Home - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Search

Main entries ~3682 :

Date	Id	Summary	Products	Score	Patch	Annotated
2014-03-01	CVE-2014-1912	Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string.	Mac_os_x, Python	N/A
2014-04-07	CVE-2014-0160	Heartbleed - The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.	Symantec_messaging_gateway, Ubuntu_linux, Debian_linux, Fedora, Filezilla_server, V100_firmware, V60_firmware, Micollab, Mivoice, Openssl, Opensuse, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Gluster_storage, Storage, Virtualization, S9922l_firmware, Application_processing_engine_firmware, Cp_1543\-1_firmware, Elan\-8\.2, Simatic_s7\-1500_firmware, Simatic_s7\-1500t_firmware, Wincc_open_architecture, Splunk	7.5
2021-09-08	CVE-2021-40346	An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add_header that can be exploited to perform an HTTP request smuggling attack, allowing an attacker to bypass all configured http-request HAProxy ACLs and possibly other ACLs.	Haproxy, Haproxy_docker_image	7.5
2016-06-08	CVE-2016-5108	Buffer overflow in the DecodeAdpcmImaQT function in modules/codec/adpcm.c in VideoLAN VLC media player before 2.2.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted QuickTime IMA file.	Debian_linux, Vlc_media_player	9.8
2017-06-01	CVE-2017-8386	git-shell did not correctly validate the given project path, allowing an argument injection which leads to arbitrary file reads and in some configurations command execution.	Ubuntu_linux, Debian_linux, Fedora, Git\-Shell, Leap	8.8
2018-04-06	CVE-2018-1000156	GNU patch is processd by ed. This allows arbitrary command executions through a line beginning with !	Ubuntu_linux, Debian_linux, Patch, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation	7.8
2018-06-08	CVE-2018-4222	There is an out-of-bounds read when compiling WebAssembly source buffers in WebKit. If the buffer is a view, the offset is added to the buffer twice before this is copied. This could allow memory off the heap to be read out of the source buffer, either though parsing exceptions or data sections when they are copied	Icloud, Iphone_os, Itunes, Safari, Tvos, Watchos, Ubuntu_linux	8.8

Remaining NVD entries (unprocessed / no code available): ~295129 :

Date	Id	Summary	Products	Score	Patch
2020-03-30	CVE-2020-5527	When MELSOFT transmission port (UDP/IP) of Mitsubishi Electric MELSEC iQ-R series (all versions), MELSEC iQ-F series (all versions), MELSEC Q series (all versions), MELSEC L series (all versions), and MELSEC F series (all versions) receives massive amount of data via unspecified vectors, resource consumption occurs and the port does not process the data properly. As a result, it may fall into a denial-of-service (DoS) condition. The vendor states this vulnerability only affects Ethernet...	Cr800\-Q_firmware, Fx3g_firmware, Fx3gc_firmware, Fx3s_firmware, Fx3u_firmware, Fx3uc_firmware, Fx5u_firmware, Fx5uc_firmware, Fx5uj_firmware, L02cpu\-P_firmware, L02cpu_firmware, L02scpu\-P_firmware, L02scpu_firmware, L06cpu\-P_firmware, L06cpu_firmware, L26cpu\-Bt_firmware, L26cpu\-P_firmware, L26cpu\-Pbt_firmware, L26cpu_firmware, Q02phcpu_firmware, Q06phcpu_firmware, Q12dccpu\-V_firmware, Q12phcpu_firmware, Q12prhcpu_firmware, Q172dscpu_firmware, Q173dscpu_firmware, Q173nccpu_firmware, Q24dhccpu\-Ls_firmware, Q24dhccpu\-V_firmware, Q24dhccpu\-Vg2_firmware, Q25phcpu_firmware, Q25prhcpu_firmware, Q26dhccpu\-Ls_firmware, R00cpu_firmware, R01cpu_firmware, R02cpu_firmware, R04cpu_firmware, R04encpu_firmware, R08cpu_firmware, R08encpu_firmware, R120cpu_firmware, R120encpu_firmware, R16cpu_firmware, R16encpu_firmware, R32cpu_firmware, R32encpu_firmware	7.5
2020-03-30	CVE-2020-5551	Toyota 2017 Model Year DCU (Display Control Unit) allows an unauthenticated attacker within Bluetooth range to cause a denial of service attack and/or execute an arbitrary command. The affected DCUs are installed in Lexus (LC, LS, NX, RC, RC F), TOYOTA CAMRY, and TOYOTA SIENNA manufactured in the regions other than Japan from Oct. 2016 to Oct. 2019. An attacker with certain knowledge on the target vehicle control system may be able to send some diagnostic commands to ECUs with some limited...	Display_control_unit	8.8
2020-03-27	CVE-2020-10940	Local Privilege Escalation can occur in PHOENIX CONTACT PORTICO SERVER through 3.0.7 when installed to run as a service.	Portico_server_16_client, Portico_server_1_client, Portico_server_4_client	N/A
2020-03-27	CVE-2020-6095	An exploitable denial of service vulnerability exists in the GstRTSPAuth functionality of GStreamer/gst-rtsp-server 1.14.5. A specially crafted RTSP setup request can cause a null pointer deference resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability.	Gst\-Rtsp\-Server, Backports_sle, Leap	7.5
2020-03-27	CVE-2020-10939	Insecure, default path permissions in PHOENIX CONTACT PC WORX SRT through 1.14 allow for local privilege escalation.	Pc_worx_srt	7.8
2020-03-27	CVE-2020-10955	GitLab EE/CE 11.1 through 12.9 is vulnerable to parameter tampering on an upload feature that allows an unauthorized user to read content available under specific folders.	Debian_linux, Gitlab	6.5
2020-03-27	CVE-2020-10952	GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push docker images.	Gitlab	6.5