 through 9 does not properly handle unspecified character sequences, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site that triggers "inactive filtering," aka "Shift JIS Character Encoding Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorerwindows_7windows_server_2008windows_vistawindows_xpwindows_server_2003n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-2383
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-20.85% / 97.24%
||
7 Day CHG~0.00%
Published-03 Jun, 2011 | 17:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 9 and earlier does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing an http: URL that redirects to a file: URL, as demonstrated by a Facebook game, related to a "cookiejacking" issue, aka "Drag and Drop Information Disclosure Vulnerability." NOTE: this vulnerability exists because of an incomplete fix in the Internet Explorer 9 release.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorerien/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-25031
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-42.33% / 98.53%
||
7 Day CHG~0.00%
Published-11 Mar, 2022 | 06:47
Updated-05 Aug, 2024 | 12:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Swagger UI 4.1.2 and earlier could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions. Note: This was originally claimed to be resolved in 4.1.3. However, third parties have indicated this is not resolved in 4.1.3 and even occurs in that version and possibly others.

Action-Not Available
Vendor-smartbearn/asmartbear
Product-swagger_uin/aswagger_ui
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2014-6230
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-2.44% / 82.31%
||
7 Day CHG~0.00%
Published-25 Oct, 2014 | 00:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WP-Ban plugin before 1.6.4 for WordPress, when running in certain configurations, allows remote attackers to bypass the IP blacklist via a crafted X-Forwarded-For header.

Action-Not Available
Vendor-wp-ban_projectn/a
Product-wp-bann/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-4766
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-1.09% / 61.35%
||
7 Day CHG~0.00%
Published-18 Mar, 2011 | 16:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The AgentTicketForward feature in Open Ticket Request System (OTRS) before 2.4.7 does not properly remove inline images from HTML e-mail messages, which allows remote attackers to obtain potentially sensitive image information in opportunistic circumstances by reading a forwarded message in a standard e-mail client.

Action-Not Available
Vendor-n/aOTRS AG
Product-otrsn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-2195
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-4.3||MEDIUM
EPSS-1.25% / 65.67%
||
7 Day CHG~0.00%
Published-20 May, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco AsyncOS on Email Security Appliance (ESA) and Content Security Management Appliance (SMA) devices, when Active Directory is enabled, does not properly handle group names, which allows remote attackers to gain role privileges by leveraging group-name similarity, aka Bug ID CSCum86085.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-asyncoscontent_security_management_applianceemail_security_appliance_firmwaren/a
CWE ID-CWE-20
Improper Input Validation
CVE-2020-9977
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.91% / 55.75%
||
7 Day CHG~0.00%
Published-08 Dec, 2020 | 19:28
Updated-04 Aug, 2024 | 10:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.0 and iPadOS 14.0. A malicious application may be able to determine a user's open tabs in Safari.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osmac_os_xipadosmacOSiOS and iPadOS
CWE ID-CWE-20
Improper Input Validation
CVE-2020-6399
Matching Score-4
Assigner-Chrome
ShareView Details
Matching Score-4
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-1.99% / 78.21%
||
7 Day CHG~0.00%
Published-11 Feb, 2020 | 14:42
Updated-04 Aug, 2024 | 09:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient policy enforcement in AppCache in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Action-Not Available
Vendor-openSUSEGoogle LLC
Product-chromebackports_sleChrome
CWE ID-CWE-20
Improper Input Validation
CVE-2020-28591
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-8.6||HIGH
EPSS-1.90% / 77.12%
||
7 Day CHG~0.00%
Published-03 Mar, 2021 | 17:50
Updated-04 Aug, 2024 | 16:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read vulnerability exists in the AMF File AMFParserContext::endElement() functionality of Slic3r libslic3r 1.3.0 and Master Commit 92abbc42. A specially crafted AMF file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability.

Action-Not Available
Vendor-slic3rn/aFedora Project
Product-fedoralibslic3rSlic3r
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-24427
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-3.3||LOW
EPSS-2.42% / 82.14%
||
7 Day CHG~0.00%
Published-05 Nov, 2020 | 19:31
Updated-16 Sep, 2024 | 22:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Acrobat Reader DC Codec Input Validation Vulnerability Could Lead to Information Disclosure

Acrobat Reader versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by an input validation vulnerability when decoding a crafted codec that could result in the disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Reader
CWE ID-CWE-20
Improper Input Validation
CVE-2013-3159
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-4.3||MEDIUM
EPSS-17.38% / 96.74%
||
7 Day CHG~0.00%
Published-11 Sep, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Excel 2003 SP3, 2007 SP3, and 2010 SP1 and SP2; Excel Viewer; and Microsoft Office Compatibility Pack SP3 allow remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka "XML External Entities Resolution Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-exceln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-1671
Matching Score-4
Assigner-Mozilla Corporation
ShareView Details
Matching Score-4
Assigner-Mozilla Corporation
CVSS Score-4.3||MEDIUM
EPSS-1.04% / 59.81%
||
7 Day CHG~0.00%
Published-16 May, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox before 21.0 does not properly implement the INPUT element, which allows remote attackers to obtain the full pathname via a crafted web site.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2020-15977
Matching Score-4
Assigner-Chrome
ShareView Details
Matching Score-4
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-1.47% / 70.55%
||
7 Day CHG~0.00%
Published-03 Nov, 2020 | 02:21
Updated-04 Aug, 2024 | 13:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient data validation in dialogs in Google Chrome on OS X prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from disk via a crafted HTML page.

Action-Not Available
Vendor-Google LLCopenSUSEApple Inc.Fedora ProjectDebian GNU/Linux
Product-debian_linuxchromefedoramac_os_xbackports_sleChrome
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found