Note:
This project will be discontinued after December 13, 2021. [more]
Main entries ~3681 :
Remaining NVD entries (unprocessed / no code available): ~259553 :
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2014-03-01 | CVE-2014-1912 | Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string. | Mac_os_x, Python | N/A | ||
| 2014-04-07 | CVE-2014-0160 | Heartbleed - The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug. | Symantec_messaging_gateway, Ubuntu_linux, Debian_linux, Fedora, Filezilla_server, V100_firmware, V60_firmware, Micollab, Mivoice, Openssl, Opensuse, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Gluster_storage, Storage, Virtualization, S9922l_firmware, Application_processing_engine_firmware, Cp_1543\-1_firmware, Elan\-8\.2, Simatic_s7\-1500_firmware, Simatic_s7\-1500t_firmware, Wincc_open_architecture, Splunk | 7.5 | ||
| 2021-09-08 | CVE-2021-40346 | An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add_header that can be exploited to perform an HTTP request smuggling attack, allowing an attacker to bypass all configured http-request HAProxy ACLs and possibly other ACLs. | Haproxy, Haproxy_docker_image | 7.5 | ||
| 2016-06-08 | CVE-2016-5108 | Buffer overflow in the DecodeAdpcmImaQT function in modules/codec/adpcm.c in VideoLAN VLC media player before 2.2.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted QuickTime IMA file. | Debian_linux, Vlc_media_player | 9.8 | ||
| 2017-06-01 | CVE-2017-8386 | git-shell did not correctly validate the given project path, allowing an argument injection which leads to arbitrary file reads and in some configurations command execution. | Ubuntu_linux, Debian_linux, Fedora, Git\-Shell, Leap | 8.8 | ||
| 2018-04-06 | CVE-2018-1000156 | GNU patch is processd by ed. This allows arbitrary command executions through a line beginning with ! | Ubuntu_linux, Debian_linux, Patch, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation | 7.8 | ||
| 2018-06-08 | CVE-2018-4222 | There is an out-of-bounds read when compiling WebAssembly source buffers in WebKit. If the buffer is a view, the offset is added to the buffer twice before this is copied. This could allow memory off the heap to be read out of the source buffer, either though parsing exceptions or data sections when they are copied | Icloud, Iphone_os, Itunes, Safari, Tvos, Watchos, Ubuntu_linux | 8.8 |
| Date | Id | Summary | Products | Score | Patch |
|---|---|---|---|---|---|
| 2023-11-16 | CVE-2023-43757 | Inadequate encryption strength vulnerability in multiple routers provided by ELECOM CO.,LTD. and LOGITEC CORPORATION allows a network-adjacent unauthenticated attacker to guess the encryption key used for wireless LAN communication and intercept the communication. As for the affected products/versions, see the information provided by the vendor under [References] section. | Lan\-W300n\/p_firmware, Lan\-W300n\/rs_firmware, Lan\-W301nr_firmware, Lan\-Wh300n\/dgp_firmware, Lan\-Wh300ndgpe_firmware, Wrc\-1167ghbk2_firmware, Wrc\-1167ghbk_firmware, Wrc\-1750ghbk2\-I_firmware, Wrc\-1750ghbk\-E_firmware, Wrc\-1750ghbk_firmware, Wrc\-2533ghbk2\-T_firmware, Wrc\-2533ghbk\-I_firmware, Wrc\-300febk_firmware, Wrc\-300ghbk2\-I_firmware, Wrc\-300ghbk_firmware, Wrc\-733febk_firmware, Wrc\-733ghbk\-C_firmware, Wrc\-733ghbk\-I_firmware, Wrc\-733ghbk_firmware, Wrc\-F1167acf_firmware, Wrc\-F300nf_firmware, Wrh\-150bk_firmware, Wrh\-150wh_firmware, Wrh\-300bk2\-S_firmware, Wrh\-300bk\-S_firmware, Wrh\-300bk_firmware, Wrh\-300rd_firmware, Wrh\-300sv_firmware, Wrh\-300wh2\-S_firmware, Wrh\-300wh\-H_firmware, Wrh\-300wh\-S_firmware, Wrh\-300wh_firmware, Wrh\-H300bk_firmware, Wrh\-H300wh_firmware | 6.5 | |
| 2023-11-16 | CVE-2023-43752 | OS command injection vulnerability in WRC-X3000GS2-W v1.05 and earlier, WRC-X3000GS2-B v1.05 and earlier, and WRC-X3000GS2A-B v1.05 and earlier allows a network-adjacent authenticated user to execute an arbitrary OS command by sending a specially crafted request. | Wrc\-X3000gs2\-B_firmware, Wrc\-X3000gs2\-W_firmware, Wrc\-X3000gs2a\-B_firmware | 8.0 | |
| 2023-11-16 | CVE-2023-47335 | Insecure permissions in the setNFZEnable function of Autel Robotics EVO Nano drone v1.6.5 allows attackers to breach the geo-fence and fly into no-fly zones. | Evo_nano_drone_firmware | 6.5 | |
| 2023-11-16 | CVE-2023-43275 | Cross-Site Request Forgery (CSRF) vulnerability in DedeCMS v5.7 in 110 backend management interface via /catalog_add.php, allows attackers to create crafted web pages due to a lack of verification of the token value of the submitted form. | Dedecms | 8.8 | |
| 2023-11-16 | CVE-2023-47003 | An issue in RedisGraph v.2.12.10 allows an attacker to execute arbitrary code and cause a denial of service via a crafted string in DataBlock_ItemIsDeleted. | Redisgraph | 9.8 | |
| 2023-11-16 | CVE-2021-35437 | SQL injection vulnerability in LMXCMS v.1.4 allows attacker to execute arbitrary code via the TagsAction.class. | Lmxcms | 9.8 | |
| 2023-11-16 | CVE-2023-47471 | Buffer Overflow vulnerability in strukturag libde265 v1.10.12 allows a local attacker to cause a denial of service via the slice_segment_header function in the slice.cc component. | Libde265 | 6.5 |