Note:
This project will be discontinued after December 13, 2021. [more]
Main entries ~3681 :
Remaining NVD entries (unprocessed / no code available): ~243500 :
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2010-04-16 | CVE-2010-1155 | Irssi before 0.8.15, when SSL is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field or a Subject Alternative Name field of the X.509 certificate, which allows man-in-the-middle attackers to spoof IRC servers via an arbitrary certificate. | Irssi | N/A | ||
| 2010-11-17 | CVE-2010-3978 | Spree 0.11.x before 0.11.2 and 0.30.x before 0.30.0 exchanges data using JavaScript Object Notation (JSON) without a mechanism for validating requests, which allows remote attackers to obtain sensitive information via vectors involving (1) admin/products.json, (2) admin/users.json, or (3) admin/overview/get_report_data, related to a "JSON hijacking" issue. | Spree | N/A | ||
| 2010-10-07 | CVE-2010-3697 | The wait_for_child_to_die function in main/event.c in FreeRADIUS 2.1.x before 2.1.10, in certain circumstances involving long-term database outages, does not properly handle long queue times for requests, which allows remote attackers to cause a denial of service (daemon crash) by sending many requests. | Freeradius | N/A | ||
| 2010-10-07 | CVE-2010-3696 | The fr_dhcp_decode function in lib/dhcp.c in FreeRADIUS 2.1.9, in certain non-default builds, does not properly handle the DHCP Relay Agent Information option, which allows remote attackers to cause a denial of service (infinite loop and daemon outage) via a packet that has more than one sub-option. NOTE: some of these details are obtained from third party information. | Freeradius | N/A | ||
| 2011-04-26 | CVE-2010-3260 | oxf/xml/xerces/XercesSAXParserFactoryImpl.java in the xforms-server component in the XForms service in Orbeon Forms before 3.9 does not properly restrict DTDs in Ajax requests, which allows remote attackers to read arbitrary files or send HTTP requests to intranet servers via an entity declaration in conjunction with an entity reference, related to an "XML injection" issue. | Forms | N/A | ||
| 2010-12-06 | CVE-2010-4254 | Mono, when Moonlight before 2.3.0.1 or 2.99.x before 2.99.0.10 is used, does not properly validate arguments to generic methods, which allows remote attackers to bypass generic constraints, and possibly execute arbitrary code, via a crafted method call. | Mono, Moonlight | N/A | ||
| 2012-06-21 | CVE-2010-4250 | Memory leak in the inotify_init1 function in fs/notify/inotify/inotify_user.c in the Linux kernel before 2.6.37 allows local users to cause a denial of service (memory consumption) via vectors involving failed attempts to create files. | Linux_kernel | N/A |
| Date | Id | Summary | Products | Score | Patch |
|---|---|---|---|---|---|
| 2024-05-02 | CVE-2024-33911 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Weblizar School Management Pro.This issue affects School Management Pro: from n/a through 10.3.4. | N/A | N/A | |
| 2024-05-02 | CVE-2024-33913 | Cross-Site Request Forgery (CSRF) vulnerability leading to Arbitrary File Upload in Xserver Migrator.This issue affects Xserver Migrator: from n/a through 1.6.1. | N/A | N/A | |
| 2024-05-02 | CVE-2024-33922 | Insertion of Sensitive Information into Log File vulnerability in Jordy Meow WP Media Cleaner.This issue affects WP Media Cleaner: from n/a through 6.7.2. | N/A | N/A | |
| 2024-05-02 | CVE-2024-33930 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in ILLID Share This Image.This issue affects Share This Image: from n/a through 1.97. | N/A | N/A | |
| 2024-05-02 | CVE-2024-3005 | The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's LaStudioKit Post Author widget in all versions up to, and including, 1.3.7.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | N/A | N/A | |
| 2024-05-02 | CVE-2024-32638 | Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in Apache APISIX when using `forward-auth` plugin.This issue affects Apache APISIX: from 3.8.0, 3.9.0. Users are recommended to upgrade to version 3.8.1, 3.9.1 or higher, which fixes the issue. | N/A | N/A | |
| 2024-05-02 | CVE-2024-3955 | URL GET parameter "logtime" utilized within the "downloadlog" function from "cbpi/http_endpoints/http_system.py" is subsequently passed to the "os.system" function in "cbpi/controller/system_controller.py" without prior validation allowing to execute arbitrary code.This issue affects CraftBeerPi 4: from 4.0.0.58 (commit 563fae9) before 4.4.1.a1 (commit 57572c7). | N/A | N/A |