Vulnerabilities (CVE)

Filtered by NVD-CWE-noinfo
Total 29188 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2002-0839 2 Apache, Debian 2 Http Server, Debian Linux 2024-02-28 7.2 HIGH N/A
The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.
CVE-2003-0789 1 Apache 1 Http Server 2024-02-28 10.0 HIGH N/A
mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.
CVE-2002-0392 2 Apache, Debian 2 Http Server, Debian Linux 2024-02-28 7.5 HIGH N/A
Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.
CVE-2001-1319 1 Microsoft 1 Exchange Server 2024-02-28 5.0 MEDIUM N/A
Microsoft Exchange 5.5 2000 allows remote attackers to cause a denial of service (hang) via exceptional BER encodings for the LDAP filter type field, as demonstrated by the PROTOS LDAPv3 test suite.
CVE-1999-0070 1 Apache 1 Http Server 2024-02-28 5.0 MEDIUM N/A
test-cgi program allows an attacker to list files on the server.
CVE-2002-1716 1 Microsoft 1 Office 2024-02-28 5.0 MEDIUM N/A
The Host() function in the Microsoft spreadsheet component on Microsoft Office XP allows remote attackers to create arbitrary files using the SaveAs capability.
CVE-1999-0524 11 Apple, Cisco, Hp and 8 more 14 Mac Os X, Macos, Ios and 11 more 2024-02-28 2.1 LOW N/A
ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts.
CVE-2023-6837 1 Wso2 3 Api Manager, Identity Server, Identity Server As Key Manager 2024-01-05 N/A 8.2 HIGH
Multiple WSO2 products have been identified as vulnerable to perform user impersonatoin using JIT provisioning. In order for this vulnerability to have any impact on your deployment, following conditions must be met: * An IDP configured for federated authentication and JIT provisioning enabled with the "Prompt for username, password and consent" option. * A service provider that uses the above IDP for federated authentication and has the "Assert identity using mapped local subject identifier" flag enabled. Attacker should have: * A fresh valid user account in the federated IDP that has not been used earlier. * Knowledge of the username of a valid user in the local IDP. When all preconditions are met, a malicious actor could use JIT provisioning flow to perform user impersonation.