Main entries ~3681 :
Remaining NVD entries (unprocessed / no code available): ~165983 :
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2009-10-29 | CVE-2009-3627 | The decode_entities function in util.c in HTML-Parser before 3.63 allows context-dependent attackers to cause a denial of service (infinite loop) via an incomplete SGML numeric character reference, which triggers generation of an invalid UTF-8 character. | Html\-Parser | N/A | ||
| 2009-09-22 | CVE-2009-3287 | lib/thin/connection.rb in Thin web server before 1.2.4 relies on the X-Forwarded-For header to determine the IP address of the client, which allows remote attackers to spoof the IP address and hide activities via a modified X-Forwarded-For header. | Thin | N/A | ||
| 2009-09-09 | CVE-2009-3111 | The rad_decode function in FreeRADIUS before 1.1.8 allows remote attackers to cause a denial of service (radiusd crash) via zero-length Tunnel-Password attributes, as demonstrated by a certain module in VulnDisco Pack Professional 7.6 through 8.11. NOTE: this is a regression error related to CVE-2003-0967. | Freeradius | N/A | ||
| 2009-05-11 | CVE-2009-1194 | Integer overflow in the pango_glyph_string_set_size function in pango/glyphstring.c in Pango before 1.24 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long glyph string that triggers a heap-based buffer overflow, as demonstrated by a long document.location value in Firefox. | Pango | N/A | ||
| 2016-05-02 | CVE-2008-7316 | mm/filemap.c in the Linux kernel before 2.6.25 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers an iovec of zero length, followed by a page fault for an iovec of nonzero length. | Linux_kernel | 5.5 | ||
| 2009-08-24 | CVE-2008-7050 | The password_check function in auth/auth_phpbb3.php in WoW Raid Manager 3.5.1 before Patch 1, when using PHPBB3 authentication, (1) does not invoke the CheckPassword function with the required arguments, which always triggers an authentication failure, and (2) returns true instead of false when an authentication failure occurs, which allows remote attackers to bypass authentication and gain privileges with an arbitrary password. | Wowraidmanager | N/A | ||
| 2008-12-17 | CVE-2008-5619 | html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer before 5.2.10, RoundCube Webmail (roundcubemail) 0.2-1.alpha and 0.2-3.beta, Mahara, and AtMail Open 1.03, allows remote attackers to execute arbitrary code via crafted input that is processed by the preg_replace function with the eval switch. | Webmail | N/A |
| Date | Id | Summary | Products | Score | Patch |
|---|---|---|---|---|---|
| 2021-09-23 | CVE-2021-41088 | Elvish is a programming language and interactive shell, combined into one package. In versions prior to 0.14.0 Elvish's web UI backend (started by `elvish -web`) hosts an endpoint that allows executing the code sent from the web UI. The backend does not check the origin of requests correctly. As a result, if the user has the web UI backend open and visits a compromised or malicious website, the website can send arbitrary code to the endpoint in localhost. All Elvish releases from 0.14.0... | N/A | 8.0 | |
| 2021-09-23 | CVE-2020-19949 | A cross-site scripting (XSS) vulnerability in the /link/add.html component of YzmCMS v5.3 allows attackers to execute arbitrary web scripts or HTML. | N/A | N/A | |
| 2021-09-23 | CVE-2020-19950 | A cross-site scripting (XSS) vulnerability in the /banner/add.html component of YzmCMS v5.3 allows attackers to execute arbitrary web scripts or HTML. | N/A | N/A | |
| 2021-09-23 | CVE-2020-19951 | A cross-site request forgery (CSRF) in /controller/pay.class.php of YzmCMS v5.5 allows attackers to access sensitive components of the application. | N/A | N/A | |
| 2021-09-23 | CVE-2020-24327 | Server Side Request Forgery (SSRF) vulnerability exists in Discourse 2.3.2 and 2.6 via the email function. When writing an email in an editor, you can upload pictures of remote websites. | N/A | N/A | |
| 2021-09-23 | CVE-2021-29810 | IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204279. | N/A | N/A | |
| 2021-09-23 | CVE-2021-29812 | IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204330. | N/A | N/A |