Note:
This project will be discontinued after December 13, 2021. [more]
Main entries ~3681 :
Remaining NVD entries (unprocessed / no code available): ~242848 :
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2017-08-07 | CVE-2009-5145 | Cross-site scripting (XSS) vulnerability in ZMI pages that use the manage_tabs_message in Zope 2.11.4, 2.11.2, 2.10.9, 2.10.7, 2.10.6, 2.10.5, 2.10.4, 2.10.2, 2.10.1, 2.12. | Zope | 6.1 | ||
| 2009-12-07 | CVE-2009-4214 | Cross-site scripting (XSS) vulnerability in the strip_tags function in Ruby on Rails before 2.2.s, and 2.3.x before 2.3.5, allows remote attackers to inject arbitrary web script or HTML via vectors involving non-printing ASCII characters, related to HTML::Tokenizer and actionpack/lib/action_controller/vendor/html-scanner/html/node.rb. | Rails, Ruby_on_rails | N/A | ||
| 2009-10-29 | CVE-2009-3627 | The decode_entities function in util.c in HTML-Parser before 3.63 allows context-dependent attackers to cause a denial of service (infinite loop) via an incomplete SGML numeric character reference, which triggers generation of an invalid UTF-8 character. | Html\-Parser | N/A | ||
| 2009-09-22 | CVE-2009-3287 | lib/thin/connection.rb in Thin web server before 1.2.4 relies on the X-Forwarded-For header to determine the IP address of the client, which allows remote attackers to spoof the IP address and hide activities via a modified X-Forwarded-For header. | Thin | N/A | ||
| 2009-09-09 | CVE-2009-3111 | The rad_decode function in FreeRADIUS before 1.1.8 allows remote attackers to cause a denial of service (radiusd crash) via zero-length Tunnel-Password attributes, as demonstrated by a certain module in VulnDisco Pack Professional 7.6 through 8.11. NOTE: this is a regression error related to CVE-2003-0967. | Freeradius | N/A | ||
| 2009-05-11 | CVE-2009-1194 | Integer overflow in the pango_glyph_string_set_size function in pango/glyphstring.c in Pango before 1.24 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long glyph string that triggers a heap-based buffer overflow, as demonstrated by a long document.location value in Firefox. | Pango | N/A | ||
| 2016-05-02 | CVE-2008-7316 | mm/filemap.c in the Linux kernel before 2.6.25 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers an iovec of zero length, followed by a page fault for an iovec of nonzero length. | Linux_kernel | 5.5 |
| Date | Id | Summary | Products | Score | Patch |
|---|---|---|---|---|---|
| 2024-04-26 | CVE-2024-32826 | Missing Authorization vulnerability in Vektor,Inc. VK Block Patterns.This issue affects VK Block Patterns: from n/a through 1.31.0. | N/A | N/A | |
| 2024-04-26 | CVE-2024-32828 | Missing Authorization vulnerability in Octolize Flexible Shipping.This issue affects Flexible Shipping: from n/a through 4.24.15. | N/A | N/A | |
| 2024-04-26 | CVE-2024-33677 | Cross-Site Request Forgery (CSRF) vulnerability in Renzo Johnson Contact Form 7 Extension For Mailchimp.This issue affects Contact Form 7 Extension For Mailchimp: from n/a through 0.5.70. | N/A | N/A | |
| 2024-04-26 | CVE-2024-32829 | Missing Authorization vulnerability in Supsystic Data Tables Generator by Supsystic.This issue affects Data Tables Generator by Supsystic: from n/a through 1.10.31. | N/A | N/A | |
| 2024-04-26 | CVE-2024-32957 | Missing Authorization vulnerability in Live Composer Team Page Builder: Live Composer.This issue affects Page Builder: Live Composer: from n/a through 1.5.38. | N/A | N/A | |
| 2024-04-26 | CVE-2024-33678 | Cross-Site Request Forgery (CSRF) vulnerability in ClickCease ClickCease Click Fraud Protection.This issue affects ClickCease Click Fraud Protection: from n/a through 3.2.4. | N/A | N/A | |
| 2024-04-26 | CVE-2024-33682 | Cross-Site Request Forgery (CSRF) vulnerability in Cookie Information A/S WP GDPR Compliance.This issue affects WP GDPR Compliance: from n/a through 2.0.23. | N/A | N/A |