Main entries ~3682 :
Date Id Summary Products Score Patch Annotated
2014-03-01 CVE-2014-1912 Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string. Mac_os_x, Python N/A
2014-04-07 CVE-2014-0160 Heartbleed - The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug. Symantec_messaging_gateway, Ubuntu_linux, Debian_linux, Fedora, Filezilla_server, V100_firmware, V60_firmware, Micollab, Mivoice, Openssl, Opensuse, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Gluster_storage, Storage, Virtualization, S9922l_firmware, Application_processing_engine_firmware, Cp_1543\-1_firmware, Elan\-8\.2, Simatic_s7\-1500_firmware, Simatic_s7\-1500t_firmware, Wincc_open_architecture, Splunk 7.5
2021-09-08 CVE-2021-40346 An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add_header that can be exploited to perform an HTTP request smuggling attack, allowing an attacker to bypass all configured http-request HAProxy ACLs and possibly other ACLs. Haproxy, Haproxy_docker_image 7.5
2016-06-08 CVE-2016-5108 Buffer overflow in the DecodeAdpcmImaQT function in modules/codec/adpcm.c in VideoLAN VLC media player before 2.2.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted QuickTime IMA file. Debian_linux, Vlc_media_player 9.8
2017-06-01 CVE-2017-8386 git-shell did not correctly validate the given project path, allowing an argument injection which leads to arbitrary file reads and in some configurations command execution. Ubuntu_linux, Debian_linux, Fedora, Git\-Shell, Leap 8.8
2018-04-06 CVE-2018-1000156 GNU patch is processd by ed. This allows arbitrary command executions through a line beginning with ! Ubuntu_linux, Debian_linux, Patch, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation 7.8
2018-06-08 CVE-2018-4222 There is an out-of-bounds read when compiling WebAssembly source buffers in WebKit. If the buffer is a view, the offset is added to the buffer twice before this is copied. This could allow memory off the heap to be read out of the source buffer, either though parsing exceptions or data sections when they are copied Icloud, Iphone_os, Itunes, Safari, Tvos, Watchos, Ubuntu_linux 8.8
Remaining NVD entries (unprocessed / no code available): ~265375 :
Date Id Summary Products Score Patch
2024-02-13 CVE-2023-6516 To keep its cache database efficient, `named` running as a recursive resolver occasionally attempts to clean up the database. It uses several methods, including some that are asynchronous: a small chunk of memory pointing to the cache element that can be cleaned up is first allocated and then queued for later processing. It was discovered that if the resolver is continuously processing query patterns triggering this type of cache-database maintenance, `named` may not be able to handle the... Bind, Active_iq_unified_manager 7.5
2024-02-13 CVE-2023-5680 If a resolver cache has a very large number of ECS records stored for the same name, the process of cleaning the cache database node for this name can significantly impair query performance. This issue affects BIND 9 versions 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1. Bind, Active_iq_unified_manager 5.3
2024-02-13 CVE-2023-4408 The DNS message parsing code in `named` includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may cause excessive CPU load on the affected `named` instance by exploiting this flaw. This issue affects both authoritative servers and recursive resolvers. This issue affects BIND 9 versions 9.0.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1... Fedora, Bind, Ontap 7.5
2024-02-13 CVE-2024-24782 An unauthenticated attacker can send a ping request from one network to another through an error in the origin verification even though the ports are separated by VLAN. F30_03x_yy_\(Com\)_firmware, F30_03x_yy_\(Cpu\)_firmware, F35_03x_yy_\(Com\)_firmware, F35_03x_yy_\(Cpu\)_firmware, F60_cpu_03x_yy_\(Com\)_firmware, F60_cpu_03x_yy_\(Cpu\)_firmware, F\-Com_01_firmware, F\-Cpu_01_firmware, X\-Com_01_e_yy_firmware, X\-Com_01_yy_firmware, X\-Cpu_01_firmware, X\-Cpu_31_firmware, X\-Sb_01_firmware 4.3
2024-02-13 CVE-2024-24781 An unauthenticated remote attacker can use an uncontrolled resource consumption vulnerability to DoS the affected devices through excessive traffic on a single ethernet port.  F30_03x_yy_\(Com\)_firmware, F30_03x_yy_\(Cpu\)_firmware, F35_03x_yy_\(Com\)_firmware, F35_03x_yy_\(Cpu\)_firmware, F60_cpu_03x_yy_\(Com\)_firmware, F60_cpu_03x_yy_\(Cpu\)_firmware, F\-Com_01_firmware, F\-Cpu_01_firmware, X\-Com_01_e_yy_firmware, X\-Com_01_yy_firmware, X\-Cpu_01_firmware, X\-Cpu_31_firmware, X\-Sb_01_firmware 7.5
2024-02-13 CVE-2024-1309 Uncontrolled Resource Consumption vulnerability in Honeywell Niagara Framework on Windows, Linux, QNX allows Content Spoofing.This issue affects Niagara Framework: before Niagara AX 3.8.1, before Niagara 4.1. N/A N/A
2024-02-13 CVE-2024-0707 Rejected reason: **REJECT** Not a valid vulnerability. N/A N/A