Note:
This project will be discontinued after December 13, 2021. [more]
Main entries ~3682 :
Remaining NVD entries (unprocessed / no code available): ~264234 :
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2014-03-01 | CVE-2014-1912 | Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string. | Mac_os_x, Python | N/A | ||
2014-04-07 | CVE-2014-0160 | Heartbleed - The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug. | Symantec_messaging_gateway, Ubuntu_linux, Debian_linux, Fedora, Filezilla_server, V100_firmware, V60_firmware, Micollab, Mivoice, Openssl, Opensuse, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Gluster_storage, Storage, Virtualization, S9922l_firmware, Application_processing_engine_firmware, Cp_1543\-1_firmware, Elan\-8\.2, Simatic_s7\-1500_firmware, Simatic_s7\-1500t_firmware, Wincc_open_architecture, Splunk | 7.5 | ||
2021-09-08 | CVE-2021-40346 | An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add_header that can be exploited to perform an HTTP request smuggling attack, allowing an attacker to bypass all configured http-request HAProxy ACLs and possibly other ACLs. | Haproxy, Haproxy_docker_image | 7.5 | ||
2016-06-08 | CVE-2016-5108 | Buffer overflow in the DecodeAdpcmImaQT function in modules/codec/adpcm.c in VideoLAN VLC media player before 2.2.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted QuickTime IMA file. | Debian_linux, Vlc_media_player | 9.8 | ||
2017-06-01 | CVE-2017-8386 | git-shell did not correctly validate the given project path, allowing an argument injection which leads to arbitrary file reads and in some configurations command execution. | Ubuntu_linux, Debian_linux, Fedora, Git\-Shell, Leap | 8.8 | ||
2018-04-06 | CVE-2018-1000156 | GNU patch is processd by ed. This allows arbitrary command executions through a line beginning with ! | Ubuntu_linux, Debian_linux, Patch, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation | 7.8 | ||
2018-06-08 | CVE-2018-4222 | There is an out-of-bounds read when compiling WebAssembly source buffers in WebKit. If the buffer is a view, the offset is added to the buffer twice before this is copied. This could allow memory off the heap to be read out of the source buffer, either though parsing exceptions or data sections when they are copied | Icloud, Iphone_os, Itunes, Safari, Tvos, Watchos, Ubuntu_linux | 8.8 |
Date | Id | Summary | Products | Score | Patch |
---|---|---|---|---|---|
2024-03-22 | CVE-2024-28861 | Symfony 1 is a community-driven fork of the 1.x branch of Symfony, a PHP framework for web projects. Starting in version 1.1.0 and prior to version 1.5.19, Symfony 1 has a gadget chain due to dangerous deserialization in `sfNamespacedParameterHolder` class that would enable an attacker to get remote code execution if a developer deserializes user input in their project. Version 1.5.19 contains a patch for the issue. | N/A | N/A | |
2024-03-22 | CVE-2024-29042 | Translate is a package that allows users to convert text to different languages on Node.js and the browser. Prior to version 3.0.0, an attacker controlling the second variable of the `translate` function is able to perform a cache poisoning attack. They can change the outcome of translation requests made by subsequent users. The `opt.id` parameter allows the overwriting of the cache key. If an attacker sets the `id` variable to the cache key that would be generated by another user, they can... | N/A | N/A | |
2024-03-22 | CVE-2024-29184 | FreeScout is a self-hosted help desk and shared mailbox. A Stored Cross-Site Scripting (XSS) vulnerability has been identified within the Signature Input Field of the FreeScout Application prior to version 1.8.128. Stored XSS occurs when user input is not properly sanitized and is stored on the server, allowing an attacker to inject malicious scripts that will be executed when other users access the affected page. In this case, the Support Agent User can inject malicious scripts into their... | N/A | N/A | |
2024-03-22 | CVE-2024-29185 | FreeScout is a self-hosted help desk and shared mailbox. Versions prior to 1.8.128 are vulnerable to OS Command Injection in the /public/tools.php source file. The value of the php_path parameter is being executed as an OS command by the shell_exec function, without validating it. This allows an adversary to execute malicious OS commands on the server. A practical demonstration of the successful command injection attack extracted the /etc/passwd file of the server. This represented the... | N/A | N/A | |
2024-03-22 | CVE-2024-29186 | Bref is an open-source project that helps users go serverless on Amazon Web Services with PHP. When Bref prior to version 2.1.17 is used with the Event-Driven Function runtime and the handler is a `RequestHandlerInterface`, then the Lambda event is converted to a PSR7 object. During the conversion process, if the request is a MultiPart, each part is parsed. In the parsing process, the `Content-Type` header of each part is read using the `Riverline/multipart-parser` library. The library, in... | N/A | N/A | |
2024-03-22 | CVE-2024-2821 | A vulnerability, which was classified as problematic, has been found in DedeCMS 5.7. Affected by this issue is some unknown functionality of the file /src/dede/friendlink_edit.php. The manipulation of the argument id leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257708. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | N/A | N/A | |
2024-03-22 | CVE-2024-2820 | A vulnerability classified as problematic was found in DedeCMS 5.7. Affected by this vulnerability is an unknown functionality of the file /src/dede/baidunews.php. The manipulation of the argument filename leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257707. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | N/A | N/A |