Note:
This project will be discontinued after December 13, 2021. [more]
Main entries ~3681 :
Remaining NVD entries (unprocessed / no code available): ~246595 :
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2011-04-13 | CVE-2011-0990 | Race condition in the FastCopy optimization in the Array.Copy method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to trigger a buffer overflow and modify internal data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file in which a thread makes a change after a type check but before a copy action. | Mono, Moonlight | N/A | ||
| 2011-04-13 | CVE-2011-0989 | The RuntimeHelpers.InitializeArray method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, does not properly restrict data types, which allows remote attackers to modify internal read-only data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file, as demonstrated by modifying a C# struct. | Mono, Moonlight | N/A | ||
| 2011-05-31 | CVE-2011-0766 | The random number generator in the Crypto application before 2.0.2.2, and SSH before 2.0.5, as used in the Erlang/OTP ssh library before R14B03, uses predictable seeds based on the current time, which makes it easier for remote attackers to guess DSA host and SSH session keys. | Crypto, Erlang\/otp, Ssh | N/A | ||
| 2012-06-21 | CVE-2011-0716 | The br_multicast_add_group function in net/bridge/br_multicast.c in the Linux kernel before 2.6.38, when a certain Ethernet bridge configuration is used, allows local users to cause a denial of service (memory corruption and system crash) by sending IGMP packets to a local interface. | Linux_kernel | N/A | ||
| 2011-02-22 | CVE-2011-0530 | Buffer overflow in the mainloop function in nbd-server.c in the server in Network Block Device (nbd) before 2.9.20 might allow remote attackers to execute arbitrary code via a long request. NOTE: this issue exists because of a CVE-2005-3534 regression. | Nbd | N/A | ||
| 2017-08-17 | CVE-2011-0469 | Code injection in openSUSE when running some source services used in the open build service 2.1 before March 11 2011. | Opensuse | 9.8 | ||
| 2012-06-21 | CVE-2011-0006 | The ima_lsm_rule_init function in security/integrity/ima/ima_policy.c in the Linux kernel before 2.6.37, when the Linux Security Modules (LSM) framework is disabled, allows local users to bypass Integrity Measurement Architecture (IMA) rules in opportunistic circumstances by leveraging an administrator's addition of an IMA rule for LSM. | Linux_kernel | N/A |
| Date | Id | Summary | Products | Score | Patch |
|---|---|---|---|---|---|
| 2024-05-18 | CVE-2024-4865 | The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_id’ parameter in all versions up to, and including, 3.10.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | N/A | 6.4 | |
| 2024-05-18 | CVE-2024-23554 | Cross-Site Request Forgery (CSRF) on Session Token vulnerability that could potentially lead to Remote Code Execution (RCE). | N/A | N/A | |
| 2024-05-18 | CVE-2024-23556 | SSL/TLS Renegotiation functionality potentially leading to DoS attack vulnerability. | N/A | N/A | |
| 2024-05-18 | CVE-2024-4264 | A remote code execution (RCE) vulnerability exists in the berriai/litellm project due to improper control of the generation of code when using the `eval` function unsafely in the `litellm.get_secret()` method. Specifically, when the server utilizes Google KMS, untrusted data is passed to the `eval` function without any sanitization. Attackers can exploit this vulnerability by injecting malicious values into environment variables through the `/config/update` endpoint, which allows for the... | N/A | N/A | |
| 2024-05-17 | CVE-2024-23583 | An attacker could potentially intercept credentials via the task manager and perform unauthorized access to the Client Deploy Tool on Windows systems. | N/A | N/A | |
| 2024-05-17 | CVE-2024-25742 | In the Linux kernel before 6.9, an untrusted hypervisor can inject virtual interrupt 29 (#VC) at any point in time and can trigger its handler. This affects AMD SEV-SNP and AMD SEV-ES. | N/A | N/A | |
| 2024-05-17 | CVE-2024-35312 | In Tor Arti before 1.2.3, STUB circuits incorrectly have a length of 2 (with lite vanguards), aka TROVE-2024-003. | N/A | N/A |