Total
29188 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2002-0839 | 2 Apache, Debian | 2 Http Server, Debian Linux | 2024-02-28 | 7.2 HIGH | N/A |
The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard. | |||||
CVE-2003-0789 | 1 Apache | 1 Http Server | 2024-02-28 | 10.0 HIGH | N/A |
mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client. | |||||
CVE-2002-0392 | 2 Apache, Debian | 2 Http Server, Debian Linux | 2024-02-28 | 7.5 HIGH | N/A |
Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size. | |||||
CVE-2001-1319 | 1 Microsoft | 1 Exchange Server | 2024-02-28 | 5.0 MEDIUM | N/A |
Microsoft Exchange 5.5 2000 allows remote attackers to cause a denial of service (hang) via exceptional BER encodings for the LDAP filter type field, as demonstrated by the PROTOS LDAPv3 test suite. | |||||
CVE-1999-0070 | 1 Apache | 1 Http Server | 2024-02-28 | 5.0 MEDIUM | N/A |
test-cgi program allows an attacker to list files on the server. | |||||
CVE-2002-1716 | 1 Microsoft | 1 Office | 2024-02-28 | 5.0 MEDIUM | N/A |
The Host() function in the Microsoft spreadsheet component on Microsoft Office XP allows remote attackers to create arbitrary files using the SaveAs capability. | |||||
CVE-1999-0524 | 11 Apple, Cisco, Hp and 8 more | 14 Mac Os X, Macos, Ios and 11 more | 2024-02-28 | 2.1 LOW | N/A |
ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts. | |||||
CVE-2023-6837 | 1 Wso2 | 3 Api Manager, Identity Server, Identity Server As Key Manager | 2024-01-05 | N/A | 8.2 HIGH |
Multiple WSO2 products have been identified as vulnerable to perform user impersonatoin using JIT provisioning. In order for this vulnerability to have any impact on your deployment, following conditions must be met: * An IDP configured for federated authentication and JIT provisioning enabled with the "Prompt for username, password and consent" option. * A service provider that uses the above IDP for federated authentication and has the "Assert identity using mapped local subject identifier" flag enabled. Attacker should have: * A fresh valid user account in the federated IDP that has not been used earlier. * Knowledge of the username of a valid user in the local IDP. When all preconditions are met, a malicious actor could use JIT provisioning flow to perform user impersonation. |