Max CVSS | 7.8 | Min CVSS | 4.3 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2010-5312 | 4.3 |
Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option.
|
21-06-2023 - 18:26 | 24-11-2014 - 16:59 | |
CVE-2015-0283 | 7.8 |
The slapi-nis plug-in before 0.54.2 does not properly reallocate memory when processing user accounts, which allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a request for a (1) group with a large number of
|
13-02-2023 - 00:46 | 30-03-2015 - 14:59 | |
CVE-2015-1827 | 5.0 |
The get_user_grouplist function in the extdom plug-in in FreeIPA before 4.1.4 does not properly reallocate memory when processing user accounts, which allows remote attackers to cause a denial of service (crash) via a group list request for a user th
|
12-02-2023 - 23:15 | 30-03-2015 - 14:59 | |
CVE-2016-2118 | 6.8 |
The MS-SAMR and MS-LSAD protocol implementations in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 mishandle DCERPC connections, which allows man-in-the-middle attackers to perform protocol-downgrade attacks and impersona
|
29-08-2022 - 20:20 | 12-04-2016 - 23:59 | |
CVE-2012-6662 | 4.3 |
Cross-site scripting (XSS) vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title attribute, which is not prope
|
14-07-2018 - 01:29 | 24-11-2014 - 16:59 | |
CVE-2016-2115 | 4.3 |
Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not require SMB signing within a DCERPC session over ncacn_np, which allows man-in-the-middle attackers to spoof SMB clients by modifying the client-server data stream.
|
31-12-2016 - 02:59 | 25-04-2016 - 00:59 | |
CVE-2016-2111 | 4.3 |
The NETLOGON service in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2, when a domain controller is configured, allows remote attackers to spoof the computer name of a secure channel's endpoint, and obtain sensitive sessi
|
31-12-2016 - 02:59 | 25-04-2016 - 00:59 | |
CVE-2016-2113 | 5.8 |
Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof LDAPS and HTTPS servers and obtain sensitive information via a crafted certific
|
31-12-2016 - 02:59 | 25-04-2016 - 00:59 | |
CVE-2016-2110 | 4.3 |
The NTLMSSP authentication implementation in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 allows man-in-the-middle attackers to perform protocol-downgrade attacks by modifying the client-server data stream to remove app
|
31-12-2016 - 02:59 | 25-04-2016 - 00:59 | |
CVE-2016-2112 | 4.3 |
The bundled LDAP client library in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "client ldap sasl wrapping" setting, which allows man-in-the-middle attackers to perform LDAP protocol-downgrade att
|
31-12-2016 - 02:59 | 25-04-2016 - 00:59 | |
CVE-2016-2114 | 4.3 |
The SMB1 protocol implementation in Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "server signing = mandatory" setting, which allows man-in-the-middle attackers to spoof SMB servers by modifying the client
|
31-12-2016 - 02:59 | 25-04-2016 - 00:59 | |
CVE-2015-5370 | 4.3 |
Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not properly implement the DCE-RPC layer, which allows remote attackers to perform protocol-downgrade attacks, cause a denial of service (application crash or CPU consum
|
03-12-2016 - 03:11 | 25-04-2016 - 00:59 |