Main entries ~3682 :
Date Id Summary Products Score Patch Annotated
2013-01-03 CVE-2012-5665 ownCloud 4.0.x before 4.0.10 and 4.5.x before 4.5.5 does not properly restrict access to settings.php, which allows remote attackers to edit app configurations of user_webdavauth and user_ldap by editing this file. Owncloud N/A
2014-04-04 CVE-2012-5648 Multiple SQL injection vulnerabilities in Foreman before 1.0.2 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) app/models/hostext/search.rb or (2) app/models/puppetclass.rb, related to the search mechanism. Foreman N/A
2013-02-24 CVE-2012-5647 Open redirect vulnerability in node-util/www/html/restorer.php in Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the PATH_INFO. Openshift, Openshift_origin N/A
2013-02-24 CVE-2012-5646 node-util/www/html/restorer.php in the Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to execute arbitrary commands via a crafted uuid in the PATH_INFO. Openshift, Openshift_origin N/A
2012-12-31 CVE-2012-5642 server/action.py in Fail2ban before 0.8.8 does not properly handle the content of the matches tag, which might allow remote attackers to trigger unsafe behavior in a custom action file via unspecified symbols in this content. Fail2ban N/A
2014-03-18 CVE-2012-5641 Directory traversal vulnerability in the partition2 function in mochiweb_util.erl in MochiWeb before 2.4.0, as used in Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1, allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the default URI. Couchdb, Mochiweb N/A
2012-12-26 CVE-2012-5625 OpenStack Compute (Nova) Folsom before 2012.2.2 and Grizzly, when using libvirt and LVM backed instances, does not properly clear physical volume (PV) content when reallocating for instances, which allows attackers to obtain sensitive information by reading the memory of the previous logical volume (LV). Folsom, Grizzly N/A
Remaining NVD entries (unprocessed / no code available): ~296711 :
Date Id Summary Products Score Patch
2025-07-12 CVE-2025-24294 The attack vector is a potential Denial of Service (DoS). The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet. An attacker can craft a malicious DNS packet containing a highly compressed domain name. When the resolv library parses such a packet, the name decompression process consumes a large amount of CPU resources, as the library does not limit the resulting length of the name. This resource consumption can cause the... N/A N/A
2025-07-12 CVE-2023-38036 A security vulnerability within Ivanti Avalanche Manager before version 6.4.1 may allow an unauthenticated attacker to create a buffer overflow that could result in service disruption or arbitrary code execution. N/A N/A
2025-07-12 CVE-2023-39338 Enables an authenticated user (enrolled device) to access a service protected by Sentry even if they are not authorized according to the sentry policy to access that service. It does not enable the user to authenticate to or use the service, it just provides the tunnel access. N/A N/A
2025-07-12 CVE-2023-39339 A vulnerability exists on all versions of Ivanti Policy Secure below 22.6R1 where an authenticated administrator can perform an arbitrary file read via a maliciously crafted web request. N/A N/A
2025-07-12 CVE-2024-38648 A hardcoded secret in Ivanti DSM before 2024.2 allows an authenticated attacker on an adjacent network to decrypt sensitive data including user credentials. N/A N/A
2025-07-12 CVE-2025-53871 Rejected reason: Not used N/A N/A
2025-07-12 CVE-2025-53872 Rejected reason: Not used N/A N/A