Note:
This project will be discontinued after December 13, 2021. [more]
Main entries ~3682 :
Remaining NVD entries (unprocessed / no code available): ~297333 :
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2014-03-01 | CVE-2014-1912 | Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string. | Mac_os_x, Python | N/A | ||
| 2014-04-07 | CVE-2014-0160 | Heartbleed - The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug. | Symantec_messaging_gateway, Ubuntu_linux, Debian_linux, Fedora, Filezilla_server, V100_firmware, V60_firmware, Micollab, Mivoice, Openssl, Opensuse, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Gluster_storage, Storage, Virtualization, S9922l_firmware, Application_processing_engine_firmware, Cp_1543\-1_firmware, Elan\-8\.2, Simatic_s7\-1500_firmware, Simatic_s7\-1500t_firmware, Wincc_open_architecture, Splunk | 7.5 | ||
| 2021-09-08 | CVE-2021-40346 | An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add_header that can be exploited to perform an HTTP request smuggling attack, allowing an attacker to bypass all configured http-request HAProxy ACLs and possibly other ACLs. | Haproxy, Haproxy_docker_image | 7.5 | ||
| 2016-06-08 | CVE-2016-5108 | Buffer overflow in the DecodeAdpcmImaQT function in modules/codec/adpcm.c in VideoLAN VLC media player before 2.2.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted QuickTime IMA file. | Debian_linux, Vlc_media_player | 9.8 | ||
| 2017-06-01 | CVE-2017-8386 | git-shell did not correctly validate the given project path, allowing an argument injection which leads to arbitrary file reads and in some configurations command execution. | Ubuntu_linux, Debian_linux, Fedora, Git\-Shell, Leap | 8.8 | ||
| 2018-04-06 | CVE-2018-1000156 | GNU patch is processd by ed. This allows arbitrary command executions through a line beginning with ! | Ubuntu_linux, Debian_linux, Patch, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation | 7.8 | ||
| 2018-06-08 | CVE-2018-4222 | There is an out-of-bounds read when compiling WebAssembly source buffers in WebKit. If the buffer is a view, the offset is added to the buffer twice before this is copied. This could allow memory off the heap to be read out of the source buffer, either though parsing exceptions or data sections when they are copied | Icloud, Iphone_os, Itunes, Safari, Tvos, Watchos, Ubuntu_linux | 8.8 |
| Date | Id | Summary | Products | Score | Patch |
|---|---|---|---|---|---|
| 2021-04-28 | CVE-2021-31865 | Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows users to circumvent the allowed filename extensions of uploaded attachments. | Debian_linux, Redmine | 5.3 | |
| 2021-04-28 | CVE-2021-31866 | Redmine before 4.0.9 and 4.1.x before 4.1.3 allows an attacker to learn the values of internal authentication keys by observing timing differences in string comparison operations within SysController and MailHandlerController. | Debian_linux, Redmine | 5.3 | |
| 2021-04-28 | CVE-2021-31856 | A SQL Injection vulnerability in the REST API in Layer5 Meshery 0.5.2 allows an attacker to execute arbitrary SQL commands via the /experimental/patternfiles endpoint (order parameter in GetMesheryPatterns in models/meshery_pattern_persister.go). | Meshery | 9.8 | |
| 2021-04-28 | CVE-2020-36326 | PHPMailer 6.1.8 through 6.4.0 allows object injection through Phar Deserialization via addAttachment with a UNC pathname. NOTE: this is similar to CVE-2018-19296, but arose because 6.1.8 fixed a functionality problem in which UNC pathnames were always considered unreadable by PHPMailer, even in safe contexts. As an unintended side effect, this fix eliminated the code that blocked addAttachment exploitation. | Phpmailer, Wordpress | 9.8 | |
| 2021-04-28 | CVE-2021-31815 | GAEN (aka Google/Apple Exposure Notifications) through 2021-04-27 on Android allows attackers to obtain sensitive information, such as a user's location history, in-person social graph, and (sometimes) COVID-19 infection status, because Rolling Proximity Identifiers and MAC addresses are written to the Android system log, and many Android devices have applications (preinstalled by the hardware manufacturer or network operator) that read system log data and send it to third parties. NOTE: a... | Google\/apple_exposure_notifications | 3.3 | |
| 2021-04-28 | CVE-2021-20716 | Hidden functionality in multiple Buffalo network devices (BHR-4RV firmware Ver.2.55 and prior, FS-G54 firmware Ver.2.04 and prior, WBR2-B11 firmware Ver.2.32 and prior, WBR2-G54 firmware Ver.2.32 and prior, WBR2-G54-KD firmware Ver.2.32 and prior, WBR-B11 firmware Ver.2.23 and prior, WBR-G54 firmware Ver.2.23 and prior, WBR-G54L firmware Ver.2.20 and prior, WHR2-A54G54 firmware Ver.2.25 and prior, WHR2-G54 firmware Ver.2.23 and prior, WHR2-G54V firmware Ver.2.55 and prior, WHR3-AG54 firmware... | Bhr\-4rv_firmware, Fs\-G54_firmware, Wbr2\-B11_firmware, Wbr2\-G54\-Kd_firmware, Wbr2\-G54_firmware, Wbr\-B11_firmware, Wbr\-G54_firmware, Wbr\-G54l_firmware, Whr2\-A54g54_firmware, Whr2\-G54_firmware, Whr2\-G54v_firmware, Whr3\-Ag54_firmware, Whr\-G54\-Nf_firmware, Whr\-G54_firmware, Wla2\-G54_firmware, Wla2\-G54c_firmware, Wla\-B11_firmware, Wla\-G54_firmware, Wla\-G54c_firmware, Wlah\-A54g54_firmware, Wlah\-Am54g54_firmware, Wlah\-G54_firmware, Wli2\-Tx1\-Ag54_firmware, Wli2\-Tx1\-Amg54_firmware, Wli2\-Tx1\-G54_firmware, Wli3\-Tx1\-Amg54_firmware, Wli3\-Tx1\-G54_firmware, Wli\-T1\-B11_firmware, Wli\-Tx1\-G54_firmware, Wvr\-G54\-Nf_firmware, Wzr\-G108_firmware, Wzr\-G54_firmware, Wzr\-Hp\-G54_firmware, Wzr\-Rs\-G54_firmware, Wzr\-Rs\-G54hp_firmware | 9.8 | |
| 2021-04-28 | CVE-2021-3511 | Disclosure of sensitive information to an unauthorized user vulnerability in Buffalo broadband routers (BHR-4GRV firmware Ver.1.99 and prior, DWR-HP-G300NH firmware Ver.1.83 and prior, HW-450HP-ZWE firmware Ver.1.99 and prior, WHR-300HP firmware Ver.1.99 and prior, WHR-300 firmware Ver.1.99 and prior, WHR-G301N firmware Ver.1.86 and prior, WHR-HP-G300N firmware Ver.1.99 and prior, WHR-HP-GN firmware Ver.1.86 and prior, WPL-05G300 firmware Ver.1.87 and prior, WZR-450HP-CWT firmware Ver.1.99... | Bhr\-4grv_firmware, Dwr\-Hp\-G300nh_firmware, Fs\-600dhp_firmware, Fs\-G300n_firmware, Fs\-Hp\-G300n_firmware, Fs\-R600dhp_firmware, Hw\-450hp\-Zwe_firmware, Whr\-300_firmware, Whr\-300hp_firmware, Whr\-G301n_firmware, Whr\-Hp\-G300n_firmware, Whr\-Hp\-Gn_firmware, Wpl\-05g300_firmware, Wzr\-300hp_firmware, Wzr\-450hp\-Cwt_firmware, Wzr\-450hp\-Ub_firmware, Wzr\-450hp_firmware, Wzr\-600dhp_firmware, Wzr\-D1100h_firmware, Wzr\-Hp\-Ag300h_firmware, Wzr\-Hp\-G300nh_firmware, Wzr\-Hp\-G301nh_firmware, Wzr\-Hp\-G302h_firmware, Wzr\-Hp\-G450h_firmware | 4.3 |