Note:
This project will be discontinued after December 13, 2021. [more]
Main entries ~3682 :
Remaining NVD entries (unprocessed / no code available): ~266750 :
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2012-06-13 | CVE-2011-2208 | Integer signedness error in the osf_getdomainname function in arch/alpha/kernel/osf_sys.c in the Linux kernel before 2.6.39.4 on the Alpha platform allows local users to obtain sensitive information from kernel memory via a crafted call. | Linux_kernel | N/A | ||
| 2011-06-22 | CVE-2011-2206 | XMLParser.pm in DJabberd before 0.85 allows remote authenticated users to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML external entity declaration in conjunction with an entity reference, a different vulnerability than CVE-2011-1757. | Djabberd | N/A | ||
| 2012-06-13 | CVE-2011-2183 | Race condition in the scan_get_next_rmap_item function in mm/ksm.c in the Linux kernel before 2.6.39.3, when Kernel SamePage Merging (KSM) is enabled, allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted application. | Linux_kernel | N/A | ||
| 2012-06-13 | CVE-2011-2182 | The ldm_frag_add function in fs/partitions/ldm.c in the Linux kernel before 2.6.39.1 does not properly handle memory allocation for non-initial fragments, which might allow local users to conduct buffer overflow attacks, and gain privileges or obtain sensitive information, via a crafted LDM partition table. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1017. | Linux_kernel | N/A | ||
| 2011-05-20 | CVE-2011-2161 | The ape_read_header function in ape.c in libavformat in FFmpeg before 0.5.4, as used in MPlayer, VideoLAN VLC media player, and other products, allows remote attackers to cause a denial of service (application crash) via an APE (aka Monkey's Audio) file that contains a header but no frames. | Ffmpeg | N/A | ||
| 2011-05-31 | CVE-2011-1937 | Cross-site scripting (XSS) vulnerability in Webmin 1.540 and earlier allows local users to inject arbitrary web script or HTML via a chfn command that changes the real (aka Full Name) field, related to useradmin/index.cgi and useradmin/user-lib.pl. | Webmin | N/A | ||
| 2012-06-13 | CVE-2011-1927 | The ip_expire function in net/ipv4/ip_fragment.c in the Linux kernel before 2.6.39 does not properly construct ICMP_TIME_EXCEEDED packets after a timeout, which allows remote attackers to cause a denial of service (invalid pointer dereference) via crafted fragmented packets. | Linux_kernel | N/A |
| Date | Id | Summary | Products | Score | Patch |
|---|---|---|---|---|---|
| 2024-11-20 | CVE-2024-52757 | D-LINK DI-8003 v16.07.16A1 was discovered to contain a buffer overflow via the notify parameter in the arp_sys_asp function. | N/A | N/A | |
| 2024-11-20 | CVE-2024-45510 | An issue was discovered in Zimbra Collaboration (ZCS) through 10.0. Zimbra Webmail (Modern UI) is vulnerable to a stored Cross-Site Scripting (XSS) attack due to improper sanitization of user input. This allows an attacker to inject malicious code into specific fields of an e-mail message. When the victim adds the attacker to their contacts, the malicious code is stored and executed when viewing the contact list. This can lead to unauthorized actions such as arbitrary mail sending, mailbox... | N/A | N/A | |
| 2024-11-20 | CVE-2024-48981 | An issue was discovered in MBed OS 6.16.0. During processing of HCI packets, the software dynamically determines the length of the packet header by looking up the identifying first byte and matching it against a table of possible lengths. The initial parsing function, hciTrSerialRxIncoming does not drop packets with invalid identifiers but also does not set a safe default for the length of unknown packets' headers, leading to a buffer overflow. This can be leveraged into an arbitrary write... | N/A | N/A | |
| 2024-11-20 | CVE-2024-48983 | An issue was discovered in MBed OS 6.16.0. During processing of HCI packets, the software dynamically determines the length of the packet data by reading 2 bytes from the packet header. A buffer is then allocated to contain the entire packet, the size of which is calculated as the length of the packet body determined earlier plus the header length. WsfMsgAlloc then increments this again by sizeof(wsfMsg_t). This may cause an integer overflow that results in the buffer being significantly too... | N/A | N/A | |
| 2024-11-20 | CVE-2024-48985 | An issue was discovered in MBed OS 6.16.0. During processing of HCI packets, the software dynamically determines the length of the packet data by reading 2 bytes from the packet data. A buffer is then allocated to contain the entire packet, the size of which is calculated as the length of the packet body determined earlier and the header length. If the allocate fails because the specified packet is too large, no exception handling occurs and hciTrSerialRxIncoming continues to write bytes... | N/A | N/A | |
| 2024-11-20 | CVE-2024-52754 | D-LINK DI-8003 v16.07.16A1 was discovered to contain a buffer overflow via the fn parameter in the tgfile_htm function. | N/A | N/A | |
| 2024-11-20 | CVE-2024-33439 | An issue in Kasda LinkSmart Router KW5515 v1.7 and before allows an authenticated remote attacker to execute arbitrary OS commands via cgi parameters. | N/A | N/A |