Show filters
12 Total Results
Displaying 1-10 of 12
Sort by:
Attacker Value
Unknown

CVE-2019-14823

Disclosure Date: October 14, 2019 (last updated November 27, 2024)
A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS' CryptoManager versions after 4.4.6, 4.5.3, 4.6.0, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be vulnerable to attacks such as Man in the Middle.
Attacker Value
Unknown

CVE-2017-5645

Disclosure Date: April 17, 2017 (last updated November 08, 2023)
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.
Attacker Value
Unknown

CVE-2014-3580

Disclosure Date: December 18, 2014 (last updated October 05, 2023)
The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a REPORT request for a resource that does not exist.
0
Attacker Value
Unknown

CVE-2014-3528

Disclosure Date: August 19, 2014 (last updated October 05, 2023)
Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers to obtain the credentials via a crafted authentication realm.
0
Attacker Value
Unknown

CVE-2013-1620

Disclosure Date: February 08, 2013 (last updated October 05, 2023)
The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.
0
Attacker Value
Unknown

CVE-2011-3193

Disclosure Date: June 16, 2012 (last updated October 04, 2023)
Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.
0
Attacker Value
Unknown

CVE-2012-2313

Disclosure Date: June 13, 2012 (last updated October 04, 2023)
The rio_ioctl function in drivers/net/ethernet/dlink/dl2k.c in the Linux kernel before 3.3.7 does not restrict access to the SIOCSMIIREG command, which allows local users to write data to an Ethernet adapter via an ioctl call.
0
Attacker Value
Unknown

CVE-2012-1823

Disclosure Date: May 11, 2012 (last updated July 17, 2024)
sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.
Attacker Value
Unknown

CVE-2007-6206

Disclosure Date: December 04, 2007 (last updated October 04, 2023)
The do_coredump function in fs/exec.c in Linux kernel 2.4.x and 2.6.x up to 2.6.24-rc3, and possibly other versions, does not change the UID of a core dump file if it exists before a root process creates a core dump in the same location, which might allow local users to obtain sensitive information.
0
Attacker Value
Unknown

CVE-2006-5752

Disclosure Date: June 27, 2007 (last updated October 04, 2023)
Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
0