Main entries ~3682 :
Date Id Summary Products Score Patch Annotated
2014-03-01 CVE-2014-1912 Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string. Mac_os_x, Python N/A
2014-04-07 CVE-2014-0160 Heartbleed - The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug. Symantec_messaging_gateway, Ubuntu_linux, Debian_linux, Fedora, Filezilla_server, V100_firmware, V60_firmware, Micollab, Mivoice, Openssl, Opensuse, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Gluster_storage, Storage, Virtualization, S9922l_firmware, Application_processing_engine_firmware, Cp_1543\-1_firmware, Elan\-8\.2, Simatic_s7\-1500_firmware, Simatic_s7\-1500t_firmware, Wincc_open_architecture, Splunk 7.5
2021-09-08 CVE-2021-40346 An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add_header that can be exploited to perform an HTTP request smuggling attack, allowing an attacker to bypass all configured http-request HAProxy ACLs and possibly other ACLs. Haproxy, Haproxy_docker_image 7.5
2016-06-08 CVE-2016-5108 Buffer overflow in the DecodeAdpcmImaQT function in modules/codec/adpcm.c in VideoLAN VLC media player before 2.2.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted QuickTime IMA file. Debian_linux, Vlc_media_player 9.8
2017-06-01 CVE-2017-8386 git-shell did not correctly validate the given project path, allowing an argument injection which leads to arbitrary file reads and in some configurations command execution. Ubuntu_linux, Debian_linux, Fedora, Git\-Shell, Leap 8.8
2018-04-06 CVE-2018-1000156 GNU patch is processd by ed. This allows arbitrary command executions through a line beginning with ! Ubuntu_linux, Debian_linux, Patch, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation 7.8
2018-06-08 CVE-2018-4222 There is an out-of-bounds read when compiling WebAssembly source buffers in WebKit. If the buffer is a view, the offset is added to the buffer twice before this is copied. This could allow memory off the heap to be read out of the source buffer, either though parsing exceptions or data sections when they are copied Icloud, Iphone_os, Itunes, Safari, Tvos, Watchos, Ubuntu_linux 8.8
Remaining NVD entries (unprocessed / no code available): ~296747 :
Date Id Summary Products Score Patch
2024-06-24 CVE-2024-6104 go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7. Retryablehttp 5.5
2024-06-24 CVE-2024-6285 Integer Underflow (Wrap or Wraparound) vulnerability in Renesas arm-trusted-firmware. An integer underflow in image range check calculations could lead to bypassing address restrictions and loading of images to unallowed addresses. Rcar_gen3 6.7
2024-06-24 CVE-2024-6287 Incorrect Calculation vulnerability in Renesas arm-trusted-firmware allows Local Execution of Code. When checking whether a new image invades/overlaps with a previously loaded image the code neglects to consider a few cases. that could An attacker to bypass memory range restriction and overwrite an already loaded image partly or completely, which could result in code execution and bypass of secure boot. Rcar_gen3 7.8
2024-06-24 CVE-2024-33687 Insufficient verification of data authenticity issue exists in NJ Series CPU Unit all versions and NX Series CPU Unit all versions. If a user program in the affected product is altered, the product may not be able to detect the alteration. Nj101\-1000_firmware, Nj101\-1020_firmware, Nj101\-9000_firmware, Nj101\-9020_firmware, Nj301\-1100_firmware, Nj301\-1200_firmware, Nj501\-1300_firmware, Nj501\-1320_firmware, Nj501\-1340_firmware, Nj501\-1400_firmware, Nj501\-140_firmware, Nj501\-1420_firmware, Nj501\-1500_firmware, Nj501\-1520_firmware, Nj501\-4300_firmware, Nj501\-4310_firmware, Nj501\-4320_firmware, Nj501\-4400_firmware, Nj501\-4500_firmware, Nj501\-5300\-1_firmware, Nj501\-5300_firmware, Nj501\-R300_firmware, Nj501\-R320_firmware, Nj501\-R400_firmware, Nj501\-R420_firmware, Nj501\-R500_firmware, Nj501\-R520_firmware, Nj\-Pa3001_firmware, Nj\-Pd3001_firmware, Nx102\-1000_firmware, Nx102\-1020_firmware, Nx102\-1100_firmware, Nx102\-1120_firmware, Nx102\-1200_firmware, Nx102\-1220_firmware, Nx102\-9000_firmware, Nx102\-9020_firmware, Nx1p2\-1040dt1_firmware, Nx1p2\-1040dt_firmware, Nx1p2\-1140dt1_firmware, Nx1p2\-1140dt_firmware, Nx1p2\-9024dt1_firmware, Nx1p2\-9024dt_firmware, Nx1w\-Adb21_firmware, Nx1w\-Cif01_firmware, Nx1w\-Cif11_firmware, Nx1w\-Cif12_firmware, Nx1w\-Dab21v_firmware, Nx1w\-Mab221_firmware, Nx701\-1600_firmware, Nx701\-1620_firmware, Nx701\-1700_firmware, Nx701\-1720_firmware, Nx701\-Z600_firmware, Nx701\-Z700_firmware 7.5
2024-06-24 CVE-2024-38664 In the Linux kernel, the following vulnerability has been resolved: drm: zynqmp_dpsub: Always register bridge We must always register the DRM bridge, since zynqmp_dp_hpd_work_func calls drm_bridge_hpd_notify, which in turn expects hpd_mutex to be initialized. We do this before zynqmp_dpsub_drm_init since that calls drm_bridge_attach. This fixes the following lockdep warning: [ 19.217084] ------------[ cut here ]------------ [ 19.227530] DEBUG_LOCKS_WARN_ON(lock->magic != lock) [ ... Linux_kernel 7.8
2024-06-24 CVE-2024-38667 In the Linux kernel, the following vulnerability has been resolved: riscv: prevent pt_regs corruption for secondary idle threads Top of the kernel thread stack should be reserved for pt_regs. However this is not the case for the idle threads of the secondary boot harts. Their stacks overlap with their pt_regs, so both may get corrupted. Similar issue has been fixed for the primary hart, see c7cdd96eca28 ("riscv: prevent stack corruption by reserving task_pt_regs(p) early"). However that... Linux_kernel 7.8
2024-06-24 CVE-2024-39291 In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix buffer size in gfx_v9_4_3_init_ cp_compute_microcode() and rlc_microcode() The function gfx_v9_4_3_init_microcode in gfx_v9_4_3.c was generating about potential truncation of output when using the snprintf function. The issue was due to the size of the buffer 'ucode_prefix' being too small to accommodate the maximum possible length of the string being written into it. The string being written is... Linux_kernel 7.8