Note:
This project will be discontinued after December 13, 2021. [more]
Main entries ~3682 :
Remaining NVD entries (unprocessed / no code available): ~296728 :
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2014-03-01 | CVE-2014-1912 | Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string. | Mac_os_x, Python | N/A | ||
| 2014-04-07 | CVE-2014-0160 | Heartbleed - The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug. | Symantec_messaging_gateway, Ubuntu_linux, Debian_linux, Fedora, Filezilla_server, V100_firmware, V60_firmware, Micollab, Mivoice, Openssl, Opensuse, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Gluster_storage, Storage, Virtualization, S9922l_firmware, Application_processing_engine_firmware, Cp_1543\-1_firmware, Elan\-8\.2, Simatic_s7\-1500_firmware, Simatic_s7\-1500t_firmware, Wincc_open_architecture, Splunk | 7.5 | ||
| 2021-09-08 | CVE-2021-40346 | An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add_header that can be exploited to perform an HTTP request smuggling attack, allowing an attacker to bypass all configured http-request HAProxy ACLs and possibly other ACLs. | Haproxy, Haproxy_docker_image | 7.5 | ||
| 2016-06-08 | CVE-2016-5108 | Buffer overflow in the DecodeAdpcmImaQT function in modules/codec/adpcm.c in VideoLAN VLC media player before 2.2.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted QuickTime IMA file. | Debian_linux, Vlc_media_player | 9.8 | ||
| 2017-06-01 | CVE-2017-8386 | git-shell did not correctly validate the given project path, allowing an argument injection which leads to arbitrary file reads and in some configurations command execution. | Ubuntu_linux, Debian_linux, Fedora, Git\-Shell, Leap | 8.8 | ||
| 2018-04-06 | CVE-2018-1000156 | GNU patch is processd by ed. This allows arbitrary command executions through a line beginning with ! | Ubuntu_linux, Debian_linux, Patch, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation | 7.8 | ||
| 2018-06-08 | CVE-2018-4222 | There is an out-of-bounds read when compiling WebAssembly source buffers in WebKit. If the buffer is a view, the offset is added to the buffer twice before this is copied. This could allow memory off the heap to be read out of the source buffer, either though parsing exceptions or data sections when they are copied | Icloud, Iphone_os, Itunes, Safari, Tvos, Watchos, Ubuntu_linux | 8.8 |
| Date | Id | Summary | Products | Score | Patch |
|---|---|---|---|---|---|
| 2024-06-24 | CVE-2024-33881 | An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. The Virto.SharePoint.FileDownloader/Api/Download.ashx isCompleted method allows an NTLMv2 hash leak via a UNC share pathname in the path parameter. | Sharepoint_bulk_file_download | 5.3 | |
| 2024-06-24 | CVE-2024-38369 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The content of a document included using `{{include reference="targetdocument"/}}` is executed with the right of the includer and not with the right of its author. This means that any user able to modify the target document can impersonate the author of the content which used the `include` macro. This vulnerability has been patched in XWiki 15.0 RC1 by making the default behavior safe. | Xwiki | 4.3 | |
| 2024-06-24 | CVE-2024-38373 | FreeRTOS-Plus-TCP is a lightweight TCP/IP stack for FreeRTOS. FreeRTOS-Plus-TCP versions 4.0.0 through 4.1.0 contain a buffer over-read issue in the DNS Response Parser when parsing domain names in a DNS response. A carefully crafted DNS response with domain name length value greater than the actual domain name length, could cause the parser to read beyond the DNS response buffer. This issue affects applications using DNS functionality of the FreeRTOS-Plus-TCP stack. Applications that do not... | Freertos\-Plus\-Tcp | 8.1 | |
| 2024-06-24 | CVE-2024-6104 | go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7. | Retryablehttp | 5.5 | |
| 2024-06-24 | CVE-2024-6285 | Integer Underflow (Wrap or Wraparound) vulnerability in Renesas arm-trusted-firmware. An integer underflow in image range check calculations could lead to bypassing address restrictions and loading of images to unallowed addresses. | Rcar_gen3 | 6.7 | |
| 2024-06-24 | CVE-2024-6287 | Incorrect Calculation vulnerability in Renesas arm-trusted-firmware allows Local Execution of Code. When checking whether a new image invades/overlaps with a previously loaded image the code neglects to consider a few cases. that could An attacker to bypass memory range restriction and overwrite an already loaded image partly or completely, which could result in code execution and bypass of secure boot. | Rcar_gen3 | 7.8 | |
| 2024-06-24 | CVE-2024-33687 | Insufficient verification of data authenticity issue exists in NJ Series CPU Unit all versions and NX Series CPU Unit all versions. If a user program in the affected product is altered, the product may not be able to detect the alteration. | Nj101\-1000_firmware, Nj101\-1020_firmware, Nj101\-9000_firmware, Nj101\-9020_firmware, Nj301\-1100_firmware, Nj301\-1200_firmware, Nj501\-1300_firmware, Nj501\-1320_firmware, Nj501\-1340_firmware, Nj501\-1400_firmware, Nj501\-140_firmware, Nj501\-1420_firmware, Nj501\-1500_firmware, Nj501\-1520_firmware, Nj501\-4300_firmware, Nj501\-4310_firmware, Nj501\-4320_firmware, Nj501\-4400_firmware, Nj501\-4500_firmware, Nj501\-5300\-1_firmware, Nj501\-5300_firmware, Nj501\-R300_firmware, Nj501\-R320_firmware, Nj501\-R400_firmware, Nj501\-R420_firmware, Nj501\-R500_firmware, Nj501\-R520_firmware, Nj\-Pa3001_firmware, Nj\-Pd3001_firmware, Nx102\-1000_firmware, Nx102\-1020_firmware, Nx102\-1100_firmware, Nx102\-1120_firmware, Nx102\-1200_firmware, Nx102\-1220_firmware, Nx102\-9000_firmware, Nx102\-9020_firmware, Nx1p2\-1040dt1_firmware, Nx1p2\-1040dt_firmware, Nx1p2\-1140dt1_firmware, Nx1p2\-1140dt_firmware, Nx1p2\-9024dt1_firmware, Nx1p2\-9024dt_firmware, Nx1w\-Adb21_firmware, Nx1w\-Cif01_firmware, Nx1w\-Cif11_firmware, Nx1w\-Cif12_firmware, Nx1w\-Dab21v_firmware, Nx1w\-Mab221_firmware, Nx701\-1600_firmware, Nx701\-1620_firmware, Nx701\-1700_firmware, Nx701\-1720_firmware, Nx701\-Z600_firmware, Nx701\-Z700_firmware | 7.5 |