Main entries ~3681 :
Date Id Summary Products Score Patch Annotated
2009-10-29 CVE-2009-3627 The decode_entities function in util.c in HTML-Parser before 3.63 allows context-dependent attackers to cause a denial of service (infinite loop) via an incomplete SGML numeric character reference, which triggers generation of an invalid UTF-8 character. Html\-Parser N/A
2009-09-22 CVE-2009-3287 lib/thin/connection.rb in Thin web server before 1.2.4 relies on the X-Forwarded-For header to determine the IP address of the client, which allows remote attackers to spoof the IP address and hide activities via a modified X-Forwarded-For header. Thin N/A
2009-09-09 CVE-2009-3111 The rad_decode function in FreeRADIUS before 1.1.8 allows remote attackers to cause a denial of service (radiusd crash) via zero-length Tunnel-Password attributes, as demonstrated by a certain module in VulnDisco Pack Professional 7.6 through 8.11. NOTE: this is a regression error related to CVE-2003-0967. Freeradius N/A
2009-05-11 CVE-2009-1194 Integer overflow in the pango_glyph_string_set_size function in pango/glyphstring.c in Pango before 1.24 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long glyph string that triggers a heap-based buffer overflow, as demonstrated by a long document.location value in Firefox. Pango N/A
2016-05-02 CVE-2008-7316 mm/filemap.c in the Linux kernel before 2.6.25 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers an iovec of zero length, followed by a page fault for an iovec of nonzero length. Linux_kernel 5.5
2009-08-24 CVE-2008-7050 The password_check function in auth/auth_phpbb3.php in WoW Raid Manager 3.5.1 before Patch 1, when using PHPBB3 authentication, (1) does not invoke the CheckPassword function with the required arguments, which always triggers an authentication failure, and (2) returns true instead of false when an authentication failure occurs, which allows remote attackers to bypass authentication and gain privileges with an arbitrary password. Wowraidmanager N/A
2008-12-17 CVE-2008-5619 html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer before 5.2.10, RoundCube Webmail (roundcubemail) 0.2-1.alpha and 0.2-3.beta, Mahara, and AtMail Open 1.03, allows remote attackers to execute arbitrary code via crafted input that is processed by the preg_replace function with the eval switch. Webmail N/A
Remaining NVD entries (unprocessed / no code available): ~261576 :
Date Id Summary Products Score Patch
2024-10-15 CVE-2024-45271 An unauthenticated local attacker can gain admin privileges by deploying a config file due to improper input validation. N/A 8.4
2024-10-15 CVE-2024-45272 An unauthenticated remote attacker can perform a brute-force attack on the credentials of the remote service portal with a high chance of success, resulting in connection lost. N/A 7.5
2024-10-15 CVE-2024-45273 An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used. N/A 8.4
2024-10-15 CVE-2024-45274 An unauthenticated remote attacker can execute OS commands via UDP on the device due to missing authentication. N/A 9.8
2024-10-15 CVE-2024-45275 The devices contain two hard coded user accounts with hardcoded passwords that allow an unauthenticated remote attacker for full control of the affected devices. N/A N/A
2024-10-15 CVE-2024-45276 An unauthenticated remote attacker can get read access to files in the "/tmp" directory due to missing authentication. N/A 7.5
2024-10-15 CVE-2024-47674 In the Linux kernel, the following vulnerability has been resolved: mm: avoid leaving partial pfn mappings around in error case As Jann points out, PFN mappings are special, because unlike normal memory mappings, there is no lifetime information associated with the mapping - it is just a raw mapping of PFNs with no reference counting of a 'struct page'. That's all very much intentional, but it does mean that it's easy to mess up the cleanup in case of errors. Yes, a failed mmap() will... N/A N/A