Note:
This project will be discontinued after December 13, 2021. [more]
Main entries ~3682 :
Remaining NVD entries (unprocessed / no code available): ~295093 :
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2012-05-24 | CVE-2011-3359 | The dma_rx function in drivers/net/wireless/b43/dma.c in the Linux kernel before 2.6.39 does not properly allocate receive buffers, which allows remote attackers to cause a denial of service (system crash) via a crafted frame. | Linux_kernel | 7.5 | ||
| 2011-09-21 | CVE-2011-3358 | Multiple cross-site scripting (XSS) vulnerabilities in MantisBT before 1.2.8 allow remote attackers to inject arbitrary web script or HTML via the (1) os, (2) os_build, or (3) platform parameter to (a) bug_report_page.php or (b) bug_update_advanced_page.php, related to use of the Projax library. | Mantisbt | N/A | ||
| 2011-09-21 | CVE-2011-3357 | Directory traversal vulnerability in bug_actiongroup_ext_page.php in MantisBT before 1.2.8 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action parameter, related to bug_actiongroup_page.php. | Mantisbt | N/A | ||
| 2011-09-21 | CVE-2011-3356 | Multiple cross-site scripting (XSS) vulnerabilities in config_defaults_inc.php in MantisBT before 1.2.8 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO, as demonstrated by the PATH_INFO to (1) manage_config_email_page.php, (2) manage_config_workflow_page.php, or (3) bugs/plugin.php. | Mantisbt | N/A | ||
| 2012-05-24 | CVE-2011-3353 | Buffer overflow in the fuse_notify_inval_entry function in fs/fuse/dev.c in the Linux kernel before 3.1 allows local users to cause a denial of service (BUG_ON and system crash) by leveraging the ability to mount a FUSE filesystem. | Linux_kernel | 5.5 | ||
| 2014-04-01 | CVE-2011-3346 | Buffer overflow in hw/scsi-disk.c in the SCSI subsystem in QEMU before 0.15.2, as used by Xen, might allow local guest users with permission to access the CD-ROM to cause a denial of service (guest crash) via a crafted SAI READ CAPACITY SCSI command. NOTE: this is only a vulnerability when root has manually modified certain permissions or ACLs. | Qemu, Enterprise_linux, Xen | N/A | ||
| 2011-09-16 | CVE-2011-3211 | The server in Bcfg2 1.1.2 and earlier, and 1.2 prerelease, allows remote attackers to execute arbitrary commands via shell metacharacters in data received from a client. | Bcfg2 | N/A |
| Date | Id | Summary | Products | Score | Patch |
|---|---|---|---|---|---|
| 2025-07-07 | CVE-2025-7110 | A vulnerability, which was classified as problematic, was found in Portabilis i-Educar 2.9.0. This affects an unknown part of the file /intranet/educar_escola_lst.php of the component School Module. The manipulation of the argument Escola leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | N/A | 3.5 | |
| 2025-07-07 | CVE-2025-7145 | ThreatSonar Anti-Ransomware developed by TeamT5 has an OS Command Injection vulnerability, allowing remote attackers with product platform intermediate privileges to inject arbitrary OS commands and execute them on the server, thereby gaining administrative access to the remote host. | N/A | 7.2 | |
| 2025-07-07 | CVE-2025-7109 | A vulnerability, which was classified as problematic, has been found in Portabilis i-Educar 2.9.0. Affected by this issue is some unknown functionality of the file /intranet/educar_aluno_beneficio_lst.php of the component Student Benefits Registration. The manipulation of the argument BenefĂcio leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not... | N/A | 3.5 | |
| 2025-07-07 | CVE-2025-7108 | A vulnerability classified as critical was found in risesoft-y9 Digital-Infrastructure up to 9.6.7. Affected by this vulnerability is the function deleteFile of the file /Digital-Infrastructure-9.6.7/y9-digitalbase-webapp/y9-module-filemanager/risenet-y9boot-webapp-filemanager/src/main/java/net/risesoft/y9public/controller/Y9FileController.java. The manipulation of the argument fullPath leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public... | N/A | 5.4 | |
| 2025-07-07 | CVE-2024-58117 | Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitation of this vulnerability may affect the file preview function. | N/A | N/A | |
| 2025-07-07 | CVE-2025-53167 | Authentication vulnerability in the distributed collaboration framework module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | N/A | N/A | |
| 2025-07-07 | CVE-2025-53168 | Vulnerability of bypassing the process to start SA and use related functions on distributed cameras Impact: Successful exploitation of this vulnerability may allow the peer device to use the camera without user awareness. | N/A | N/A |