Note:
This project will be discontinued after December 13, 2021. [more]
Main entries ~3682 :
Remaining NVD entries (unprocessed / no code available): ~297333 :
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2014-03-01 | CVE-2014-1912 | Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string. | Mac_os_x, Python | N/A | ||
| 2014-04-07 | CVE-2014-0160 | Heartbleed - The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug. | Symantec_messaging_gateway, Ubuntu_linux, Debian_linux, Fedora, Filezilla_server, V100_firmware, V60_firmware, Micollab, Mivoice, Openssl, Opensuse, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Gluster_storage, Storage, Virtualization, S9922l_firmware, Application_processing_engine_firmware, Cp_1543\-1_firmware, Elan\-8\.2, Simatic_s7\-1500_firmware, Simatic_s7\-1500t_firmware, Wincc_open_architecture, Splunk | 7.5 | ||
| 2021-09-08 | CVE-2021-40346 | An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add_header that can be exploited to perform an HTTP request smuggling attack, allowing an attacker to bypass all configured http-request HAProxy ACLs and possibly other ACLs. | Haproxy, Haproxy_docker_image | 7.5 | ||
| 2016-06-08 | CVE-2016-5108 | Buffer overflow in the DecodeAdpcmImaQT function in modules/codec/adpcm.c in VideoLAN VLC media player before 2.2.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted QuickTime IMA file. | Debian_linux, Vlc_media_player | 9.8 | ||
| 2017-06-01 | CVE-2017-8386 | git-shell did not correctly validate the given project path, allowing an argument injection which leads to arbitrary file reads and in some configurations command execution. | Ubuntu_linux, Debian_linux, Fedora, Git\-Shell, Leap | 8.8 | ||
| 2018-04-06 | CVE-2018-1000156 | GNU patch is processd by ed. This allows arbitrary command executions through a line beginning with ! | Ubuntu_linux, Debian_linux, Patch, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation | 7.8 | ||
| 2018-06-08 | CVE-2018-4222 | There is an out-of-bounds read when compiling WebAssembly source buffers in WebKit. If the buffer is a view, the offset is added to the buffer twice before this is copied. This could allow memory off the heap to be read out of the source buffer, either though parsing exceptions or data sections when they are copied | Icloud, Iphone_os, Itunes, Safari, Tvos, Watchos, Ubuntu_linux | 8.8 |
| Date | Id | Summary | Products | Score | Patch |
|---|---|---|---|---|---|
| 2020-01-28 | CVE-2020-8417 | The Code Snippets plugin before 2.14.0 for WordPress allows CSRF because of the lack of a Referer check on the import menu. | Code_snippets | 8.8 | |
| 2020-01-28 | CVE-2020-8420 | An issue was discovered in Joomla! before 3.9.15. A missing CSRF token check in the LESS compiler of com_templates causes a CSRF vulnerability. | Joomla\! | 8.8 | |
| 2020-01-28 | CVE-2020-8421 | An issue was discovered in Joomla! before 3.9.15. Inadequate escaping of usernames allows XSS attacks in com_actionlogs. | Joomla\! | 6.1 | |
| 2020-01-28 | CVE-2013-1601 | An Information Disclosure vulnerability exists due to a failure to restrict access on the lums.cgi script when processing a live video stream in D-LINK An Information Disclosure vulnerability exists due to a failure to restrict access on the lums.cgi script when processing a live video stream in D-LINK WCS-1100 1.02, TESCO DCS-2121 1.05_TESCO, TESCO DCS-2102 1.05_TESCO, DCS-7510 1.00, DCS-7410 1.00, DCS-6410 1.00, DCS-5635 1.01, DCS-5605 1.01, DCS-5230L 1.02, DCS-5230 1.02, DCS-3430 1.02,... | Dcs\-1100_firmware, Dcs\-1100l_firmware, Dcs\-1130_firmware, Dcs\-1130l_firmware, Dcs\-2102_firmware, Dcs\-2121_firmware, Dcs\-3410_firmware, Dcs\-3411_firmware, Dcs\-3430_firmware, Dcs\-5230_firmware, Dcs\-5230l_firmware, Dcs\-5605_firmware, Dcs\-5635_firmware, Dcs\-6410_firmware, Dcs\-7410_firmware, Dcs\-7510_firmware, Wcs\-1100_firmware | 5.3 | |
| 2020-01-28 | CVE-2013-1600 | An Authentication Bypass vulnerability exists in upnp/asf-mp4.asf when streaming live video in D-Link TESCO DCS-2121 1.05_TESCO, TESCO DCS-2102 1.05_TESCO, DCS-2121 1.06_FR, 1.06, and 1.05_RU, DCS-2102 1.06_FR. 1.06, and 1.05_RU, which could let a malicious user obtain sensitive information. | Dcs\-2102_firmware, Dcs\-2121_firmware | N/A | |
| 2020-01-28 | CVE-2013-3212 | vtiger CRM 5.4.0 and earlier contain local file-include vulnerabilities in 'customerportal.php' which allows remote attackers to view files and execute local script code. | Vtiger_crm | N/A | |
| 2020-01-28 | CVE-2013-3214 | vtiger CRM 5.4.0 and earlier contain a PHP Code Injection Vulnerability in 'vtigerolservice.php'. | Vtiger_crm | N/A |