Main entries ~3682 :
Date Id Summary Products Score Patch Annotated
2013-08-14 CVE-2013-2126 Multiple double free vulnerabilities in the LibRaw::unpack function in libraw_cxx.cpp in LibRaw before 0.15.2 allow context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed full-color (1) Foveon or (2) sRAW image file. Ubuntu_linux, Libraw, Opensuse N/A
2014-05-27 CVE-2013-2124 Double free vulnerability in inspect-fs.c in LibguestFS 1.20.x before 1.20.7, 1.21.x, 1.22.0, and 1.23.0 allows remote attackers to cause a denial of service (crash) via empty guest files. Libguestfs N/A
2013-05-14 CVE-2013-2094 The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perf_event_open system call. Linux_kernel N/A
2013-11-18 CVE-2013-2061 The openvpn_decrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the CBC mode cipher. Opensuse, Openvpn, Openvpn_access_server N/A
2013-11-04 CVE-2013-2058 The host_start function in drivers/usb/chipidea/host.c in the Linux kernel before 3.7.4 does not properly support a certain non-streaming option, which allows local users to cause a denial of service (system crash) by sending a large amount of network traffic through a USB/Ethernet adapter. Linux_kernel N/A
2013-08-28 CVE-2013-2035 Race condition in hawtjni-runtime/src/main/java/org/fusesource/hawtjni/runtime/Library.java in HawtJNI before 1.8, when a custom library path is not specified, allows local users to execute arbitrary Java code by overwriting a temporary JAR file with a predictable name in /tmp. Hawtjni N/A
2014-04-25 CVE-2013-2025 Cross-site scripting (XSS) vulnerability in Ushahidi Platform 2.5.x through 2.6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Ushahidi_platform N/A
Remaining NVD entries (unprocessed / no code available): ~268105 :
Date Id Summary Products Score Patch
2024-11-29 CVE-2024-35366 FFmpeg n6.1.1 is Integer Overflow. The vulnerability exists in the parse_options function of sbgdec.c within the libavformat module. When parsing certain options, the software does not adequately validate the input. This allows for negative duration values to be accepted without proper bounds checking. N/A N/A
2024-11-29 CVE-2024-35367 FFmpeg n6.1.1 has an Out-of-bounds Read via libavcodec/ppc/vp8dsp_altivec.c, static const vec_s8 h_subpel_filters_outer N/A N/A
2024-11-29 CVE-2024-35368 FFmpeg n7.0 is affected by a Double Free via the rkmpp_retrieve_frame function within libavcodec/rkmppdec.c. N/A N/A
2024-11-29 CVE-2024-35371 Ant-Media-Serverv2.8.2 is affected by Improper Output Neutralization for Logs. The vulnerability stems from insufficient input sanitization in the logging mechanism. Without proper filtering or validation, user-controllable data, such as identifiers or other sensitive information, can be included in log entries without restrictions. N/A N/A
2024-11-29 CVE-2024-36610 A deserialization vulnerability exists in the Stub class of the VarDumper module in Symfony v7.0.3. The vulnerability stems from deficiencies in the original implementation when handling properties with null or uninitialized values. An attacker could construct specific serialized data and use this vulnerability to execute unauthorized code. N/A N/A
2024-11-29 CVE-2024-36612 Zulip from 8.0 to 8.3 contains a memory leak vulnerability in the handling of popovers. N/A N/A
2024-11-29 CVE-2024-53504 A SQL injection vulnerability has been identified in Siyuan 3.1.11 via the notebook parameter in /searchHistory. N/A N/A