Note:
This project will be discontinued after December 13, 2021. [more]
Main entries ~3682 :
Remaining NVD entries (unprocessed / no code available): ~297333 :
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2014-03-01 | CVE-2014-1912 | Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string. | Mac_os_x, Python | N/A | ||
| 2014-04-07 | CVE-2014-0160 | Heartbleed - The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug. | Symantec_messaging_gateway, Ubuntu_linux, Debian_linux, Fedora, Filezilla_server, V100_firmware, V60_firmware, Micollab, Mivoice, Openssl, Opensuse, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Gluster_storage, Storage, Virtualization, S9922l_firmware, Application_processing_engine_firmware, Cp_1543\-1_firmware, Elan\-8\.2, Simatic_s7\-1500_firmware, Simatic_s7\-1500t_firmware, Wincc_open_architecture, Splunk | 7.5 | ||
| 2021-09-08 | CVE-2021-40346 | An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add_header that can be exploited to perform an HTTP request smuggling attack, allowing an attacker to bypass all configured http-request HAProxy ACLs and possibly other ACLs. | Haproxy, Haproxy_docker_image | 7.5 | ||
| 2016-06-08 | CVE-2016-5108 | Buffer overflow in the DecodeAdpcmImaQT function in modules/codec/adpcm.c in VideoLAN VLC media player before 2.2.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted QuickTime IMA file. | Debian_linux, Vlc_media_player | 9.8 | ||
| 2017-06-01 | CVE-2017-8386 | git-shell did not correctly validate the given project path, allowing an argument injection which leads to arbitrary file reads and in some configurations command execution. | Ubuntu_linux, Debian_linux, Fedora, Git\-Shell, Leap | 8.8 | ||
| 2018-04-06 | CVE-2018-1000156 | GNU patch is processd by ed. This allows arbitrary command executions through a line beginning with ! | Ubuntu_linux, Debian_linux, Patch, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation | 7.8 | ||
| 2018-06-08 | CVE-2018-4222 | There is an out-of-bounds read when compiling WebAssembly source buffers in WebKit. If the buffer is a view, the offset is added to the buffer twice before this is copied. This could allow memory off the heap to be read out of the source buffer, either though parsing exceptions or data sections when they are copied | Icloud, Iphone_os, Itunes, Safari, Tvos, Watchos, Ubuntu_linux | 8.8 |
| Date | Id | Summary | Products | Score | Patch |
|---|---|---|---|---|---|
| 2023-09-06 | CVE-2020-10130 | SearchBlox before Version 9.1 is vulnerable to business logic bypass where the user is able to create multiple super admin users in the system. | Searchblox | 8.8 | |
| 2023-09-06 | CVE-2020-10131 | SearchBlox before Version 9.2.1 is vulnerable to CSV macro injection in "Featured Results" parameter. | Searchblox | 9.8 | |
| 2023-09-06 | CVE-2020-10132 | SearchBlox before Version 9.1 is vulnerable to cross-origin resource sharing misconfiguration. | Searchblox | 6.1 | |
| 2023-09-06 | CVE-2023-20269 | A vulnerability in the remote access VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct a brute force attack in an attempt to identify valid username and password combinations or an authenticated, remote attacker to establish a clientless SSL VPN session with an unauthorized user. This vulnerability is due to improper separation of authentication, authorization, and... | Adaptive_security_appliance_software, Firepower_threat_defense | 9.1 | |
| 2023-09-06 | CVE-2023-39511 | Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability which allows an authenticated user to poison data stored in the _cacti_'s database. These data will be viewed by administrative _cacti_ accounts and execute JavaScript code in the victim's browser at view-time. The script under `reports_admin.php` displays reporting information about graphs, devices, data sources etc. _CENSUS_ found... | Cacti, Fedora | 4.8 | |
| 2023-09-06 | CVE-2023-0925 | Version 10.11 of webMethods OneData runs an embedded instance of Azul Zulu Java 11.0.15 which hosts a Java RMI registry (listening on TCP port 2099 by default) and two RMI interfaces (listening on a single, dynamically assigned TCP high port). Port 2099 serves as a Java Remote Method Invocation (RMI) registry which allows for remotely loading and processing data via RMI interfaces. An unauthenticated attacker with network connectivity to the RMI registry and RMI interface ports can abuse... | Webmethods | 9.8 | |
| 2023-09-06 | CVE-2023-20238 | A vulnerability in the single sign-on (SSO) implementation of Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform could allow an unauthenticated, remote attacker to forge the credentials required to access an affected system. This vulnerability is due to the method used to validate SSO tokens. An attacker could exploit this vulnerability by authenticating to the application with forged credentials. A successful exploit could allow the attacker to... | Broadworks_application_delivery_platform, Broadworks_xtended_services_platform | 9.8 |