Note:
This project will be discontinued after December 13, 2021. [more]
Main entries ~3682 :
Remaining NVD entries (unprocessed / no code available): ~296747 :
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2014-03-01 | CVE-2014-1912 | Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string. | Mac_os_x, Python | N/A | ||
| 2014-04-07 | CVE-2014-0160 | Heartbleed - The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug. | Symantec_messaging_gateway, Ubuntu_linux, Debian_linux, Fedora, Filezilla_server, V100_firmware, V60_firmware, Micollab, Mivoice, Openssl, Opensuse, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Gluster_storage, Storage, Virtualization, S9922l_firmware, Application_processing_engine_firmware, Cp_1543\-1_firmware, Elan\-8\.2, Simatic_s7\-1500_firmware, Simatic_s7\-1500t_firmware, Wincc_open_architecture, Splunk | 7.5 | ||
| 2021-09-08 | CVE-2021-40346 | An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add_header that can be exploited to perform an HTTP request smuggling attack, allowing an attacker to bypass all configured http-request HAProxy ACLs and possibly other ACLs. | Haproxy, Haproxy_docker_image | 7.5 | ||
| 2016-06-08 | CVE-2016-5108 | Buffer overflow in the DecodeAdpcmImaQT function in modules/codec/adpcm.c in VideoLAN VLC media player before 2.2.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted QuickTime IMA file. | Debian_linux, Vlc_media_player | 9.8 | ||
| 2017-06-01 | CVE-2017-8386 | git-shell did not correctly validate the given project path, allowing an argument injection which leads to arbitrary file reads and in some configurations command execution. | Ubuntu_linux, Debian_linux, Fedora, Git\-Shell, Leap | 8.8 | ||
| 2018-04-06 | CVE-2018-1000156 | GNU patch is processd by ed. This allows arbitrary command executions through a line beginning with ! | Ubuntu_linux, Debian_linux, Patch, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation | 7.8 | ||
| 2018-06-08 | CVE-2018-4222 | There is an out-of-bounds read when compiling WebAssembly source buffers in WebKit. If the buffer is a view, the offset is added to the buffer twice before this is copied. This could allow memory off the heap to be read out of the source buffer, either though parsing exceptions or data sections when they are copied | Icloud, Iphone_os, Itunes, Safari, Tvos, Watchos, Ubuntu_linux | 8.8 |
| Date | Id | Summary | Products | Score | Patch |
|---|---|---|---|---|---|
| 2023-03-16 | CVE-2023-28155 | The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect (HTTP to HTTPS, or HTTPS to HTTP). NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | Request | 6.1 | |
| 2023-03-16 | CVE-2023-27250 | Online Book Store Project v1.0 is vulnerable to SQL Injection via /bookstore/bookPerPub.php. | Online_book_store_project | 9.8 | |
| 2023-03-16 | CVE-2023-27875 | IBM Aspera Faspex 5.0.4 could allow a user to change other user's credentials due to improper access controls. IBM X-Force ID: 249847. | Aspera_faspex | 7.5 | |
| 2023-03-16 | CVE-2022-26080 | Use of Insufficiently Random Values vulnerability in ABB Pulsar Plus System Controller NE843_S, ABB Infinity DC Power Plant.This issue affects Pulsar Plus System Controller NE843_S : comcode 150042936; Infinity DC Power Plant: H5692448 G104 G842 G224L G630-4 G451C(2) G461(2) – comcode 150047415. | H5692448_g104_firmware, H5692448_g224l_firmware, H5692448_g451c\(2\)_firmware, H5692448_g461\(2\)_firmware, H5692448_g630\-4_firmware, H5692448_g842_firmware, Ne843_s_firmware | 4.3 | |
| 2023-03-16 | CVE-2022-34423 | Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service. | C4130_firmware, C4140_firmware, C6320_firmware, C6420_firmware, C6520_firmware, C6525_firmware, Dss8440_firmware, Fc430_firmware, Fc630_firmware, Fc640_firmware, Fc830_firmware, M630_firmware, M630p_firmware, M640_firmware, M640p_firmware, M830_firmware, M830p_firmware, Mx740c_firmware, Mx750c_firmware, Mx840c_firmware, Nx3230_firmware, Nx3240_firmware, Nx3330_firmware, Nx3340_firmware, Nx430_firmware, Nx440_firmware, R230_firmware, R240_firmware, R250_firmware, R330_firmware, R340_firmware, R350_firmware, R430_firmware, R440_firmware, R450_firmware, R530_firmware, R540_firmware, R550_firmware, R630_firmware, R640_firmware, R6415_firmware, R650_firmware, R650xs_firmware, R6515_firmware, R6525_firmware, R730_firmware, R730xd_firmware, R740_firmware, R740xd2_firmware, R740xd_firmware, R7415_firmware, R7425_firmware, R750_firmware, R750xa_firmware, R750xs_firmware, R7515_firmware, R7525_firmware, R830_firmware, R840_firmware, R930_firmware, R940_firmware, R940xa_firmware, T130_firmware, T140_firmware, T150_firmware, T330_firmware, T340_firmware, T350_firmware, T430_firmware, T440_firmware, T550_firmware, T630_firmware, T640_firmware, Xe2420_firmware, Xe7420_firmware, Xe7440_firmware, Xe8545_firmware, Xr11_firmware, Xr12_firmware, Xr2_firmware | 6.7 | |
| 2023-03-16 | CVE-2023-1431 | The WP Simple Shopping Cart plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.6.3 due to the plugin saving shopping cart data exports in a publicly accessible location (/wp-content/plugins/wordpress-simple-paypal-shopping-cart/includes/admin/). This makes it possible for unauthenticated attackers to view information that should be limited to administrators only and can include data like first name, last name, email, address, IP Address, and more. | Wordpress_simple_paypal_shopping_cart | 5.3 | |
| 2023-03-16 | CVE-2023-1432 | A vulnerability was found in SourceCodester Online Food Ordering System 2.0 and classified as critical. Affected by this issue is some unknown functionality of the file /fos/admin/ajax.php?action=save_settings of the component POST Request Handler. The manipulation leads to improper access controls. The attack may be launched remotely. VDB-223214 is the identifier assigned to this vulnerability. | Online_food_ordering_system | 9.8 |