Show filters
434 Total Results
Displaying 11-20 of 434
Sort by:
Attacker Value
Unknown

CVE-2019-10092

Disclosure Date: September 26, 2019 (last updated November 08, 2023)
In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed.
Attacker Value
Unknown

CVE-2017-12617

Disclosure Date: October 04, 2017 (last updated July 17, 2024)
When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
Attacker Value
Unknown

CVE-2023-6816

Disclosure Date: January 18, 2024 (last updated April 25, 2024)
A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255, but the X.Org Server was only allocating space for the device's particular number of buttons, leading to a heap overflow if a bigger value was used.
Attacker Value
Unknown

CVE-2022-27239

Disclosure Date: April 27, 2022 (last updated October 07, 2023)
In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.
Attacker Value
Unknown

CVE-2020-25719

Disclosure Date: February 18, 2022 (last updated October 07, 2023)
A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total domain compromise.
Attacker Value
Unknown

CVE-2020-25717

Disclosure Date: February 18, 2022 (last updated October 07, 2023)
A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation.
Attacker Value
Unknown

CVE-2016-2124

Disclosure Date: February 18, 2022 (last updated October 07, 2023)
A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required.
Attacker Value
Unknown

CVE-2021-33037

Disclosure Date: July 12, 2021 (last updated February 23, 2025)
Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the transfer encoding header if the client declared it would only accept an HTTP/1.0 response; - Tomcat honoured the identify encoding; and - Tomcat did not ensure that, if present, the chunked encoding was the final encoding.
Attacker Value
Unknown

CVE-2020-6427

Disclosure Date: March 23, 2020 (last updated February 21, 2025)
Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Attacker Value
Unknown

CVE-2020-6424

Disclosure Date: March 23, 2020 (last updated February 21, 2025)
Use after free in media in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.