Show filters
11 Total Results
Displaying 1-10 of 11
Sort by:
Attacker Value
Very High

CVE-2021-3156 "Baron Samedit"

Disclosure Date: January 26, 2021 (last updated February 22, 2025)
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
Attacker Value
High

CVE-2021-40438

Disclosure Date: September 16, 2021 (last updated February 23, 2025)
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.
Attacker Value
Unknown

CVE-2021-34798

Disclosure Date: September 16, 2021 (last updated February 23, 2025)
Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.
Attacker Value
Unknown

CVE-2023-27538

Disclosure Date: March 30, 2023 (last updated February 24, 2025)
An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.
Attacker Value
Unknown

CVE-2023-27537

Disclosure Date: March 30, 2023 (last updated February 24, 2025)
A double free vulnerability exists in libcurl <8.0.0 when sharing HSTS data between separate "handles". This sharing was introduced without considerations for do this sharing across separate threads but there was no indication of this fact in the documentation. Due to missing mutexes or thread locks, two threads sharing the same HSTS data could end up doing a double-free or use-after-free.
Attacker Value
Unknown

CVE-2021-27005

Disclosure Date: November 01, 2021 (last updated November 28, 2024)
Clustered Data ONTAP versions 9.6 and higher prior to 9.6P16, 9.7P16, 9.8P7 and 9.9.1P3 are susceptible to a vulnerability which could allow a remote attacker to cause a crash of the httpd server.
Attacker Value
Unknown

CVE-2021-27004

Disclosure Date: November 01, 2021 (last updated November 28, 2024)
System Manager 9.x versions 9.7 and higher prior to 9.7P16, 9.8P7 and 9.9.1P2 are susceptible to a vulnerability which could allow a local attacker to discover plaintext iSCSI CHAP credentials.
Attacker Value
Unknown

CVE-2021-36160

Disclosure Date: September 16, 2021 (last updated February 23, 2025)
A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive).
Attacker Value
Unknown

CVE-2019-10246

Disclosure Date: April 22, 2019 (last updated November 08, 2023)
In Eclipse Jetty version 9.2.27, 9.3.26, and 9.4.16, the server running on Windows is vulnerable to exposure of the fully qualified Base Resource directory name on Windows to a remote client when it is configured for showing a Listing of directory contents. This information reveal is restricted to only the content in the configured base resource directories.
Attacker Value
Unknown

CVE-2019-10247

Disclosure Date: April 22, 2019 (last updated November 08, 2023)
In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 404 error for not finding a Context that matches the requested path. The default server behavior on jetty-distribution and jetty-home will include at the end of the Handler tree a DefaultHandler, which is responsible for reporting this 404 error, it presents the various configured contexts as HTML for users to click through to. This produced HTML includes output that contains the configured fully qualified directory base resource location for each context.