• git://
#Vulnerabilities 4342
Date Id Summary Products Score Patch Annotated
2018-03-09 CVE-2018-1071 zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the exec.c:hashcmd() function. A local attacker could exploit this to cause a denial of service. Ubuntu_linux, Debian_linux, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Zsh 5.5
2020-11-04 CVE-2020-8037 The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory. Debian_linux, Tcpdump 7.5
2020-09-09 CVE-2020-25219 url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character. This leads to stack exhaustion. Debian_linux, Libproxy 7.5
2020-09-04 CVE-2020-24977 GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e. Debian_linux, Fedora, Active_iq_unified_manager, Clustered_data_ontap, Clustered_data_ontap_antivirus_connector, Hci_h410c_firmware, Inventory_collect_tool, Manageability_software_development_kit, Snapdrive, Leap, Libxml2 6.5
2018-12-02 CVE-2018-19787 An issue was discovered in lxml before 4.2.5. lxml/html/ in the lxml.html.clean module does not remove javascript: URLs that use escaping, allowing a remote attacker to conduct XSS attacks, as demonstrated by "j a v a s c r i p t:" in Internet Explorer. This is a similar issue to CVE-2014-3146. Ubuntu_linux, Debian_linux, Lxml 6.1
2020-06-11 CVE-2020-0198 In exif_data_load_data_content of exif-data.c, there is a possible UBSAN abort due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-146428941 Debian_linux, Android 7.5
2020-11-10 CVE-2020-25074 The cache action in action/ in MoinMoin through 1.9.10 allows directory traversal through a crafted HTTP request. An attacker who can upload attachments to the wiki can use this to achieve remote code execution. Debian_linux, Moinmoin 9.8
2020-11-18 CVE-2020-28367 Go before 1.14.12 and 1.15.x before 1.15.5 allows Argument Injection. Debian_linux, Fedora, Go 7.5
2019-08-20 CVE-2019-10086 In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean. Commons_beanutils, Debian_linux 7.3
2015-04-01 CVE-2015-2808 The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue. Ubuntu_linux, Debian_linux, Sparc_enterprise_m3000_firmware, Sparc_enterprise_m4000_firmware, Sparc_enterprise_m5000_firmware, Sparc_enterprise_m8000_firmware, Sparc_enterprise_m9000_firmware, 9700_firmware, E6000_firmware, E9000_firmware, Oceanstor_18500_firmware, Oceanstor_18800_firmware, Oceanstor_18800f_firmware, Oceanstor_9000_firmware, Oceanstor_cse_firmware, Oceanstor_hvs85t_firmware, Oceanstor_replicationdirector, Oceanstor_s2600t_firmware, Oceanstor_s5500t_firmware, Oceanstor_s5600t_firmware, Oceanstor_s5800t_firmware, Oceanstor_s6800t_firmware, Oceanstor_vis6600t_firmware, Policy_center, Quidway_s9300_firmware, S12700_firmware, S2700_firmware, S2750_firmware, S3700_firmware, S5700ei_firmware, S5700hi_firmware, S5700li_firmware, S5700s\-Li_firmware, S5700si_firmware, S5710ei_firmware, S5710hi_firmware, S5720ei_firmware, S5720hi_firmware, S6700_firmware, S7700_firmware, Smc2\.0, Te60_firmware, Ultravr, Cognos_metrics_manager, Opensuse, Communications_application_session_controller, Communications_policy_management, Http_server, Integrated_lights_out_manager_firmware, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Satellite, Linux_enterprise_debuginfo, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit, Manager N/A