Note:
This project will be discontinued after December 13, 2021. [more]
Main entries ~3682 :
Remaining NVD entries (unprocessed / no code available): ~297333 :
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2014-03-01 | CVE-2014-1912 | Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string. | Mac_os_x, Python | N/A | ||
| 2014-04-07 | CVE-2014-0160 | Heartbleed - The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug. | Symantec_messaging_gateway, Ubuntu_linux, Debian_linux, Fedora, Filezilla_server, V100_firmware, V60_firmware, Micollab, Mivoice, Openssl, Opensuse, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Gluster_storage, Storage, Virtualization, S9922l_firmware, Application_processing_engine_firmware, Cp_1543\-1_firmware, Elan\-8\.2, Simatic_s7\-1500_firmware, Simatic_s7\-1500t_firmware, Wincc_open_architecture, Splunk | 7.5 | ||
| 2021-09-08 | CVE-2021-40346 | An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add_header that can be exploited to perform an HTTP request smuggling attack, allowing an attacker to bypass all configured http-request HAProxy ACLs and possibly other ACLs. | Haproxy, Haproxy_docker_image | 7.5 | ||
| 2016-06-08 | CVE-2016-5108 | Buffer overflow in the DecodeAdpcmImaQT function in modules/codec/adpcm.c in VideoLAN VLC media player before 2.2.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted QuickTime IMA file. | Debian_linux, Vlc_media_player | 9.8 | ||
| 2017-06-01 | CVE-2017-8386 | git-shell did not correctly validate the given project path, allowing an argument injection which leads to arbitrary file reads and in some configurations command execution. | Ubuntu_linux, Debian_linux, Fedora, Git\-Shell, Leap | 8.8 | ||
| 2018-04-06 | CVE-2018-1000156 | GNU patch is processd by ed. This allows arbitrary command executions through a line beginning with ! | Ubuntu_linux, Debian_linux, Patch, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation | 7.8 | ||
| 2018-06-08 | CVE-2018-4222 | There is an out-of-bounds read when compiling WebAssembly source buffers in WebKit. If the buffer is a view, the offset is added to the buffer twice before this is copied. This could allow memory off the heap to be read out of the source buffer, either though parsing exceptions or data sections when they are copied | Icloud, Iphone_os, Itunes, Safari, Tvos, Watchos, Ubuntu_linux | 8.8 |
| Date | Id | Summary | Products | Score | Patch |
|---|---|---|---|---|---|
| 2021-11-23 | CVE-2021-37033 | There is an Injection attack vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service availability. | Emui, Magic_ui | 7.5 | |
| 2021-11-23 | CVE-2021-37034 | There is an Unstandardized field names in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality. | Emui, Magic_ui | 7.5 | |
| 2021-11-23 | CVE-2021-37035 | There is a Remote DoS vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause the app to exit unexpectedly. | Emui, Magic_ui | 7.5 | |
| 2021-11-23 | CVE-2021-37102 | There is a command injection vulnerability in CMA service module of FusionCompute product when processing the default certificate file. The software constructs part of a command using external special input from users, but the software does not sufficiently validate the user input. Successful exploit could allow the attacker to inject certain commands to the system. Affected product versions include: FusionCompute 6.0.0, 6.3.0, 6.3.1, 6.5.0, 6.5.1, 8.0.0. | Fusioncompute | 8.8 | |
| 2021-11-23 | CVE-2021-20601 | Improper input validation vulnerability in GOT2000 series GT27 model all versions, GOT2000 series GT25 model all versions, GOT2000 series GT23 model all versions, GOT2000 series GT21 model all versions, GOT SIMPLE series GS21 model all versions, and GT SoftGOT2000 all versions allows an remote unauthenticated attacker to write a value that exceeds the configured input range limit by sending a malicious packet to rewrite the device value. As a result, the system operation may be affected,... | Got2000_gt2103\-Pmbd_firmware, Got2000_gt2103\-Pmbds2_firmware, Got2000_gt2103\-Pmbds_firmware, Got2000_gt2103\-Pmbls_firmware, Got2000_gt2104\-Rtbd_firmware, Got2000_gt2107\-Wtbd_firmware, Got2000_gt2308\-Vtba_firmware, Got2000_gt2308\-Vtbd_firmware, Got2000_gt2310\-Vtba_firmware, Got2000_gt2310\-Vtbd_firmware, Got2000_gt2505\-Vtbd_firmware, Got2000_gt2505hs\-Vtbd_firmware, Got2000_gt2506hs\-Vtbd_firmware, Got2000_gt2507\-Wtbd_firmware, Got2000_gt2507\-Wtsd_firmware, Got2000_gt2507t\-Wtsd_firmware, Got2000_gt2508\-Vtba_firmware, Got2000_gt2508\-Vtbd_firmware, Got2000_gt2508\-Vtwa_firmware, Got2000_gt2508\-Vtwd_firmware, Got2000_gt2510\-Vtba_firmware, Got2000_gt2510\-Vtbd_firmware, Got2000_gt2510\-Vtwa_firmware, Got2000_gt2510\-Vtwd_firmware, Got2000_gt2510\-Wxtbd_firmware, Got2000_gt2510\-Wxtsd_firmware, Got2000_gt2512\-Stba_firmware, Got2000_gt2512\-Stbd_firmware, Got2000_gt2512\-Wxtbd_firmware, Got2000_gt2512\-Wxtsd_firmware, Got2000_gt2705\-Vtbd_firmware, Got2000_gt2708\-Stba_firmware, Got2000_gt2708\-Stbd_firmware, Got2000_gt2708\-Vtba_firmware, Got2000_gt2708\-Vtbd_firmware, Got2000_gt2710\-Stba_firmware, Got2000_gt2710\-Stbd_firmware, Got2000_gt2710\-Vtba_firmware, Got2000_gt2710\-Vtbd_firmware, Got2000_gt2710\-Vtwa_firmware, Got2000_gt2710\-Vtwd_firmware, Got2000_gt2712\-Stba_firmware, Got2000_gt2712\-Stbd_firmware, Got2000_gt2712\-Stwa_firmware, Got2000_gt2712\-Stwd_firmware, Got2000_gt2715\-Xtba_firmware, Got2000_gt2715\-Xtbd_firmware, Got_simple_gs2107\-Wtbd_firmware, Got_simple_gs2110\-Wtbd_firmware, Gt_softgot2000 | 7.5 | |
| 2021-11-23 | CVE-2021-22410 | There is a XSS injection vulnerability in iMaster NCE-Fabric V100R019C10. A module of the client does not verify the input sufficiently. Attackers can exploit this vulnerability by modifying input after logging onto the client. This may compromise the normal service of the client. | Imaster_nce\-Fabric_firmware | 5.4 | |
| 2021-11-23 | CVE-2021-37036 | There is an information leakage vulnerability in FusionCompute 6.5.1, eCNS280_TD V100R005C00 and V100R005C10. Due to the improperly storage of specific information in the log file, the attacker can obtain the information when a user logs in to the device. Successful exploit may cause the information leak. | Ecns280_td_firmware, Fusioncompute | 5.5 |