Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sam vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2015-7560
The SMB1 implementation in smbd in Samba 3.x and 4.x prior to 4.1.23, 4.2.x prior to 4.2.9, 4.3.x prior to 4.3.6, and 4.4.x prior to 4.4.0rc4 allows remote authenticated users to modify arbitrary ACLs by using a UNIX SMB1 call to create a symlink, and then using a non-UNIX SMB1 c...
Samba Samba 4.4.0
Samba Samba
Canonical Ubuntu Linux 15.10
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 12.04
Debian Debian Linux 8.0
Debian Debian Linux 7.0
6.1
CVSSv3
CVE-2017-5124
Incorrect application of sandboxing in Blink in Google Chrome before 62.0.3202.62 allowed a remote malicious user to inject arbitrary scripts or HTML (UXSS) via a crafted MHTML page.
Google Chrome
Debian Debian Linux 8.0
Debian Debian Linux 9.0
1 Github repository
6.1
CVSSv3
CVE-2014-0029
Multiple cross-site scripting (XSS) vulnerabilities in the SAM web application in Red Hat katello-headpin allow remote malicious users to inject arbitrary web script or HTML via unspecified parameters.
Redhat Subscription Asset Manager 1.0.0
5.9
CVSSv3
CVE-2016-0771
The internal DNS server in Samba 4.x prior to 4.1.23, 4.2.x prior to 4.2.9, 4.3.x prior to 4.3.6, and 4.4.x prior to 4.4.0rc4, when an AD DC is configured, allows remote authenticated users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information...
Samba Samba 4.3.4
Samba Samba 4.3.3
Samba Samba 4.2.6
Samba Samba 4.2.5
Samba Samba 4.2.0
Samba Samba 4.1.21
Samba Samba 4.1.20
Samba Samba 4.1.14
Samba Samba 4.1.13
Samba Samba 4.0.8
Samba Samba 4.0.7
Samba Samba 4.0.6
Samba Samba 4.0.21
Samba Samba 4.0.20
Samba Samba 4.0.14
Samba Samba 4.0.13
Samba Samba 4.4.0
Samba Samba 4.1.22
Samba Samba 4.3.2
Samba Samba 4.2.2
Samba Samba 4.2.1
Samba Samba 4.1.6
5.7
CVSSv3
CVE-2018-6171
Use after free in Bluetooth in Google Chrome before 68.0.3440.75 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension.
Google Chrome
5.4
CVSSv3
CVE-2022-41358
A stored cross-site scripting (XSS) vulnerability in Garage Management System v1.0 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the categoriesName parameter in createCategories.php.
Garage Management System Project Garage Management System 1.0
1 Github repository
4.3
CVSSv3
CVE-2018-6177
Information leak in media engine in Google Chrome before 68.0.3440.75 allowed a remote malicious user to leak cross-origin data via a crafted HTML page.
Google Chrome
3.7
CVSSv3
CVE-2010-1323
MIT Kerberos 5 (aka krb5) 1.3.x, 1.4.x, 1.5.x, 1.6.x, 1.7.x, and 1.8.x up to and including 1.8.3 does not properly determine the acceptability of checksums, which might allow remote malicious users to modify user-visible prompt text, modify a response to a Key Distribution Center...
Mit Kerberos 5 1.3.5
Mit Kerberos 5 1.3.6
Mit Kerberos 5 1.5
Mit Kerberos 5 1.5.1
Mit Kerberos 5 1.7.1
Mit Kerberos 5 1.8
Mit Kerberos 5 1.3.1
Mit Kerberos 5 1.3.2
Mit Kerberos 5 1.4.1
Mit Kerberos 5 1.4.2
Mit Kerberos 5 1.6
Mit Kerberos 5 1.6.1
Mit Kerberos 5 1.8.3
Mit Kerberos 5 1.3.3
Mit Kerberos 5 1.3.4
Mit Kerberos 5 1.4.3
Mit Kerberos 5 1.4.4
Mit Kerberos 5 1.6.2
Mit Kerberos 5 1.7
Mit Kerberos 5 1.3
Mit Kerberos 5 1.4
Mit Kerberos 5 1.5.2
NA
CVE-2024-4760
A voltage glitch during the startup of EEFC NVM controllers on Microchip SAM E70/S70/V70/V71 microcontrollers allows access to the memory bus via the debug interface even if the security bit is set.
NA
CVE_2022_21882
OSEP-Notes Initial Access HTA Fileless Initial Access Reverse Shell (AppLocker + CLM + Defender Bypass) Scenario: You can make a user execute your malicious HTA files, but AppLocker, CLM, and Defender block all payloads. To get a fileless reverse shell, one method that worked for...
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »