Note:
This project will be discontinued after December 13, 2021. [more]
Main entries ~3682 :
Remaining NVD entries (unprocessed / no code available): ~297333 :
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2014-03-01 | CVE-2014-1912 | Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string. | Mac_os_x, Python | N/A | ||
| 2014-04-07 | CVE-2014-0160 | Heartbleed - The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug. | Symantec_messaging_gateway, Ubuntu_linux, Debian_linux, Fedora, Filezilla_server, V100_firmware, V60_firmware, Micollab, Mivoice, Openssl, Opensuse, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Gluster_storage, Storage, Virtualization, S9922l_firmware, Application_processing_engine_firmware, Cp_1543\-1_firmware, Elan\-8\.2, Simatic_s7\-1500_firmware, Simatic_s7\-1500t_firmware, Wincc_open_architecture, Splunk | 7.5 | ||
| 2021-09-08 | CVE-2021-40346 | An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add_header that can be exploited to perform an HTTP request smuggling attack, allowing an attacker to bypass all configured http-request HAProxy ACLs and possibly other ACLs. | Haproxy, Haproxy_docker_image | 7.5 | ||
| 2016-06-08 | CVE-2016-5108 | Buffer overflow in the DecodeAdpcmImaQT function in modules/codec/adpcm.c in VideoLAN VLC media player before 2.2.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted QuickTime IMA file. | Debian_linux, Vlc_media_player | 9.8 | ||
| 2017-06-01 | CVE-2017-8386 | git-shell did not correctly validate the given project path, allowing an argument injection which leads to arbitrary file reads and in some configurations command execution. | Ubuntu_linux, Debian_linux, Fedora, Git\-Shell, Leap | 8.8 | ||
| 2018-04-06 | CVE-2018-1000156 | GNU patch is processd by ed. This allows arbitrary command executions through a line beginning with ! | Ubuntu_linux, Debian_linux, Patch, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation | 7.8 | ||
| 2018-06-08 | CVE-2018-4222 | There is an out-of-bounds read when compiling WebAssembly source buffers in WebKit. If the buffer is a view, the offset is added to the buffer twice before this is copied. This could allow memory off the heap to be read out of the source buffer, either though parsing exceptions or data sections when they are copied | Icloud, Iphone_os, Itunes, Safari, Tvos, Watchos, Ubuntu_linux | 8.8 |
| Date | Id | Summary | Products | Score | Patch |
|---|---|---|---|---|---|
| 2021-04-28 | CVE-2020-36326 | PHPMailer 6.1.8 through 6.4.0 allows object injection through Phar Deserialization via addAttachment with a UNC pathname. NOTE: this is similar to CVE-2018-19296, but arose because 6.1.8 fixed a functionality problem in which UNC pathnames were always considered unreadable by PHPMailer, even in safe contexts. As an unintended side effect, this fix eliminated the code that blocked addAttachment exploitation. | Phpmailer, Wordpress | 9.8 | |
| 2021-04-28 | CVE-2021-31815 | GAEN (aka Google/Apple Exposure Notifications) through 2021-04-27 on Android allows attackers to obtain sensitive information, such as a user's location history, in-person social graph, and (sometimes) COVID-19 infection status, because Rolling Proximity Identifiers and MAC addresses are written to the Android system log, and many Android devices have applications (preinstalled by the hardware manufacturer or network operator) that read system log data and send it to third parties. NOTE: a... | Google\/apple_exposure_notifications | 3.3 | |
| 2021-04-28 | CVE-2021-20716 | Hidden functionality in multiple Buffalo network devices (BHR-4RV firmware Ver.2.55 and prior, FS-G54 firmware Ver.2.04 and prior, WBR2-B11 firmware Ver.2.32 and prior, WBR2-G54 firmware Ver.2.32 and prior, WBR2-G54-KD firmware Ver.2.32 and prior, WBR-B11 firmware Ver.2.23 and prior, WBR-G54 firmware Ver.2.23 and prior, WBR-G54L firmware Ver.2.20 and prior, WHR2-A54G54 firmware Ver.2.25 and prior, WHR2-G54 firmware Ver.2.23 and prior, WHR2-G54V firmware Ver.2.55 and prior, WHR3-AG54 firmware... | Bhr\-4rv_firmware, Fs\-G54_firmware, Wbr2\-B11_firmware, Wbr2\-G54\-Kd_firmware, Wbr2\-G54_firmware, Wbr\-B11_firmware, Wbr\-G54_firmware, Wbr\-G54l_firmware, Whr2\-A54g54_firmware, Whr2\-G54_firmware, Whr2\-G54v_firmware, Whr3\-Ag54_firmware, Whr\-G54\-Nf_firmware, Whr\-G54_firmware, Wla2\-G54_firmware, Wla2\-G54c_firmware, Wla\-B11_firmware, Wla\-G54_firmware, Wla\-G54c_firmware, Wlah\-A54g54_firmware, Wlah\-Am54g54_firmware, Wlah\-G54_firmware, Wli2\-Tx1\-Ag54_firmware, Wli2\-Tx1\-Amg54_firmware, Wli2\-Tx1\-G54_firmware, Wli3\-Tx1\-Amg54_firmware, Wli3\-Tx1\-G54_firmware, Wli\-T1\-B11_firmware, Wli\-Tx1\-G54_firmware, Wvr\-G54\-Nf_firmware, Wzr\-G108_firmware, Wzr\-G54_firmware, Wzr\-Hp\-G54_firmware, Wzr\-Rs\-G54_firmware, Wzr\-Rs\-G54hp_firmware | 9.8 | |
| 2021-04-28 | CVE-2021-3511 | Disclosure of sensitive information to an unauthorized user vulnerability in Buffalo broadband routers (BHR-4GRV firmware Ver.1.99 and prior, DWR-HP-G300NH firmware Ver.1.83 and prior, HW-450HP-ZWE firmware Ver.1.99 and prior, WHR-300HP firmware Ver.1.99 and prior, WHR-300 firmware Ver.1.99 and prior, WHR-G301N firmware Ver.1.86 and prior, WHR-HP-G300N firmware Ver.1.99 and prior, WHR-HP-GN firmware Ver.1.86 and prior, WPL-05G300 firmware Ver.1.87 and prior, WZR-450HP-CWT firmware Ver.1.99... | Bhr\-4grv_firmware, Dwr\-Hp\-G300nh_firmware, Fs\-600dhp_firmware, Fs\-G300n_firmware, Fs\-Hp\-G300n_firmware, Fs\-R600dhp_firmware, Hw\-450hp\-Zwe_firmware, Whr\-300_firmware, Whr\-300hp_firmware, Whr\-G301n_firmware, Whr\-Hp\-G300n_firmware, Whr\-Hp\-Gn_firmware, Wpl\-05g300_firmware, Wzr\-300hp_firmware, Wzr\-450hp\-Cwt_firmware, Wzr\-450hp\-Ub_firmware, Wzr\-450hp_firmware, Wzr\-600dhp_firmware, Wzr\-D1100h_firmware, Wzr\-Hp\-Ag300h_firmware, Wzr\-Hp\-G300nh_firmware, Wzr\-Hp\-G301nh_firmware, Wzr\-Hp\-G302h_firmware, Wzr\-Hp\-G450h_firmware | 4.3 | |
| 2021-04-28 | CVE-2021-3512 | Improper access control vulnerability in Buffalo broadband routers (BHR-4GRV firmware Ver.1.99 and prior, DWR-HP-G300NH firmware Ver.1.83 and prior, HW-450HP-ZWE firmware Ver.1.99 and prior, WHR-300HP firmware Ver.1.99 and prior, WHR-300 firmware Ver.1.99 and prior, WHR-G301N firmware Ver.1.86 and prior, WHR-HP-G300N firmware Ver.1.99 and prior, WHR-HP-GN firmware Ver.1.86 and prior, WPL-05G300 firmware Ver.1.87 and prior, WZR-450HP-CWT firmware Ver.1.99 and prior, WZR-450HP-UB firmware... | Bhr\-4grv_firmware, Dwr\-Hp\-G300nh_firmware, Fs\-600dhp_firmware, Fs\-G300n_firmware, Fs\-Hp\-G300n_firmware, Fs\-R600dhp_firmware, Hw\-450hp\-Zwe_firmware, Whr\-300_firmware, Whr\-300hp_firmware, Whr\-G301n_firmware, Whr\-Hp\-G300n_firmware, Whr\-Hp\-Gn_firmware, Wpl\-05g300_firmware, Wzr\-300hp_firmware, Wzr\-450hp\-Cwt_firmware, Wzr\-450hp\-Ub_firmware, Wzr\-450hp_firmware, Wzr\-600dhp_firmware, Wzr\-D1100h_firmware, Wzr\-Hp\-Ag300h_firmware, Wzr\-Hp\-G300nh_firmware, Wzr\-Hp\-G301nh_firmware, Wzr\-Hp\-G302h_firmware, Wzr\-Hp\-G450h_firmware | 8.8 | |
| 2021-04-27 | CVE-2021-29441 | Nacos is a platform designed for dynamic service discovery and configuration and service management. In Nacos before version 1.4.1, when configured to use authentication (-Dnacos.core.auth.enabled=true) Nacos uses the AuthFilter servlet filter to enforce authentication. This filter has a backdoor that enables Nacos servers to bypass this filter and therefore skip authentication checks. This mechanism relies on the user-agent HTTP header so it can be easily spoofed. This issue may allow any... | Nacos | 9.8 | |
| 2021-04-27 | CVE-2021-29442 | Nacos is a platform designed for dynamic service discovery and configuration and service management. In Nacos before version 1.4.1, the ConfigOpsController lets the user perform management operations like querying the database or even wiping it out. While the /data/remove endpoint is properly protected with the @Secured annotation, the /derby endpoint is not protected and can be openly accessed by unauthenticated users. These endpoints are only valid when using embedded storage (derby DB) so... | Nacos | 7.5 |