Note:
This project will be discontinued after December 13, 2021. [more]
Main entries ~3682 :
Remaining NVD entries (unprocessed / no code available): ~265787 :
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2014-03-01 | CVE-2014-1912 | Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string. | Mac_os_x, Python | N/A | ||
| 2014-04-07 | CVE-2014-0160 | Heartbleed - The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug. | Symantec_messaging_gateway, Ubuntu_linux, Debian_linux, Fedora, Filezilla_server, V100_firmware, V60_firmware, Micollab, Mivoice, Openssl, Opensuse, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Gluster_storage, Storage, Virtualization, S9922l_firmware, Application_processing_engine_firmware, Cp_1543\-1_firmware, Elan\-8\.2, Simatic_s7\-1500_firmware, Simatic_s7\-1500t_firmware, Wincc_open_architecture, Splunk | 7.5 | ||
| 2021-09-08 | CVE-2021-40346 | An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add_header that can be exploited to perform an HTTP request smuggling attack, allowing an attacker to bypass all configured http-request HAProxy ACLs and possibly other ACLs. | Haproxy, Haproxy_docker_image | 7.5 | ||
| 2016-06-08 | CVE-2016-5108 | Buffer overflow in the DecodeAdpcmImaQT function in modules/codec/adpcm.c in VideoLAN VLC media player before 2.2.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted QuickTime IMA file. | Debian_linux, Vlc_media_player | 9.8 | ||
| 2017-06-01 | CVE-2017-8386 | git-shell did not correctly validate the given project path, allowing an argument injection which leads to arbitrary file reads and in some configurations command execution. | Ubuntu_linux, Debian_linux, Fedora, Git\-Shell, Leap | 8.8 | ||
| 2018-04-06 | CVE-2018-1000156 | GNU patch is processd by ed. This allows arbitrary command executions through a line beginning with ! | Ubuntu_linux, Debian_linux, Patch, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation | 7.8 | ||
| 2018-06-08 | CVE-2018-4222 | There is an out-of-bounds read when compiling WebAssembly source buffers in WebKit. If the buffer is a view, the offset is added to the buffer twice before this is copied. This could allow memory off the heap to be read out of the source buffer, either though parsing exceptions or data sections when they are copied | Icloud, Iphone_os, Itunes, Safari, Tvos, Watchos, Ubuntu_linux | 8.8 |
| Date | Id | Summary | Products | Score | Patch |
|---|---|---|---|---|---|
| 2022-12-12 | CVE-2022-3509 | A parsing issue similar to CVE-2022-3171, but with textformat in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above. | Protobuf\-Java, Protobuf\-Javalite | 7.5 | |
| 2022-12-12 | CVE-2021-3821 | A potential security vulnerability has been identified for certain HP multifunction printers (MFPs). The vulnerability may lead to Denial of Service when running HP Workpath solutions on potentially affected products. | Futuresmart_5 | 9.8 | |
| 2022-12-12 | CVE-2022-43780 | Certain HP ENVY, OfficeJet, and DeskJet printers may be vulnerable to a Denial of Service attack. | M2u75a_firmware, M2u76a_firmware, M2u77a_firmware, M2u81a_firmware, M2u81b_firmware, M2u82a_firmware, M2u82b_firmware, M2u84a_firmware, M2u84b_firmware, M2u85a_firmware, M2u85b_firmware, M2u86a_firmware, M2u86b_firmware, M2u86c_firmware, M2u87a_firmware, M2u87b_firmware, M2u88b_firmware, M2u89b_firmware, M2u91a_firmware, M2u91b_firmware, M2u92a_firmware, M2u92b_firmware, M2u94a_firmware, M2u94b_firmware, Z4a54a_firmware, Z4a59a_firmware, Z4a60a_firmware, Z4a61a_firmware, Z4a61b_firmware, Z4a69a_firmware, Z4a70a_firmware, Z4a71a_firmware, Z4a73a_firmware, Z4a74a_firmware, Z4b12a_firmware, Z4b13a_firmware, Z4b14a_firmware, Z4b18a_firmware, Z4b27a_firmware, Z4b28a_firmware, Z4b29a_firmware | 7.5 | |
| 2022-12-12 | CVE-2022-44654 | Affected builds of Trend Micro Apex One and Apex One as a Service contain a monitor engine component that is complied without the /SAFESEH memory protection mechanism which helps to monitor for malicious payloads. The affected component's memory protection mechanism has been updated to enhance product security. | Apex_one | 7.5 | |
| 2022-12-12 | CVE-2022-2794 | Certain HP PageWide Pro Printers may be vulnerable to a potential denial of service attack. | Pagewide_352dw_j6u57a_firmware, Pagewide_377dw_j9v80a_firmware, Pagewide_managed_p55250dw_j6u51b_firmware, Pagewide_managed_p55250dw_j6u55a_firmware, Pagewide_managed_p55250dw_j6u55b_firmware, Pagewide_managed_p57750dw_j9v82a_firmware, Pagewide_pro_452dn_d3q15a_firmware, Pagewide_pro_452dw_d3q16a_firmware, Pagewide_pro_477dn_d3q19a_firmware, Pagewide_pro_477dw_d3q20a_firmware, Pagewide_pro_552dw_d3q17a_firmware, Pagewide_pro_577dw_d3q21a_firmware, Pagewide_pro_577z_k9z76a_firmware | 7.5 | |
| 2022-12-12 | CVE-2022-3485 | In IFM Moneo Appliance with version up to 1.9.3 an unauthenticated remote attacker can reset the administrator password by only supplying the serial number and thus gain full control of the device. | Moneo_qha200_firmware, Moneo_qha210_firmware | 9.8 | |
| 2022-12-12 | CVE-2022-20968 | A vulnerability in the Cisco Discovery Protocol processing feature of Cisco IP Phone 7800 and 8800 Series firmware could allow an unauthenticated, adjacent attacker to cause a stack overflow on an affected device. This vulnerability is due to insufficient input validation of received Cisco Discovery Protocol packets. An attacker could exploit this vulnerability by sending crafted Cisco Discovery Protocol traffic to an affected device. A successful exploit could allow the attacker to cause... | Ip_phone_7811_firmware, Ip_phone_7821_firmware, Ip_phone_7832_firmware, Ip_phone_7841_firmware, Ip_phone_7861_firmware, Ip_phone_8811_firmware, Ip_phone_8831_firmware, Ip_phone_8832_firmware, Ip_phone_8841_firmware, Ip_phone_8845_firmware, Ip_phone_8851_firmware, Ip_phone_8861_firmware, Ip_phone_8865_firmware | 8.8 |