Recent vulnerabilities
| ID | Description | Published | Updated |
|---|---|---|---|
| ghsa-6q5r-8qc5-j49x | Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows … | 2022-05-13T01:17:05Z | 2025-11-05T00:31:12Z |
| ghsa-php4-mj74-f79r | Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRock… | 2022-05-13T01:17:09Z | 2025-10-22T00:31:13Z |
| ghsa-69xw-2hhx-gvfg | Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60 allows remote attackers to affect… | 2022-05-13T01:17:14Z | 2025-10-22T00:31:11Z |
| ghsa-4w6g-87mh-x63x | A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could … | 2022-05-13T01:17:28Z | 2025-10-22T00:31:30Z |
| ghsa-7f45-f5vf-rrpw | A vulnerability in the DHCP option 82 encapsulation functionality of Cisco IOS Software and Cisco I… | 2022-05-13T01:17:28Z | 2025-10-22T00:31:30Z |
| ghsa-qmg7-32mc-92p9 | A vulnerability in the Bidirectional Forwarding Detection (BFD) offload implementation of Cisco Cat… | 2022-05-13T01:17:28Z | 2025-10-22T00:31:30Z |
| ghsa-2ccw-7gjg-m467 | A vulnerability in Java deserialization used by Cisco Secure Access Control System (ACS) prior to r… | 2022-05-13T01:17:29Z | 2025-10-22T00:31:30Z |
| ghsa-4gvr-xfhg-jc8f | Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 an… | 2022-05-13T01:17:37Z | 2025-10-22T00:31:36Z |
| ghsa-h2mj-pqgp-xmmj | A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) could allow an … | 2022-05-13T01:17:37Z | 2025-10-22T00:31:35Z |
| ghsa-p86w-qv2x-rf6j | Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have a… | 2022-05-13T01:17:38Z | 2025-10-22T00:31:35Z |
| ghsa-7cc9-8vjg-gpp8 | Adobe ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 and earlier, ColdFusion 10 Upda… | 2022-05-13T01:17:39Z | 2025-10-22T00:31:21Z |
| ghsa-25w3-v3vx-g29w | A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could … | 2022-05-13T01:17:43Z | 2025-10-22T00:31:30Z |
| ghsa-j7mw-7crr-658v | Richfaces vulnerable to arbitrary code execution | 2022-05-13T01:17:53Z | 2025-10-22T17:36:28Z |
| ghsa-4prc-qxrc-76p6 | Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microso… | 2022-05-13T01:18:28Z | 2025-10-22T00:31:30Z |
| ghsa-x323-9hmm-gv8q | Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microso… | 2022-05-13T01:18:29Z | 2025-10-22T00:31:29Z |
| ghsa-jjm4-89hr-gf27 | Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 allowed a remote atta… | 2022-05-13T01:19:25Z | 2025-10-22T00:31:36Z |
| ghsa-wg2v-fx2j-3jrr | The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before… | 2022-05-13T01:19:46Z | 2025-10-22T00:31:36Z |
| ghsa-3rj8-qvqp-3335 | Adobe Flash Player versions 29.0.0.171 and earlier have a Stack-based buffer overflow vulnerability… | 2022-05-13T01:20:18Z | 2025-10-22T00:31:36Z |
| ghsa-cw7c-4r65-xf9h | Integer overflow in computing the required allocation size when instantiating a new javascript obje… | 2022-05-13T01:20:24Z | 2025-10-22T00:31:36Z |
| ghsa-5cv8-848m-hmm2 | A remote code execution vulnerability exists in the way that the VBScript engine handles objects in… | 2022-05-13T01:20:41Z | 2025-10-22T00:31:35Z |
| ghsa-wgw2-wwq8-c7wf | ChakraCore RCE Vulnerability | 2022-05-13T01:20:46Z | 2025-10-22T17:37:09Z |
| ghsa-9qm8-3m9q-ghgq | A remote code execution vulnerability exists in the way that the scripting engine handles objects i… | 2022-05-13T01:20:49Z | 2025-10-22T00:31:36Z |
| ghsa-3vmp-cf5x-w457 | An elevation of privilege vulnerability exists when Windows improperly handles authentication reque… | 2022-05-13T01:21:15Z | 2025-10-22T00:31:37Z |
| ghsa-49rq-p3m9-2cqc | An information disclosure vulnerability exists when Internet Explorer improperly handles objects in… | 2022-05-13T01:21:29Z | 2025-10-22T00:31:37Z |
| ghsa-4363-m599-g24f | An information disclosure vulnerability exists in the way that the Windows SMB Server handles certa… | 2022-05-13T01:21:30Z | 2025-10-22T00:31:37Z |
| ghsa-x6vm-vfwq-m3w7 | A remote code execution vulnerability exists in the way that the scripting engine handles objects i… | 2022-05-13T01:21:31Z | 2025-10-22T00:31:38Z |
| ghsa-74qg-858w-vpcj | An elevation of privilege vulnerability exists in Windows when the Win32k component fails to proper… | 2022-05-13T01:21:35Z | 2025-10-22T00:31:37Z |
| ghsa-6h99-5j8v-7r3p | An elevation of privilege vulnerability exists in Windows when the Win32k component fails to proper… | 2022-05-13T01:21:36Z | 2025-10-22T00:31:38Z |
| ghsa-8wc3-99q7-2qvc | An elevation of privilege vulnerability exists in Windows when the Win32k component fails to proper… | 2022-05-13T01:21:36Z | 2025-10-22T00:31:37Z |
| ghsa-wqq2-j7vf-7rw9 | An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) impro… | 2022-05-13T01:21:38Z | 2025-10-22T00:31:38Z |
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| cve-2015-2291 | N/A | (1) IQVW32.sys before 1.3.1.0 and (2) IQVW64.sys … |
n/a |
n/a |
2017-08-09T18:00:00.000Z | 2025-10-21T23:55:35.705Z |
| cve-2017-6327 | N/A | The Symantec Messaging Gateway before 10.6.3-267 … |
Symantec Corporation |
Messaging Gateway |
2017-08-11T20:00:00.000Z | 2025-10-21T23:55:35.541Z |
| cve-2017-11317 | N/A | Telerik.Web.UI in Progress Telerik UI for ASP.NET… |
n/a |
n/a |
2017-08-23T17:00:00.000Z | 2025-10-21T23:55:35.342Z |
| cve-2017-11357 | N/A | Progress Telerik UI for ASP.NET AJAX before R2 20… |
n/a |
n/a |
2017-08-23T17:00:00.000Z | 2025-10-21T23:55:35.158Z |
| cve-2015-1325 | N/A | Race condition in Apport before 2.17.2-0ubuntu1.1… |
n/a |
n/a |
2017-08-25T18:00:00.000Z | 2025-11-03T19:25:16.928Z |
| cve-2015-3976 | 6.8 (v2.0) | GE Multilink Cross-site Scripting |
GE |
Multilink ML800/1200/1600/2400 |
2017-08-28T15:00:00 | 2025-11-04T23:33:49.742Z |
| cve-2017-6627 | N/A | A vulnerability in the UDP processing code of Cis… |
n/a |
Cisco IOS and Cisco IOS XE |
2017-09-07T21:00:00.000Z | 2025-10-21T23:55:34.940Z |
| cve-2017-14227 | N/A | In MongoDB libbson 1.7.0, the bson_iter_codewscop… |
n/a |
n/a |
2017-09-09T08:00:00.000Z | 2025-11-03T19:25:19.804Z |
| cve-2017-8759 | N/A | Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, … |
Microsoft Corporation |
Microsoft .NET Framework |
2017-09-13T01:00:00.000Z | 2025-10-21T23:55:34.790Z |
| cve-2017-9805 | N/A | The REST Plugin in Apache Struts 2.1.1 through 2.… |
Apache Software Foundation |
Apache Struts |
2017-09-15T19:00:00.000Z | 2025-10-21T23:55:34.589Z |
| cve-2017-9798 | N/A | Apache httpd allows remote attackers to read secr… |
Apache Software Foundation |
Apache HTTP Server |
2017-09-18T15:00:00.000Z | 2025-11-04T16:09:11.219Z |
| cve-2017-12615 | N/A | When running Apache Tomcat 7.0.0 to 7.0.79 on Win… |
Apache Software Foundation |
Apache Tomcat |
2017-09-19T13:00:00.000Z | 2025-10-21T23:55:34.335Z |
| cve-2015-1187 | N/A | The ping tool in multiple D-Link and TRENDnet dev… |
n/a |
n/a |
2017-09-21T16:00:00.000Z | 2025-10-21T23:55:34.177Z |
| cve-2017-12231 | N/A | A vulnerability in the implementation of Network … |
n/a |
Cisco IOS |
2017-09-28T07:00:00.000Z | 2025-10-21T23:55:34.025Z |
| cve-2017-12232 | N/A | A vulnerability in the implementation of a protoc… |
n/a |
Cisco IOS |
2017-09-28T07:00:00.000Z | 2025-10-21T23:55:33.696Z |
| cve-2017-12233 | N/A | Multiple vulnerabilities in the implementation of… |
n/a |
Cisco IOS |
2017-09-28T07:00:00.000Z | 2025-10-21T23:55:33.512Z |
| cve-2017-12234 | N/A | Multiple vulnerabilities in the implementation of… |
n/a |
Cisco IOS |
2017-09-28T07:00:00.000Z | 2025-10-21T23:55:33.317Z |
| cve-2017-12235 | N/A | A vulnerability in the implementation of the PROF… |
n/a |
Cisco IOS |
2017-09-28T07:00:00.000Z | 2025-10-21T23:55:33.076Z |
| cve-2017-12237 | N/A | A vulnerability in the Internet Key Exchange Vers… |
n/a |
Cisco IOS and IOS XE |
2017-09-28T07:00:00.000Z | 2025-10-21T23:55:32.904Z |
| cve-2017-12238 | N/A | A vulnerability in the Virtual Private LAN Servic… |
n/a |
Cisco IOS |
2017-09-28T07:00:00.000Z | 2025-10-21T23:55:32.747Z |
| cve-2017-12240 | N/A | The DHCP relay subsystem of Cisco IOS 12.2 throug… |
n/a |
Cisco IOS and IOS XE |
2017-09-28T07:00:00.000Z | 2025-10-21T23:55:32.580Z |
| cve-2017-12617 | N/A | When running Apache Tomcat versions 9.0.0.M1 to 9… |
Apache Software Foundation |
Apache Tomcat |
2017-10-03T15:00:00.000Z | 2025-10-21T23:55:32.381Z |
| cve-2017-1000253 | N/A | Linux distributions that have not patched their l… |
n/a |
n/a |
2017-10-04T01:00:00.000Z | 2025-10-21T23:55:32.192Z |
| cve-2017-12149 | N/A | In Jboss Application Server as shipped with Red H… |
Red Hat, Inc. |
jbossas |
2017-10-04T20:00:00.000Z | 2025-10-21T23:55:31.822Z |
| cve-2017-11774 | N/A | Microsoft Outlook 2010 SP2, Outlook 2013 SP1 and … |
Microsoft Corporation |
Microsoft Outlook |
2017-10-13T13:00:00.000Z | 2025-10-21T23:55:31.465Z |
| cve-2017-11826 | N/A | Microsoft Office 2010, SharePoint Enterprise Serv… |
Microsoft Corporation |
Microsoft Office |
2017-10-13T13:00:00.000Z | 2025-10-21T23:55:31.281Z |
| cve-2017-10271 | N/A | Vulnerability in the Oracle WebLogic Server compo… |
Oracle Corporation |
WebLogic Server |
2017-10-19T17:00:00.000Z | 2025-10-21T23:55:31.111Z |
| cve-2017-11292 | N/A | Adobe Flash Player version 27.0.0.159 and earlier… |
n/a |
Adobe Flash Player version 27.0.0.159 and earlier |
2017-10-21T05:00:00.000Z | 2025-10-21T23:55:30.944Z |
| cve-2017-5070 | N/A | Type confusion in V8 in Google Chrome prior to 59… |
n/a |
Google Chrome prior to 59.0.3071.86 for Linux, Windows and Mac, and 59.0.3071.92 for Android |
2017-10-27T05:00:00.000Z | 2025-10-21T23:55:30.609Z |
| cve-2017-16651 | N/A | Roundcube Webmail before 1.1.10, 1.2.x before 1.2… |
n/a |
n/a |
2017-11-09T14:00:00.000Z | 2025-10-21T23:55:30.379Z |
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| cve-2017-6316 | N/A | Citrix NetScaler SD-WAN devices through v9.1.2.26… |
n/a |
n/a |
2017-07-20T04:00:00.000Z | 2025-10-21T23:55:36.360Z |
| cve-2017-9822 | N/A | DNN (aka DotNetNuke) before 9.1.1 has Remote Code… |
DotNetNuke |
DotNetNuke CMS Fixed in 9.1.1 |
2017-07-20T12:00:00.000Z | 2025-10-21T23:55:36.233Z |
| cve-2017-6663 | N/A | A vulnerability in the Autonomic Networking featu… |
n/a |
Cisco IOS and IOS XE |
2017-08-07T06:00:00.000Z | 2025-10-21T23:55:36.078Z |
| cve-2017-12637 | N/A | Directory traversal vulnerability in scheduler/ui… |
n/a |
n/a |
2017-08-07T20:00:00.000Z | 2025-10-21T23:55:35.932Z |
| cve-2015-2291 | N/A | (1) IQVW32.sys before 1.3.1.0 and (2) IQVW64.sys … |
n/a |
n/a |
2017-08-09T18:00:00.000Z | 2025-10-21T23:55:35.705Z |
| cve-2017-6327 | N/A | The Symantec Messaging Gateway before 10.6.3-267 … |
Symantec Corporation |
Messaging Gateway |
2017-08-11T20:00:00.000Z | 2025-10-21T23:55:35.541Z |
| cve-2017-11317 | N/A | Telerik.Web.UI in Progress Telerik UI for ASP.NET… |
n/a |
n/a |
2017-08-23T17:00:00.000Z | 2025-10-21T23:55:35.342Z |
| cve-2017-11357 | N/A | Progress Telerik UI for ASP.NET AJAX before R2 20… |
n/a |
n/a |
2017-08-23T17:00:00.000Z | 2025-10-21T23:55:35.158Z |
| cve-2015-1325 | N/A | Race condition in Apport before 2.17.2-0ubuntu1.1… |
n/a |
n/a |
2017-08-25T18:00:00.000Z | 2025-11-03T19:25:16.928Z |
| cve-2015-3976 | 6.8 (v2.0) | GE Multilink Cross-site Scripting |
GE |
Multilink ML800/1200/1600/2400 |
2017-08-28T15:00:00 | 2025-11-04T23:33:49.742Z |
| cve-2017-6627 | N/A | A vulnerability in the UDP processing code of Cis… |
n/a |
Cisco IOS and Cisco IOS XE |
2017-09-07T21:00:00.000Z | 2025-10-21T23:55:34.940Z |
| cve-2017-14227 | N/A | In MongoDB libbson 1.7.0, the bson_iter_codewscop… |
n/a |
n/a |
2017-09-09T08:00:00.000Z | 2025-11-03T19:25:19.804Z |
| cve-2017-8759 | N/A | Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, … |
Microsoft Corporation |
Microsoft .NET Framework |
2017-09-13T01:00:00.000Z | 2025-10-21T23:55:34.790Z |
| cve-2017-9805 | N/A | The REST Plugin in Apache Struts 2.1.1 through 2.… |
Apache Software Foundation |
Apache Struts |
2017-09-15T19:00:00.000Z | 2025-10-21T23:55:34.589Z |
| cve-2017-9798 | N/A | Apache httpd allows remote attackers to read secr… |
Apache Software Foundation |
Apache HTTP Server |
2017-09-18T15:00:00.000Z | 2025-11-04T16:09:11.219Z |
| cve-2017-12615 | N/A | When running Apache Tomcat 7.0.0 to 7.0.79 on Win… |
Apache Software Foundation |
Apache Tomcat |
2017-09-19T13:00:00.000Z | 2025-10-21T23:55:34.335Z |
| cve-2015-1187 | N/A | The ping tool in multiple D-Link and TRENDnet dev… |
n/a |
n/a |
2017-09-21T16:00:00.000Z | 2025-10-21T23:55:34.177Z |
| cve-2017-12231 | N/A | A vulnerability in the implementation of Network … |
n/a |
Cisco IOS |
2017-09-28T07:00:00.000Z | 2025-10-21T23:55:34.025Z |
| cve-2017-12232 | N/A | A vulnerability in the implementation of a protoc… |
n/a |
Cisco IOS |
2017-09-28T07:00:00.000Z | 2025-10-21T23:55:33.696Z |
| cve-2017-12233 | N/A | Multiple vulnerabilities in the implementation of… |
n/a |
Cisco IOS |
2017-09-28T07:00:00.000Z | 2025-10-21T23:55:33.512Z |
| cve-2017-12234 | N/A | Multiple vulnerabilities in the implementation of… |
n/a |
Cisco IOS |
2017-09-28T07:00:00.000Z | 2025-10-21T23:55:33.317Z |
| cve-2017-12235 | N/A | A vulnerability in the implementation of the PROF… |
n/a |
Cisco IOS |
2017-09-28T07:00:00.000Z | 2025-10-21T23:55:33.076Z |
| cve-2017-12237 | N/A | A vulnerability in the Internet Key Exchange Vers… |
n/a |
Cisco IOS and IOS XE |
2017-09-28T07:00:00.000Z | 2025-10-21T23:55:32.904Z |
| cve-2017-12238 | N/A | A vulnerability in the Virtual Private LAN Servic… |
n/a |
Cisco IOS |
2017-09-28T07:00:00.000Z | 2025-10-21T23:55:32.747Z |
| cve-2017-12240 | N/A | The DHCP relay subsystem of Cisco IOS 12.2 throug… |
n/a |
Cisco IOS and IOS XE |
2017-09-28T07:00:00.000Z | 2025-10-21T23:55:32.580Z |
| cve-2017-12617 | N/A | When running Apache Tomcat versions 9.0.0.M1 to 9… |
Apache Software Foundation |
Apache Tomcat |
2017-10-03T15:00:00.000Z | 2025-10-21T23:55:32.381Z |
| cve-2017-12149 | N/A | In Jboss Application Server as shipped with Red H… |
Red Hat, Inc. |
jbossas |
2017-10-04T20:00:00.000Z | 2025-10-21T23:55:31.822Z |
| cve-2017-1000253 | N/A | Linux distributions that have not patched their l… |
n/a |
n/a |
2017-10-04T01:00:00.000Z | 2025-10-21T23:55:32.192Z |
| cve-2017-11774 | N/A | Microsoft Outlook 2010 SP2, Outlook 2013 SP1 and … |
Microsoft Corporation |
Microsoft Outlook |
2017-10-13T13:00:00.000Z | 2025-10-21T23:55:31.465Z |
| cve-2017-11826 | N/A | Microsoft Office 2010, SharePoint Enterprise Serv… |
Microsoft Corporation |
Microsoft Office |
2017-10-13T13:00:00.000Z | 2025-10-21T23:55:31.281Z |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| mal-2024-10875 | Malicious code in vite-plugin-unus-api-register (npm) | 2024-11-21T20:24:52Z | 2024-12-20T00:33:13Z |
| mal-2024-10880 | Malicious code in maven-dependency-submission-action (npm) | 2024-11-22T22:52:14Z | 2024-12-20T00:33:12Z |
| mal-2024-10881 | Malicious code in security-alert-watcher (npm) | 2024-11-22T23:15:54Z | 2024-12-20T00:33:13Z |
| mal-2024-10882 | Malicious code in codeql-sarif-security-standard-annotator (npm) | 2024-11-22T23:43:18Z | 2024-12-20T00:33:12Z |
| mal-2024-10884 | Malicious code in ens-app-v2 (npm) | 2024-11-23T00:25:36Z | 2024-12-20T00:33:12Z |
| mal-2024-10883 | Malicious code in codeql-extractor-iac-action (npm) | 2024-11-23T00:37:12Z | 2024-12-20T00:33:12Z |
| mal-2024-10891 | Malicious code in graph-studio-billing-contracts (npm) | 2024-11-23T01:54:55Z | 2024-12-20T00:33:12Z |
| mal-2024-10892 | Malicious code in hackbron (npm) | 2024-11-23T07:12:41Z | 2024-12-18T00:34:37Z |
| mal-2024-10893 | Malicious code in kiosk-cli (npm) | 2024-11-23T13:49:34Z | 2024-12-20T00:33:12Z |
| mal-2024-10897 | Malicious code in nylas-private-sounds (npm) | 2024-11-24T18:30:53Z | 2024-12-20T00:33:12Z |
| mal-2024-10896 | Malicious code in nylas-private-fonts (npm) | 2024-11-24T18:37:11Z | 2024-12-20T00:33:12Z |
| mal-2024-10898 | Malicious code in canvaskit-local (npm) | 2024-11-24T20:11:04Z | 2024-12-13T00:36:12Z |
| mal-2024-10942 | Malicious code in rootkitfix (npm) | 2024-11-25T01:03:01Z | 2024-12-09T14:39:22Z |
| mal-2024-10943 | Malicious code in solarafix (npm) | 2024-11-25T01:03:01Z | 2024-12-09T14:39:22Z |
| mal-2024-10933 | Malicious code in fixsolara (npm) | 2024-11-25T01:03:02Z | 2024-12-09T14:39:21Z |
| mal-2024-10899 | Malicious code in cloud-functions-schedule-instance (npm) | 2024-11-25T17:50:59Z | 2024-12-13T00:36:12Z |
| mal-2024-10900 | Malicious code in rc-network (npm) | 2024-11-25T18:20:45Z | 2024-12-20T00:33:13Z |
| mal-2024-10901 | Malicious code in aries-bifold-root (npm) | 2024-11-25T19:54:13Z | 2024-12-20T00:33:12Z |
| mal-2024-10913 | Malicious code in symphony-markdown (npm) | 2024-11-25T22:10:18Z | 2024-12-13T00:36:13Z |
| mal-2024-10927 | Malicious code in eslint-config-video-supply (npm) | 2024-11-25T23:44:04Z | 2025-02-03T18:38:40Z |
| mal-2024-10945 | Malicious code in testsdsdsdsd (npm) | 2024-11-25T23:44:04Z | 2024-12-09T14:39:22Z |
| mal-2024-10952 | Malicious code in cfc-i18n (npm) | 2024-11-26T03:09:50Z | 2024-12-09T14:39:21Z |
| mal-2024-10957 | Malicious code in crypt-research (npm) | 2024-11-26T03:10:44Z | 2025-02-03T18:38:39Z |
| mal-2024-10977 | Malicious code in hacker_for_pastebin (npm) | 2024-11-26T03:11:36Z | 2024-12-09T14:39:22Z |
| mal-2024-10990 | Malicious code in nativeapp-bridge (npm) | 2024-11-26T05:23:02Z | 2024-12-09T14:39:22Z |
| mal-2024-10962 | Malicious code in eds-charts-react (npm) | 2024-11-26T05:28:25Z | 2025-02-03T18:38:39Z |
| mal-2024-10964 | Malicious code in eslint-config-merchant-rn (npm) | 2024-11-26T05:28:26Z | 2025-02-03T18:38:40Z |
| mal-2024-10965 | Malicious code in eslint-config-merchant-web (npm) | 2024-11-26T05:28:26Z | 2025-02-03T18:38:40Z |
| mal-2024-10966 | Malicious code in eslint-config-seller (npm) | 2024-11-26T05:28:26Z | 2025-02-03T18:38:40Z |
| mal-2024-10954 | Malicious code in commitlint-plugin-marketing-rules (npm) | 2024-11-26T05:29:17Z | 2025-02-03T18:38:39Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| rhsa-2011:0451 | Red Hat Security Advisory: flash-plugin security update | 2011-04-18T15:38:00+00:00 | 2025-11-08T03:18:16+00:00 |
| rhsa-2011:0490 | Red Hat Security Advisory: java-1.4.2-ibm security update | 2011-05-05T17:42:00+00:00 | 2025-11-08T03:18:14+00:00 |
| rhsa-2011:0511 | Red Hat Security Advisory: flash-plugin security update | 2011-05-13T09:05:00+00:00 | 2025-11-08T03:18:17+00:00 |
| rhsa-2011:0850 | Red Hat Security Advisory: flash-plugin security update | 2011-06-06T14:46:00+00:00 | 2025-11-08T03:18:22+00:00 |
| rhsa-2011:0856 | Red Hat Security Advisory: java-1.6.0-openjdk security update | 2011-06-08T14:30:00+00:00 | 2025-11-08T03:18:18+00:00 |
| rhsa-2011:0858 | Red Hat Security Advisory: xerces-j2 security update | 2011-06-08T14:36:00+00:00 | 2025-11-08T03:27:24+00:00 |
| rhsa-2011:0857 | Red Hat Security Advisory: java-1.6.0-openjdk security update | 2011-06-08T14:42:00+00:00 | 2025-11-08T03:18:18+00:00 |
| rhsa-2011:0860 | Red Hat Security Advisory: java-1.6.0-sun security update | 2011-06-08T15:18:00+00:00 | 2025-11-08T03:18:19+00:00 |
| rhsa-2011:0869 | Red Hat Security Advisory: flash-plugin security update | 2011-06-15T09:30:00+00:00 | 2025-11-08T03:18:20+00:00 |
| rhsa-2011:0870 | Red Hat Security Advisory: java-1.4.2-ibm-sap security update | 2011-06-15T09:46:00+00:00 | 2025-11-08T03:18:23+00:00 |
| rhsa-2011:0880 | Red Hat Security Advisory: Red Hat Network Satellite server IBM Java Runtime security update | 2011-06-16T19:13:00+00:00 | 2025-11-08T03:18:26+00:00 |
| rhsa-2011:0896 | Red Hat Security Advisory: JBoss Enterprise Web Server 1.0.2 update | 2011-06-22T23:14:00+00:00 | 2025-11-08T03:27:24+00:00 |
| rhsa-2011:0938 | Red Hat Security Advisory: java-1.6.0-ibm security update | 2011-07-15T03:55:00+00:00 | 2025-11-08T03:18:26+00:00 |
| rhsa-2011:1000 | Red Hat Security Advisory: rgmanager security, bug fix, and enhancement update | 2011-07-21T09:22:00+00:00 | 2025-11-08T03:27:24+00:00 |
| rhsa-2011:1087 | Red Hat Security Advisory: java-1.5.0-ibm security update | 2011-07-22T22:45:00+00:00 | 2025-11-08T03:18:29+00:00 |
| rhsa-2011:1144 | Red Hat Security Advisory: flash-plugin security update | 2011-08-10T15:57:00+00:00 | 2025-11-08T03:18:29+00:00 |
| rhsa-2011:1159 | Red Hat Security Advisory: java-1.4.2-ibm security update | 2011-08-15T17:45:00+00:00 | 2025-11-08T03:18:31+00:00 |
| rhsa-2011:1265 | Red Hat Security Advisory: java-1.4.2-ibm-sap security update | 2011-09-06T21:15:00+00:00 | 2025-11-08T03:18:32+00:00 |
| rhsa-2011:1333 | Red Hat Security Advisory: flash-plugin security update | 2011-09-22T16:45:00+00:00 | 2025-11-08T03:18:32+00:00 |
| rhsa-2011:1380 | Red Hat Security Advisory: java-1.6.0-openjdk security update | 2011-10-18T23:19:00+00:00 | 2025-11-08T03:18:33+00:00 |
| rhsa-2011:1384 | Red Hat Security Advisory: java-1.6.0-sun security update | 2011-10-19T17:17:00+00:00 | 2025-11-08T03:18:36+00:00 |
| rhsa-2011:1434 | Red Hat Security Advisory: acroread security update | 2011-11-08T11:13:00+00:00 | 2025-11-08T03:18:39+00:00 |
| rhsa-2011:1445 | Red Hat Security Advisory: flash-plugin security update | 2011-11-11T11:47:00+00:00 | 2025-11-08T03:18:39+00:00 |
| rhsa-2011:1478 | Red Hat Security Advisory: java-1.5.0-ibm security update | 2011-11-24T16:01:00+00:00 | 2025-11-08T03:18:40+00:00 |
| rhsa-2011:1580 | Red Hat Security Advisory: resource-agents security, bug fix, and enhancement update | 2011-12-05T19:36:00+00:00 | 2025-11-08T03:27:25+00:00 |
| rhsa-2011:1807 | Red Hat Security Advisory: jasper security update | 2011-12-09T05:31:00+00:00 | 2025-11-08T03:18:41+00:00 |
| rhsa-2011:1811 | Red Hat Security Advisory: netpbm security update | 2011-12-12T20:57:00+00:00 | 2025-11-08T03:18:41+00:00 |
| rhsa-2012:0006 | Red Hat Security Advisory: java-1.4.2-ibm security update | 2012-01-09T20:03:00+00:00 | 2025-11-08T03:18:42+00:00 |
| rhsa-2012:0011 | Red Hat Security Advisory: acroread security update | 2012-01-10T22:48:00+00:00 | 2025-11-08T03:18:46+00:00 |
| rhsa-2012:0034 | Red Hat Security Advisory: java-1.6.0-ibm security update | 2012-01-18T19:22:00+00:00 | 2025-11-08T03:18:48+00:00 |
| ID | Description | Published | Updated |
|---|---|---|---|
| msrc_cve-2019-9210 | In AdvanceCOMP 2.1 png_compress in pngex.cc in advpng has an integer overflow upon encountering an invalid PNG size which results in an attempted memcpy to write into a buffer that is too small. (There is also a heap-based buffer over-read.) | 2019-02-02T00:00:00.000Z | 2023-05-25T00:00:00.000Z |
| msrc_cve-2019-3816 | Openwsman versions up to and including 2.6.9 are vulnerable to arbitrary file disclosure because the working directory of openwsmand daemon was set to root directory. A remote unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP request to openwsman server. | 2019-03-02T00:00:00.000Z | 2025-05-27T00:00:00.000Z |
| msrc_cve-2019-3832 | It was discovered the fix for CVE-2018-19758 (libsndfile) was not complete and still allows a read beyond the limits of a buffer in wav_write_header() function in wav.c. A local attacker may use this flaw to make the application crash. | 2019-03-02T00:00:00.000Z | 2021-01-28T00:00:00.000Z |
| msrc_cve-2019-3833 | Openwsman versions up to and including 2.6.9 are vulnerable to infinite loop in process_connection() when parsing specially crafted HTTP requests. A remote unauthenticated attacker can exploit this vulnerability by sending malicious HTTP request to cause denial of service to openwsman server. | 2019-03-02T00:00:00.000Z | 2025-05-27T00:00:00.000Z |
| msrc_cve-2019-5737 | In Node.js including 6.x before 6.17.0 8.x before 8.15.1 10.x before 10.15.2 and 11.x before 11.10.1 an attacker can cause a Denial of Service (DoS) by establishing an HTTP or HTTPS connection in keep-alive mode and by sending headers very slowly. This keeps the connection and associated resources alive for a long period of time. Potential attacks are mitigated by the use of a load balancer or other proxy layer. This vulnerability is an extension of CVE-2018-12121 addressed in November and impacts all active Node.js release lines including 6.x before 6.17.0 8.x before 8.15.1 10.x before 10.15.2 and 11.x before 11.10.1. | 2019-03-02T00:00:00.000Z | 2021-06-06T00:00:00.000Z |
| msrc_cve-2019-6454 | An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1 causing the stack pointer to jump over the stack guard pages into an unmapped memory region and trigger a denial of service (systemd PID1 crash and kernel panic). | 2019-03-02T00:00:00.000Z | 2020-08-18T00:00:00.000Z |
| msrc_cve-2019-9185 | Controller/Async/FilesystemManager.php in the filemanager in Bolt allows remote attacke | 2019-03-02T00:00:00.000Z | 2025-10-01T23:11:03.000Z |
| msrc_cve-2019-9741 | An issue was discovered in net/http in Go 1.11.5. CRLF injection is possible if the attacker controls a url parameter as demonstrated by the second argument to http.NewRequest with \r\n followed by an HTTP header or a Redis command. | 2019-03-02T00:00:00.000Z | 2024-06-30T07:00:00.000Z |
| msrc_cve-2016-1585 | AppArmor mount rules grant excessive permissions | 2019-04-02T00:00:00.000Z | 2025-05-02T00:00:00.000Z |
| msrc_cve-2018-20505 | SQLite 3.25.2 when queries are run on a table with a malformed PRIMARY KEY allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). | 2019-04-02T00:00:00.000Z | 2024-06-30T07:00:00.000Z |
| msrc_cve-2018-20506 | SQLite before 3.25.3 when the FTS3 extension is enabled encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a "merge" operation that occurs after crafted changes to FTS3 shadow tables allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). This is a different vulnerability than CVE-2018-20346. | 2019-04-02T00:00:00.000Z | 2024-06-30T07:00:00.000Z |
| msrc_cve-2019-10906 | In Pallets Jinja before 2.10.1 str.format_map allows a sandbox escape. | 2019-04-02T00:00:00.000Z | 2024-09-23T00:00:00.000Z |
| msrc_cve-2019-11236 | In the urllib3 library through 1.24.1 for Python CRLF injection is possible if the attacker controls the request parameter. | 2019-04-02T00:00:00.000Z | 2020-12-21T00:00:00.000Z |
| msrc_cve-2019-11324 | The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome. This is related to use of the ssl_context, ca_certs, or ca_certs_dir argument. | 2019-04-02T00:00:00.000Z | 2025-09-03T23:00:29.000Z |
| msrc_cve-2019-11358 | jQuery before 3.4.0 as used in Drupal Backdrop CMS and other products mishandles jQuery.extend(true {} ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property it could extend the native Object.prototype. | 2019-04-02T00:00:00.000Z | 2025-02-11T00:00:00.000Z |
| msrc_cve-2019-2708 | Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are Prior to 6.138 prior to 6.2.38 and prior to 18.1.32. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Data Store. CVSS 3.0 Base Score 3.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L). | 2019-04-02T00:00:00.000Z | 2024-06-30T07:00:00.000Z |
| msrc_cve-2019-3842 | In systemd before v242-rc4 it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker in some particular configurations to set a XDG_SEAT environment variable which allows for commands to be checked against polkit policies using the "allow_active" element rather than "allow_any". | 2019-04-02T00:00:00.000Z | 2020-08-18T00:00:00.000Z |
| msrc_cve-2019-3843 | It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future when the UID/GID will be recycled. | 2019-04-02T00:00:00.000Z | 2020-08-18T00:00:00.000Z |
| msrc_cve-2019-3844 | It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries which would allow to create binaries owned by the service transient group with the setgid bit set. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future when the GID will be recycled. | 2019-04-02T00:00:00.000Z | 2020-08-18T00:00:00.000Z |
| msrc_cve-2019-3870 | A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC files are created in a private subdirectory of the install location. This directory is typically mode 0700 that is owner (root) only access. However in some upgraded installations it will have other permissions such as 0755 because this was the default before Samba 4.8. Within this directory files are created with mode 0666 which is world-writable including a sample krb5.conf and the list of DNS names and servicePrincipalName values to update. | 2019-04-02T00:00:00.000Z | 2024-10-15T00:00:00.000Z |
| msrc_cve-2019-3886 | An incorrect permissions check was discovered in libvirt 4.8.0 and above. The readonly permission was allowed to invoke APIs depending on the guest agent which could lead to potentially disclosing unintended information or denial of service by causing libvirt to block. | 2019-04-02T00:00:00.000Z | 2020-09-25T00:00:00.000Z |
| msrc_cve-2019-3887 | A flaw was found in the way KVM hypervisor handled x2APIC Machine Specific Rregister (MSR) access with nested(=1) virtualization enabled. In that L1 guest could access L0's APIC register values via L2 guest when 'virtualize x2APIC mode' is enabled. A guest could use this flaw to potentially crash the host kernel resulting in DoS issue. Kernel versions from 4.16 and newer are vulnerable to this issue. | 2019-04-02T00:00:00.000Z | 2021-12-16T00:00:00.000Z |
| msrc_cve-2019-11834 | cJSON before 1.7.11 allows out-of-bounds access related to \x00 in a string literal. | 2019-05-02T00:00:00.000Z | 2024-06-30T07:00:00.000Z |
| msrc_cve-2019-11835 | cJSON before 1.7.11 allows out-of-bounds access related to multiline comments. | 2019-05-02T00:00:00.000Z | 2024-06-30T07:00:00.000Z |
| msrc_cve-2019-12439 | bubblewrap.c in Bubblewrap before 0.3.3 misuses temporary directories in /tmp as a mount point. In some particular configurations (related to XDG_RUNTIME_DIR) a local attacker may abuse this flaw to prevent other users from executing bubblewrap or potentially execute code. | 2019-05-02T00:00:00.000Z | 2020-08-18T00:00:00.000Z |
| msrc_cve-2019-12450 | file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead default permissions are used. | 2019-05-02T00:00:00.000Z | 2021-12-16T00:00:00.000Z |
| msrc_cve-2019-8457 | SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables. | 2019-05-02T00:00:00.000Z | 2024-06-30T07:00:00.000Z |
| msrc_cve-2018-20843 | In libexpat in Expat before 2.2.7 XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks). | 2019-06-02T00:00:00.000Z | 2020-08-18T00:00:00.000Z |
| msrc_cve-2019-12280 | PC-Doctor Toolbox before 7.3 has an Uncontrolled Search Path Element. | 2019-06-02T00:00:00.000Z | 2025-10-01T23:11:01.000Z |
| msrc_cve-2019-12735 | getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline as demonstrated by execute in Vim and assert_fails or nvim_input in Neovim. | 2019-06-02T00:00:00.000Z | 2020-09-25T00:00:00.000Z |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| jvndb-2008-000028 | WEB MART from KENT WEB vulnerable to cross-site scripting | 2008-06-06T12:01+09:00 | 2008-06-06T12:01+09:00 |
| jvndb-2006-000639 | Pixelpost cross-site scripting vulnerability | 2008-06-10T13:57+09:00 | 2008-06-10T13:57+09:00 |
| jvndb-2008-000029 | Sleipnir and Grani vulnerable to arbitrary script execution when Bookmark search results are restored from history | 2008-06-10T13:59+09:00 | 2008-06-10T13:59+09:00 |
| jvndb-2008-001043 | X.Org Foundation X server buffer overflow vulnerability | 2008-06-13T17:11+09:00 | 2008-11-21T12:19+09:00 |
| jvndb-2008-000030 | BlognPlus SQL injection vulnerability | 2008-06-20T13:45+09:00 | 2008-06-20T13:45+09:00 |
| jvndb-2008-000031 | CGIWrap error page cross-site scripting vulnerability | 2008-06-20T13:46+09:00 | 2008-06-20T13:46+09:00 |
| jvndb-2008-000032 | nProtect : Netizen denial of service (DoS) vulnerability | 2008-07-07T10:24+09:00 | 2008-07-07T10:24+09:00 |
| jvndb-2008-001417 | Vulnerability in Sample Code in Hitachi uCosminexus Portal Framework Manuals | 2008-07-07T10:38+09:00 | 2008-07-07T10:38+09:00 |
| jvndb-2008-000033 | Multiple Cybozu products vulnerable to cross-site request forgery | 2008-07-08T12:14+09:00 | 2008-07-08T12:14+09:00 |
| jvndb-2008-000034 | Cybozu Garoon session fixation vulnerability | 2008-07-08T12:14+09:00 | 2008-07-08T12:14+09:00 |
| jvndb-2008-000035 | Cybozu Garoon vulnerable to arbitrary script execution | 2008-07-08T12:14+09:00 | 2008-07-08T12:14+09:00 |
| jvndb-2008-000036 | FreeStyleWiki cross-site scripting vulnerability | 2008-07-08T12:14+09:00 | 2008-07-08T12:14+09:00 |
| jvndb-2008-000038 | Redmine vulnerable to cross-site scripting | 2008-07-08T12:15+09:00 | 2008-07-08T12:15+09:00 |
| jvndb-2008-000039 | Safari installed in iPod touch and iPhone vulnerable in handling server certificates | 2008-07-16T12:27+09:00 | 2008-07-16T12:27+09:00 |
| jvndb-2008-000040 | Directory traversal vulnerability in WebLogic Server and WebLogic Express plug-ins | 2008-07-24T14:22+09:00 | 2008-07-24T14:22+09:00 |
| jvndb-2008-000041 | WebProxy from LunarNight Laboratory vulnerable to cross-site scripting | 2008-07-24T14:23+09:00 | 2008-07-24T14:23+09:00 |
| jvndb-2008-000042 | Multiple Century Systems routers vulnerable to cross-site request forgery | 2008-07-24T14:23+09:00 | 2008-07-24T14:23+09:00 |
| jvndb-2008-000043 | K's CGI Access Log Kaiseki (jcode.pl) vulnerable to cross-site scripting | 2008-07-29T14:56+09:00 | 2008-07-29T14:56+09:00 |
| jvndb-2008-000044 | K's CGI Access Log Kaiseki (Jcode.pm) vulnerable to cross-site scripting | 2008-07-29T14:56+09:00 | 2008-07-29T14:56+09:00 |
| jvndb-2008-000045 | Geeklog Forum Plugin vulnerable to cross-site scripting | 2008-07-29T14:57+09:00 | 2008-07-29T14:57+09:00 |
| jvndb-2008-001513 | Cross-Site Scripting Vulnerability in Hitachi Web Server Status Information Display Function | 2008-07-30T13:45+09:00 | 2014-05-21T18:19+09:00 |
| jvndb-2008-001514 | Cross-Site Scripting Vulnerability in Hitachi Collaboration - Online Community Management | 2008-07-30T13:46+09:00 | 2008-07-30T13:46+09:00 |
| jvndb-2008-000037 | Multiple Panasonic Communications Co., Ltd. network cameras vulnerable to cross-site scripting | 2008-08-04T14:34+09:00 | 2008-08-04T14:34+09:00 |
| jvndb-2008-000050 | Virus Security and Virus Security ZERO denial of service (DoS) vulnerability | 2008-08-14T18:15+09:00 | 2008-08-14T18:15+09:00 |
| jvndb-2008-000046 | La!cooda WIZ and LacoodaST vulnerable to cross-site request forgery | 2008-09-02T16:58+09:00 | 2008-09-02T16:58+09:00 |
| jvndb-2008-000047 | LacoodaST from SpaceTag, Inc. session fixation vulnerability | 2008-09-02T17:01+09:00 | 2008-09-02T17:01+09:00 |
| jvndb-2008-000048 | La!cooda WIZ and LacoodaST vulnerable to cross-site scripting | 2008-09-02T17:02+09:00 | 2008-09-02T17:02+09:00 |
| jvndb-2008-000049 | Vulnerability in La!cooda WIZ and LacoodaST allowing an arbitrary PHP script execution | 2008-09-02T17:03+09:00 | 2008-09-02T17:03+09:00 |
| jvndb-2008-000053 | mysql-lists from AquaGardenSoft Co.,Ltd. vulnerable to cross-site scripting | 2008-09-02T17:05+09:00 | 2008-09-02T17:05+09:00 |
| jvndb-2008-000054 | Blogn vulnerable to cross-site request forgery | 2008-09-02T17:22+09:00 | 2008-09-02T17:22+09:00 |
| ID | Description | Updated |
|---|