Note:
This project will be discontinued after December 13, 2021. [more]
Main entries ~3682 :
Remaining NVD entries (unprocessed / no code available): ~296747 :
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2014-03-01 | CVE-2014-1912 | Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string. | Mac_os_x, Python | N/A | ||
| 2014-04-07 | CVE-2014-0160 | Heartbleed - The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug. | Symantec_messaging_gateway, Ubuntu_linux, Debian_linux, Fedora, Filezilla_server, V100_firmware, V60_firmware, Micollab, Mivoice, Openssl, Opensuse, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Gluster_storage, Storage, Virtualization, S9922l_firmware, Application_processing_engine_firmware, Cp_1543\-1_firmware, Elan\-8\.2, Simatic_s7\-1500_firmware, Simatic_s7\-1500t_firmware, Wincc_open_architecture, Splunk | 7.5 | ||
| 2021-09-08 | CVE-2021-40346 | An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add_header that can be exploited to perform an HTTP request smuggling attack, allowing an attacker to bypass all configured http-request HAProxy ACLs and possibly other ACLs. | Haproxy, Haproxy_docker_image | 7.5 | ||
| 2016-06-08 | CVE-2016-5108 | Buffer overflow in the DecodeAdpcmImaQT function in modules/codec/adpcm.c in VideoLAN VLC media player before 2.2.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted QuickTime IMA file. | Debian_linux, Vlc_media_player | 9.8 | ||
| 2017-06-01 | CVE-2017-8386 | git-shell did not correctly validate the given project path, allowing an argument injection which leads to arbitrary file reads and in some configurations command execution. | Ubuntu_linux, Debian_linux, Fedora, Git\-Shell, Leap | 8.8 | ||
| 2018-04-06 | CVE-2018-1000156 | GNU patch is processd by ed. This allows arbitrary command executions through a line beginning with ! | Ubuntu_linux, Debian_linux, Patch, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation | 7.8 | ||
| 2018-06-08 | CVE-2018-4222 | There is an out-of-bounds read when compiling WebAssembly source buffers in WebKit. If the buffer is a view, the offset is added to the buffer twice before this is copied. This could allow memory off the heap to be read out of the source buffer, either though parsing exceptions or data sections when they are copied | Icloud, Iphone_os, Itunes, Safari, Tvos, Watchos, Ubuntu_linux | 8.8 |
| Date | Id | Summary | Products | Score | Patch |
|---|---|---|---|---|---|
| 2021-10-25 | CVE-2021-41178 | Nextcloud is an open-source, self-hosted productivity platform. Prior to versions 20.0.13, 21.0.5, and 22.2.0, a file traversal vulnerability makes an attacker able to download arbitrary SVG images from the host system, including user provided files. This could also be leveraged into a XSS/phishing attack, an attacker could upload a malicious SVG file that mimics the Nextcloud login form and send a specially crafted link to victims. The XSS risk here is mitigated due to the fact that... | Server | 6.5 | |
| 2021-10-25 | CVE-2021-41179 | Nextcloud is an open-source, self-hosted productivity platform. Prior to Nextcloud Server versions 20.0.13, 21.0.5, and 22.2.0, the Two-Factor Authentication wasn't enforced for pages marked as public. Any page marked as `@PublicPage` could thus be accessed with a valid user session that isn't authenticated. This particularly affects the Nextcloud Talk application, as this could be leveraged to gain access to any private chat channel without going through the Two-Factor flow. It is... | Server | N/A | |
| 2021-10-25 | CVE-2021-39220 | Nextcloud is an open-source, self-hosted productivity platform The Nextcloud Mail application prior to versions 1.10.4 and 1.11.0 does by default not render images in emails to not leak the read state or user IP. The privacy filter failed to filter images with a relative protocol. It is recommended that the Nextcloud Mail application is upgraded to 1.10.4 or 1.11.0. There are no known workarounds aside from upgrading. | N/A | ||
| 2021-10-25 | CVE-2021-39221 | Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud Contacts application prior to version 4.0.3 was vulnerable to a stored Cross-Site Scripting (XSS) vulnerability. For exploitation, a user would need to right-click on a malicious file and open the file in a new tab. Due the strict Content-Security-Policy shipped with Nextcloud, this issue is not exploitable on modern browsers supporting Content-Security-Policy. It is recommended that the Nextcloud Contacts... | Contacts | 5.4 | |
| 2021-10-25 | CVE-2021-34854 | This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3 (49160). An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper validation of user-supplied data, which can result in an uncontrolled memory allocation. An attacker can leverage this... | Parallels_desktop | 7.8 | |
| 2021-10-25 | CVE-2021-34855 | This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 16.1.3 (49160). An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities... | Parallels_desktop | 6.5 | |
| 2021-10-25 | CVE-2021-34856 | This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3 (49160). An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the virtio-gpu virtual device. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this... | Parallels_desktop | 8.8 |