CVE-2016-5672

HIGH Year: 2016
CVSS v3 Score
8.1
High
CVSS v2 Score
5.8
Medium
Weakness Type
CWE-20
View all →

Vulnerability Description

Intel Crosswalk before 19.49.514.5, 20.x before 20.50.533.11, 21.x before 21.51.546.0, and 22.x before 22.51.549.0 interprets a user's acceptance of one invalid X.509 certificate to mean that all invalid X.509 certificates should be accepted without prompting, which makes it easier for man-in-the-middle attackers to spoof SSL servers and obtain sensitive information via a crafted certificate.

Related Vulnerabilities

CVE-2007-5928

HIGH
CVSS:8.1(High)

OpenBase 10.0.5 and earlier allows remote authenticated users to trigger a free of an arbitrary memory location via long strings in a SELECT statement. NOTE: this might be a buffer overflow, but it is...

CWE-202007

CVE-2012-2248

HIGH
CVSS:8.1(High)

An issue was discovered in dhclient 4.3.1-6 due to an embedded path variable.

CWE-202012

CVE-2013-4751

HIGH
CVSS:8.1(High)

php-symfony2-Validator has loss of information during serialization

CWE-202013

CVE-2014-2271

HIGH
CVSS:8.1(High)

cn.wps.moffice.common.beans.print.CloudPrintWebView in Kingsoft Office 5.3.1, as used in Huawei P2 devices before V100R001C00B043, falls back to HTTP when the HTTPS connection to the registry fails, w...

CWE-202014

CVE-2014-5282

HIGH
CVSS:8.1(High)

Docker before 1.3 does not properly validate image IDs, which allows remote attackers to redirect to another image through the loading of untrusted images via 'docker load'.

CWE-202014