Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2015-1852

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-17 Apr, 2015 | 17:00
Updated At-06 Aug, 2024 | 04:54
Rejected At-
Credits

The s3_token middleware in OpenStack keystonemiddleware before 1.6.0 and python-keystoneclient before 1.4.0 disables certification verification when the "insecure" option is set in a paste configuration (paste.ini) file regardless of the value, which allows remote attackers to conduct man-in-the-middle attacks via a crafted certificate, a different vulnerability than CVE-2014-7144.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:17 Apr, 2015 | 17:00
Updated At:06 Aug, 2024 | 04:54
Rejected At:
▼CVE Numbering Authority (CNA)

The s3_token middleware in OpenStack keystonemiddleware before 1.6.0 and python-keystoneclient before 1.4.0 disables certification verification when the "insecure" option is set in a paste configuration (paste.ini) file regardless of the value, which allows remote attackers to conduct man-in-the-middle attacks via a crafted certificate, a different vulnerability than CVE-2014-7144.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.ubuntu.com/usn/USN-2705-1
vendor-advisory
x_refsource_UBUNTU
http://lists.openstack.org/pipermail/openstack-announce/2015-April/000350.html
mailing-list
x_refsource_MLIST
https://bugs.launchpad.net/keystonemiddleware/+bug/1411063
x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2015-1685.html
vendor-advisory
x_refsource_REDHAT
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
x_refsource_CONFIRM
http://www.securityfocus.com/bid/74187
vdb-entry
x_refsource_BID
http://rhn.redhat.com/errata/RHSA-2015-1677.html
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.ubuntu.com/usn/USN-2705-1
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://lists.openstack.org/pipermail/openstack-announce/2015-April/000350.html
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://bugs.launchpad.net/keystonemiddleware/+bug/1411063
Resource:
x_refsource_CONFIRM
Hyperlink: http://rhn.redhat.com/errata/RHSA-2015-1685.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securityfocus.com/bid/74187
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://rhn.redhat.com/errata/RHSA-2015-1677.html
Resource:
vendor-advisory
x_refsource_REDHAT
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.ubuntu.com/usn/USN-2705-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://lists.openstack.org/pipermail/openstack-announce/2015-April/000350.html
mailing-list
x_refsource_MLIST
x_transferred
https://bugs.launchpad.net/keystonemiddleware/+bug/1411063
x_refsource_CONFIRM
x_transferred
http://rhn.redhat.com/errata/RHSA-2015-1685.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
x_refsource_CONFIRM
x_transferred
http://www.securityfocus.com/bid/74187
vdb-entry
x_refsource_BID
x_transferred
http://rhn.redhat.com/errata/RHSA-2015-1677.html
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.ubuntu.com/usn/USN-2705-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://lists.openstack.org/pipermail/openstack-announce/2015-April/000350.html
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://bugs.launchpad.net/keystonemiddleware/+bug/1411063
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2015-1685.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securityfocus.com/bid/74187
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2015-1677.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:17 Apr, 2015 | 17:59
Updated At:06 May, 2026 | 22:30

The s3_token middleware in OpenStack keystonemiddleware before 1.6.0 and python-keystoneclient before 1.4.0 disables certification verification when the "insecure" option is set in a paste configuration (paste.ini) file regardless of the value, which allows remote attackers to conduct man-in-the-middle attacks via a crafted certificate, a different vulnerability than CVE-2014-7144.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Type: Primary
Version: 2.0
Base score: 4.3
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CPE Matches
OpenStack
openstack
>>keystonemiddleware>>Versions up to 1.5.0(inclusive)
cpe:2.3:a:openstack:keystonemiddleware:*:*:*:*:*:*:*:*
OpenStack
openstack
>>python-keystoneclient>>Versions up to 1.3.0(inclusive)
cpe:2.3:a:openstack:python-keystoneclient:*:*:*:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>14.04
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>15.04
cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-17Primarynvd@nist.gov
CWE ID: CWE-17
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://lists.openstack.org/pipermail/openstack-announce/2015-April/000350.htmlsecalert@redhat.com
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2015-1677.htmlsecalert@redhat.com
N/A
http://rhn.redhat.com/errata/RHSA-2015-1685.htmlsecalert@redhat.com
N/A
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.htmlsecalert@redhat.com
N/A
http://www.securityfocus.com/bid/74187secalert@redhat.com
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/USN-2705-1secalert@redhat.com
Third Party Advisory
https://bugs.launchpad.net/keystonemiddleware/+bug/1411063secalert@redhat.com
N/A
http://lists.openstack.org/pipermail/openstack-announce/2015-April/000350.htmlaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2015-1677.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://rhn.redhat.com/errata/RHSA-2015-1685.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/74187af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/USN-2705-1af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://bugs.launchpad.net/keystonemiddleware/+bug/1411063af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://lists.openstack.org/pipermail/openstack-announce/2015-April/000350.html
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://rhn.redhat.com/errata/RHSA-2015-1677.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2015-1685.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/74187
Source: secalert@redhat.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.ubuntu.com/usn/USN-2705-1
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: https://bugs.launchpad.net/keystonemiddleware/+bug/1411063
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.openstack.org/pipermail/openstack-announce/2015-April/000350.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://rhn.redhat.com/errata/RHSA-2015-1677.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2015-1685.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/74187
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.ubuntu.com/usn/USN-2705-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://bugs.launchpad.net/keystonemiddleware/+bug/1411063
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

164Records found
CVE-2020-12137
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-5.22% / 90.04%
||
7 Day CHG~0.00%
Published-24 Apr, 2020 | 12:37
Updated-04 Aug, 2024 | 11:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. This behavior may contribute to XSS attacks against list-archive visitors, because an HTTP reply from an archive web server may lack a MIME type, and a web browser may perform MIME sniffing, conclude that the MIME type should have been text/html, and execute JavaScript code.

Action-Not Available
Vendor-n/aGNUFedora ProjectopenSUSECanonical Ltd.Debian GNU/Linux
Product-ubuntu_linuxdebian_linuxfedoramailmanbackports_sleleapn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-12397
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.19% / 41.25%
||
7 Day CHG~0.00%
Published-22 May, 2020 | 18:57
Updated-04 Aug, 2024 | 11:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

By encoding Unicode whitespace characters within the From email header, an attacker can spoof the sender email address that Thunderbird displays. This vulnerability affects Thunderbird < 68.8.0.

Action-Not Available
Vendor-Mozilla CorporationCanonical Ltd.
Product-ubuntu_linuxthunderbirdThunderbird
CWE ID-CWE-346
Origin Validation Error
CVE-2012-4388
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-2.19% / 84.56%
||
7 Day CHG~0.00%
Published-07 Sep, 2012 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The sapi_header_op function in main/SAPI.c in PHP 5.4.0RC2 through 5.4.0 does not properly determine a pointer during checks for %0D sequences (aka carriage return characters), which allows remote attackers to bypass an HTTP response-splitting protection mechanism via a crafted URL, related to improper interaction between the PHP header function and certain browsers, as demonstrated by Internet Explorer and Google Chrome. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1398.

Action-Not Available
Vendor-n/aCanonical Ltd.The PHP GroupDebian GNU/Linux
Product-debian_linuxubuntu_linuxphpn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-9119
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.81% / 74.34%
||
7 Day CHG~0.00%
Published-30 Jan, 2017 | 22:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Action-Not Available
Vendor-moinmon/aCanonical Ltd.Debian GNU/Linux
Product-debian_linuxubuntu_linuxmoinmoinn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2016-3718
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-86.94% / 99.44%
||
7 Day CHG+8.11%
Published-05 May, 2016 | 18:00
Updated-22 Apr, 2026 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-05-03||Apply updates per vendor instructions.

The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image.

Action-Not Available
Vendor-n/aCanonical Ltd.ImageMagick Studio LLCopenSUSERed Hat, Inc.Oracle CorporationSUSE
Product-enterprise_linux_eusenterprise_linux_for_power_little_endianubuntu_linuximagemagicklinux_enterprise_desktopenterprise_linux_server_tusenterprise_linux_for_ibm_z_systemsenterprise_linux_desktopenterprise_linux_for_power_big_endian_eusenterprise_linux_server_from_rhuilinux_enterprise_debuginfoenterprise_linux_for_power_big_endianlinux_enterprise_serverenterprise_linux_server_ausenterprise_linux_server_supplementary_euslinux_enterprise_workstation_extensionlinux_enterprise_software_development_kitenterprise_linux_hpc_node_eusenterprise_linux_for_ibm_z_systems_eusenterprise_linux_serverenterprise_linux_workstationmanagermanager_proxyleapsolarislinuxenterprise_linux_hpc_nodeenterprise_linux_for_power_little_endian_eusopenstack_cloudopensusen/aImageMagick
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2016-2822
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.67% / 71.58%
||
7 Day CHG-0.03%
Published-13 Jun, 2016 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to spoof the address bar via a SELECT element with a persistent menu.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSEMozilla CorporationDebian GNU/Linux
Product-debian_linuxubuntu_linuxfirefoxleapopensusen/a
CWE ID-CWE-284
Improper Access Control
CVE-2016-2047
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-1.75% / 82.75%
||
7 Day CHG~0.00%
Published-27 Jan, 2016 | 20:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "/CN=" string in a field in a certificate, as demonstrated by "/OU=/CN=bar.com/CN=foo.com."

Action-Not Available
Vendor-n/aCanonical Ltd.MariaDB FoundationopenSUSEOracle CorporationRed Hat, Inc.Debian GNU/Linux
Product-debian_linuxubuntu_linuxmariadbmysqlleaplinuxenterprise_linuxn/a
CVE-2016-2115
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.9||MEDIUM
EPSS-22.74% / 95.93%
||
7 Day CHG~0.00%
Published-25 Apr, 2016 | 00:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not require SMB signing within a DCERPC session over ncacn_np, which allows man-in-the-middle attackers to spoof SMB clients by modifying the client-server data stream.

Action-Not Available
Vendor-n/aCanonical Ltd.Samba
Product-sambaubuntu_linuxn/a
CVE-2016-2825
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.68% / 71.83%
||
7 Day CHG+0.16%
Published-13 Jun, 2016 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox before 47.0 allows remote attackers to bypass the Same Origin Policy and modify the location.host property via an invalid data: URL.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSEMozilla Corporation
Product-leapfirefoxubuntu_linuxopensusen/a
CWE ID-CWE-284
Improper Access Control
CVE-2016-2110
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.9||MEDIUM
EPSS-17.75% / 95.19%
||
7 Day CHG~0.00%
Published-25 Apr, 2016 | 00:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The NTLMSSP authentication implementation in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 allows man-in-the-middle attackers to perform protocol-downgrade attacks by modifying the client-server data stream to remove application-layer flags or encryption settings, as demonstrated by clearing the NTLMSSP_NEGOTIATE_SEAL or NTLMSSP_NEGOTIATE_SIGN option to disrupt LDAP security.

Action-Not Available
Vendor-n/aCanonical Ltd.Samba
Product-sambaubuntu_linuxn/a
CVE-2016-2829
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.48% / 65.38%
||
7 Day CHG+0.11%
Published-13 Jun, 2016 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox before 47.0 allows remote attackers to spoof permission notifications via a crafted web site that rapidly triggers permission requests, as demonstrated by the microphone permission or the geolocation permission.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSEMozilla Corporation
Product-leapfirefoxubuntu_linuxopensusen/a
CWE ID-CWE-284
Improper Access Control
CVE-2016-1699
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.90% / 75.87%
||
7 Day CHG~0.00%
Published-05 Jun, 2016 | 23:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit/Source/devtools/front_end/devtools.js in the Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 51.0.2704.79, does not ensure that the remoteFrontendUrl parameter is associated with a chrome-devtools-frontend.appspot.com URL, which allows remote attackers to bypass intended access restrictions via a crafted URL.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSEGoogle LLCSUSERed Hat, Inc.Debian GNU/Linux
Product-debian_linuxubuntu_linuxenterprise_linux_serverenterprise_linux_workstationenterprise_linux_desktoplinux_enterpriseleapchromeopensusen/a
CWE ID-CWE-284
Improper Access Control
CVE-2015-5144
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-1.49% / 81.26%
||
7 Day CHG-0.74%
Published-14 Jul, 2015 | 17:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 uses an incorrect regular expression, which allows remote attackers to inject arbitrary headers and conduct HTTP response splitting attacks via a newline character in an (1) email message to the EmailValidator, a (2) URL to the URLValidator, or unspecified vectors to the (3) validate_ipv4_address or (4) validate_slug validator.

Action-Not Available
Vendor-n/aCanonical Ltd.DjangoOracle CorporationDebian GNU/Linux
Product-solarisdebian_linuxubuntu_linuxdjangon/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-5167
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.65% / 70.92%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 05:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The web console and JavaScript debugger do not sanitize all output that can be hyperlinked. Both will display "chrome:" links as active, clickable hyperlinks in their output. Web sites should not be able to directly link to internal chrome pages. Additionally, the JavaScript debugger will display "javascript:" links, which users could be tricked into clicking by malicious sites. This vulnerability affects Firefox < 60.

Action-Not Available
Vendor-Mozilla CorporationCanonical Ltd.
Product-firefoxubuntu_linuxFirefox
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found