Note:
This project will be discontinued after December 13, 2021. [more]
Main entries ~3682 :
Remaining NVD entries (unprocessed / no code available): ~296747 :
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2014-03-01 | CVE-2014-1912 | Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string. | Mac_os_x, Python | N/A | ||
| 2014-04-07 | CVE-2014-0160 | Heartbleed - The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug. | Symantec_messaging_gateway, Ubuntu_linux, Debian_linux, Fedora, Filezilla_server, V100_firmware, V60_firmware, Micollab, Mivoice, Openssl, Opensuse, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Gluster_storage, Storage, Virtualization, S9922l_firmware, Application_processing_engine_firmware, Cp_1543\-1_firmware, Elan\-8\.2, Simatic_s7\-1500_firmware, Simatic_s7\-1500t_firmware, Wincc_open_architecture, Splunk | 7.5 | ||
| 2021-09-08 | CVE-2021-40346 | An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add_header that can be exploited to perform an HTTP request smuggling attack, allowing an attacker to bypass all configured http-request HAProxy ACLs and possibly other ACLs. | Haproxy, Haproxy_docker_image | 7.5 | ||
| 2016-06-08 | CVE-2016-5108 | Buffer overflow in the DecodeAdpcmImaQT function in modules/codec/adpcm.c in VideoLAN VLC media player before 2.2.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted QuickTime IMA file. | Debian_linux, Vlc_media_player | 9.8 | ||
| 2017-06-01 | CVE-2017-8386 | git-shell did not correctly validate the given project path, allowing an argument injection which leads to arbitrary file reads and in some configurations command execution. | Ubuntu_linux, Debian_linux, Fedora, Git\-Shell, Leap | 8.8 | ||
| 2018-04-06 | CVE-2018-1000156 | GNU patch is processd by ed. This allows arbitrary command executions through a line beginning with ! | Ubuntu_linux, Debian_linux, Patch, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation | 7.8 | ||
| 2018-06-08 | CVE-2018-4222 | There is an out-of-bounds read when compiling WebAssembly source buffers in WebKit. If the buffer is a view, the offset is added to the buffer twice before this is copied. This could allow memory off the heap to be read out of the source buffer, either though parsing exceptions or data sections when they are copied | Icloud, Iphone_os, Itunes, Safari, Tvos, Watchos, Ubuntu_linux | 8.8 |
| Date | Id | Summary | Products | Score | Patch |
|---|---|---|---|---|---|
| 2021-05-13 | CVE-2021-20998 | In multiple managed switches by WAGO in different versions without authorization and with specially crafted packets it is possible to create users. | 0852\-0303_firmware, 0852\-1305\/000\-001_firmware, 0852\-1305_firmware, 0852\-1505\/000\-001_firmware, 0852\-1505_firmware | 9.8 | |
| 2021-05-13 | CVE-2021-20999 | In Weidmüller u-controls and IoT-Gateways in versions up to 1.12.1 a network port intended only for device-internal usage is accidentally accessible via external network interfaces. By exploiting this vulnerability the device may be manipulated or the operation may be stopped. | Iot\-Gw30\-4g\-Eu_firmware, Iot\-Gw30_firmware, Uc20\-Wl2000\-Ac_firmware, Uc20\-Wl2000\-Iot_firmware | 9.8 | |
| 2021-05-13 | CVE-2021-25693 | An attacker may cause a Denial of Service (DoS) in multiple versions of Teradici PCoIP Agent via a null pointer dereference. | Pcoip_agent | 7.5 | |
| 2021-05-13 | CVE-2020-12526 | TwinCAT OPC UA Server in versions up to 2.3.0.12 and IPC Diagnostics UA Server in versions up to 3.1.0.1 from Beckhoff Automation GmbH & Co. KG are vulnerable to denial of service attacks. The attacker needs to send several specifically crafted requests to the running OPC UA server. After some of these requests the OPC UA server is no longer responsive to any client. This is without effect to the real-time functionality of IPCs. | Ipc_diagnostics_ua_server, Tf6100, Twincat_opc_ua_server | 5.3 | |
| 2021-05-13 | CVE-2021-25694 | Teradici PCoIP Graphics Agent for Windows prior to 21.03 does not validate NVENC.dll. An attacker could replace the .dll and redirect pixels elsewhere. | Pcoip_graphics_agent | 7.8 | |
| 2021-05-13 | CVE-2020-12967 | The lack of nested page table protection in the AMD SEV/SEV-ES feature could potentially lead to arbitrary code execution within the guest VM if a malicious administrator has access to compromise the server hypervisor. | Epyc_7232p, Epyc_7251, Epyc_7252, Epyc_7261, Epyc_7262, Epyc_7272, Epyc_7281, Epyc_7282, Epyc_72f3, Epyc_7301, Epyc_7302, Epyc_7302p, Epyc_7313, Epyc_7313p, Epyc_7343, Epyc_7351, Epyc_7351p, Epyc_7352, Epyc_7371, Epyc_73f3, Epyc_7401, Epyc_7401p, Epyc_7402, Epyc_7402p, Epyc_7413, Epyc_7443, Epyc_7443p, Epyc_7451, Epyc_7452, Epyc_7453, Epyc_74f3, Epyc_7501, Epyc_7502, Epyc_7502p, Epyc_7513, Epyc_7532, Epyc_7542, Epyc_7543, Epyc_7543p, Epyc_7551, Epyc_7551p, Epyc_7552, Epyc_75f3, Epyc_7601, Epyc_7642, Epyc_7643, Epyc_7662, Epyc_7663, Epyc_7702, Epyc_7702p, Epyc_7713, Epyc_7713p, Epyc_7742, Epyc_7763, Epyc_7f32, Epyc_7f52, Epyc_7f72, Epyc_7h12, Epyc_embedded_3101, Epyc_embedded_3151, Epyc_embedded_3201, Epyc_embedded_3251, Epyc_embedded_3255, Epyc_embedded_3351, Epyc_embedded_3451 | 7.2 | |
| 2021-05-13 | CVE-2021-26311 | In the AMD SEV/SEV-ES feature, memory can be rearranged in the guest address space that is not detected by the attestation mechanism which could be used by a malicious hypervisor to potentially lead to arbitrary code execution within the guest VM if a malicious administrator has access to compromise the server hypervisor. | Epyc_7232p, Epyc_7251, Epyc_7252, Epyc_7261, Epyc_7262, Epyc_7272, Epyc_7281, Epyc_7282, Epyc_72f3, Epyc_7301, Epyc_7302, Epyc_7302p, Epyc_7313, Epyc_7313p, Epyc_7343, Epyc_7351, Epyc_7351p, Epyc_7352, Epyc_7371, Epyc_73f3, Epyc_7401, Epyc_7401p, Epyc_7402, Epyc_7402p, Epyc_7413, Epyc_7443, Epyc_7443p, Epyc_7451, Epyc_7452, Epyc_7453, Epyc_74f3, Epyc_7501, Epyc_7502, Epyc_7502p, Epyc_7513, Epyc_7532, Epyc_7542, Epyc_7543, Epyc_7543p, Epyc_7551, Epyc_7551p, Epyc_7552, Epyc_75f3, Epyc_7601, Epyc_7642, Epyc_7643, Epyc_7662, Epyc_7663, Epyc_7702, Epyc_7702p, Epyc_7713, Epyc_7713p, Epyc_7742, Epyc_7763, Epyc_7f32, Epyc_7f52, Epyc_7f72, Epyc_7h12, Epyc_embedded_3101, Epyc_embedded_3151, Epyc_embedded_3201, Epyc_embedded_3251, Epyc_embedded_3255, Epyc_embedded_3351, Epyc_embedded_3451 | 7.2 |