Recent vulnerabilities
| ID | Description | Published | Updated |
|---|---|---|---|
| ghsa-868p-wr6f-7jfr | An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By send… | 2022-05-13T01:09:53Z | 2025-10-22T00:31:29Z |
| ghsa-rpmq-q4mw-pc44 | A Improper Access Control in Fortinet FortiOS 6.0.2, 5.6.7 and before, FortiADC 6.1.0, 6.0.0 to 6.0… | 2022-05-13T01:09:54Z | 2025-10-22T00:31:37Z |
| ghsa-7jff-7vvq-8fxx | Use-after-free vulnerability in the SetMouseCapture implementation in mshtml.dll in Microsoft Inter… | 2022-05-13T01:10:05Z | 2025-10-22T03:30:35Z |
| ghsa-56qq-x77r-g35x | The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allows remote attackers to obtain… | 2022-05-13T01:10:21Z | 2025-10-22T00:31:12Z |
| ghsa-qq6c-p3fx-6qcx | Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim u… | 2022-05-13T01:10:23Z | 2025-10-22T03:30:29Z |
| ghsa-5p56-56jf-wfv2 | Directory traversal vulnerability in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS in SAP Net… | 2022-05-13T01:10:43Z | 2025-10-22T00:31:23Z |
| ghsa-g384-79gw-fwh4 | SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote atta… | 2022-05-13T01:10:44Z | 2025-10-22T00:31:12Z |
| ghsa-w5jq-q2q7-wx7x | The Invoker Servlet on SAP NetWeaver Application Server Java platforms, possibly before 7.3, does n… | 2022-05-13T01:10:44Z | 2025-10-22T00:31:15Z |
| ghsa-cjqq-8xv6-575p | An issue was discovered in PRTG Network Monitor before 18.2.39. An attacker who has access to the P… | 2022-05-13T01:10:53Z | 2025-10-22T00:31:35Z |
| ghsa-r272-2vh9-q99x | The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a cra… | 2022-05-13T01:11:12Z | 2025-10-22T00:31:09Z |
| ghsa-vjph-m3mp-rqj5 | Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 S… | 2022-05-13T01:11:24Z | 2025-10-22T00:31:30Z |
| ghsa-6r67-r3jm-88p4 | Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before 1.3.3 allows unauthorized acc… | 2022-05-13T01:11:29Z | 2025-10-22T00:31:29Z |
| ghsa-2hx5-63mq-crfj | The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (aks HFS or HttpFileServe… | 2022-05-13T01:11:30Z | 2025-10-22T03:30:41Z |
| ghsa-5gr7-gr2q-52gp | The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure tha… | 2022-05-13T01:11:45Z | 2025-10-22T03:30:38Z |
| ghsa-xp26-p53h-6h2p | Improper Neutralization of Input During Web Page Generation in LXML | 2022-05-13T01:13:21Z | 2025-12-20T05:24:54Z |
| ghsa-2qh3-cx4w-cf3x | The default server implementation of TIBCO Software Inc.'s TIBCO JasperReports Library, TIBCO Jaspe… | 2022-05-13T01:13:58Z | 2025-10-22T00:31:37Z |
| ghsa-9v96-j7x8-6wjv | Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 and R2 before R2 2017 SP2 use… | 2022-05-13T01:14:24Z | 2025-10-22T00:31:24Z |
| ghsa-47qp-8v9g-39hp | Code injection in Apache Struts | 2022-05-13T01:14:26Z | 2025-10-22T19:33:21Z |
| ghsa-cp8f-5jp9-rqmh | Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion vi… | 2022-05-13T01:14:26Z | 2025-10-22T00:31:37Z |
| ghsa-r6mc-mrvr-23cr | Sandbox bypass in Jenkins Pipeline: Groovy Plugin | 2022-05-13T01:14:26Z | 2025-10-22T17:41:54Z |
| ghsa-w8r8-w5w4-4w4v | The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Hear… | 2022-05-13T01:14:41Z | 2025-10-22T03:30:38Z |
| ghsa-cw54-59pw-4g8c | Apache Tomcat Improper Access Control vulnerability | 2022-05-13T01:14:52Z | 2025-10-22T17:32:56Z |
| ghsa-73jm-6x85-hwg5 | A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual … | 2022-05-13T01:14:58Z | 2025-10-22T00:31:37Z |
| ghsa-j8w2-wx5p-fvx4 | A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual … | 2022-05-13T01:14:58Z | 2025-10-22T00:31:37Z |
| ghsa-qv6f-65c9-qp9p | Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode driv… | 2022-05-13T01:15:35Z | 2025-10-22T03:30:30Z |
| ghsa-hv88-2gcv-6mjq | Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 accesses uninitialized memory locations, which a… | 2022-05-13T01:15:39Z | 2025-10-22T03:30:30Z |
| ghsa-c5c8-vqpp-hm75 | Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to … | 2022-05-13T01:15:43Z | 2025-10-22T03:30:32Z |
| ghsa-4j4f-7rwg-p4q7 | Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attac… | 2022-05-13T01:15:59Z | 2025-10-22T03:30:33Z |
| ghsa-hxxf-h94r-73mv | A remote code execution vulnerability exists in the way that the scripting engine handles objects i… | 2022-05-13T01:16:04Z | 2025-10-22T00:31:36Z |
| ghsa-f832-7fhg-m78h | A remote code execution vulnerability exists in the way that the MSHTML engine inproperly validates… | 2022-05-13T01:16:05Z | 2025-10-22T00:31:37Z |
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| cve-2017-6862 | N/A | NETGEAR WNR2000v3 devices before 1.1.2.14, WNR200… |
n/a |
NETGEAR All versions prior to WNR2000v3 1.1.2.14, WNR2000v4 1.0.0.66, WNR2000v5 1.0.0.42 |
2017-05-26T20:00:00.000Z | 2025-10-21T23:55:40.404Z |
| cve-2017-8540 | N/A | The Microsoft Malware Protection Engine running o… |
Microsoft Corporation |
Malware Protection Engine |
2017-05-26T20:00:00.000Z | 2025-10-21T23:55:40.255Z |
| cve-2017-7494 | N/A | Samba since version 3.5.0 and before 4.6.4, 4.5.1… |
Samba |
samba |
2017-05-30T18:00:00.000Z | 2025-10-21T23:55:40.089Z |
| cve-2017-9022 | N/A | The gmp plugin in strongSwan before 5.5.3 does no… |
n/a |
n/a |
2017-06-08T16:00:00.000Z | 2025-12-03T21:16:39.264Z |
| cve-2017-9023 | N/A | The ASN.1 parser in strongSwan before 5.5.3 impro… |
n/a |
n/a |
2017-06-08T16:00:00.000Z | 2025-12-03T21:13:34.693Z |
| cve-2016-7836 | N/A | SKYSEA Client View Ver.11.221.03 and earlier allo… |
Sky Co., LTD. |
SKYSEA Client View |
2017-06-09T16:00:00.000Z | 2025-10-21T23:55:39.910Z |
| cve-2017-8464 | N/A | Windows Shell in Microsoft Windows Server 2008 SP… |
Microsoft Corporation |
Windows Shell |
2017-06-15T01:00:00.000Z | 2025-10-21T23:55:39.749Z |
| cve-2017-8543 | N/A | Microsoft Windows XP SP3, Windows XP x64 XP2, Win… |
Microsoft Corporation |
Microsoft Windows |
2017-06-15T01:00:00.000Z | 2025-10-21T23:55:39.576Z |
| cve-2017-3167 | N/A | In Apache httpd 2.2.x before 2.2.33 and 2.4.x bef… |
Apache Software Foundation |
Apache HTTP Server |
2017-06-20T01:00:00.000Z | 2025-11-04T16:09:10.240Z |
| cve-2017-9841 | N/A | Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 … |
n/a |
n/a |
2017-06-27T17:00:00.000Z | 2025-10-21T23:55:39.301Z |
| cve-2017-9248 | N/A | Telerik.Web.UI.dll in Progress Telerik UI for ASP… |
n/a |
n/a |
2017-07-03T19:00:00.000Z | 2025-10-21T23:55:39.141Z |
| cve-2017-9791 | N/A | The Struts 1 plugin in Apache Struts 2.1.x and 2.… |
Apache Software Foundation |
Apache Struts |
2017-07-10T16:00:00.000Z | 2025-10-21T23:55:38.964Z |
| cve-2017-8570 | N/A | Microsoft Office allows a remote code execution v… |
Microsoft Corporation |
Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, and Microsoft Office 2016. |
2017-07-11T21:00:00.000Z | 2025-10-21T23:55:38.760Z |
| cve-2017-6736 | The Simple Network Management Protocol (SNMP) sub… |
Cisco |
IOS |
2017-07-17T21:00:00.000Z | 2025-10-21T23:55:38.056Z | |
| cve-2017-6737 | A vulnerability in the SNMP implementation of cou… |
Cisco |
IOS |
2017-07-17T21:00:00.000Z | 2025-10-21T23:55:37.770Z | |
| cve-2017-6738 | The Simple Network Management Protocol (SNMP) sub… |
Cisco |
IOS |
2017-07-17T21:00:00.000Z | 2025-10-21T23:55:37.567Z | |
| cve-2017-6739 | A vulnerability in the SNMP implementation of cou… |
IntelliShield |
Universal Product |
2017-07-17T21:00:00.000Z | 2025-10-21T23:55:37.377Z | |
| cve-2017-6740 | The Simple Network Management Protocol (SNMP) sub… |
Cisco |
IOS |
2017-07-17T21:00:00.000Z | 2025-10-21T23:55:37.237Z | |
| cve-2017-6742 | A vulnerability in the SNMP implementation of cou… |
Cisco |
Cisco IOS XE Software |
2017-07-17T21:00:00.000Z | 2025-10-21T23:55:37.103Z | |
| cve-2017-6743 | The Simple Network Management Protocol (SNMP) sub… |
Cisco |
IOS |
2017-07-17T21:00:00.000Z | 2025-10-21T23:55:36.832Z | |
| cve-2017-6744 | The Simple Network Management Protocol (SNMP) sub… |
Cisco |
IOS |
2017-07-17T21:00:00.000Z | 2025-10-21T23:55:36.555Z | |
| cve-2017-6316 | N/A | Citrix NetScaler SD-WAN devices through v9.1.2.26… |
n/a |
n/a |
2017-07-20T04:00:00.000Z | 2025-10-21T23:55:36.360Z |
| cve-2017-9822 | N/A | DNN (aka DotNetNuke) before 9.1.1 has Remote Code… |
DotNetNuke |
DotNetNuke CMS Fixed in 9.1.1 |
2017-07-20T12:00:00.000Z | 2025-10-21T23:55:36.233Z |
| cve-2017-1303 | N/A | IBM WebSphere Portal and Web Content Manager 7.0,… |
IBM |
WebSphere Portal |
2017-07-31T21:00:00.000Z | 2025-12-04T14:55:34.190Z |
| cve-2017-6663 | N/A | A vulnerability in the Autonomic Networking featu… |
n/a |
Cisco IOS and IOS XE |
2017-08-07T06:00:00.000Z | 2025-10-21T23:55:36.078Z |
| cve-2017-12637 | N/A | Directory traversal vulnerability in scheduler/ui… |
n/a |
n/a |
2017-08-07T20:00:00.000Z | 2025-10-21T23:55:35.932Z |
| cve-2015-2291 | N/A | (1) IQVW32.sys before 1.3.1.0 and (2) IQVW64.sys … |
n/a |
n/a |
2017-08-09T18:00:00.000Z | 2025-10-21T23:55:35.705Z |
| cve-2017-6327 | N/A | The Symantec Messaging Gateway before 10.6.3-267 … |
Symantec Corporation |
Messaging Gateway |
2017-08-11T20:00:00.000Z | 2025-10-21T23:55:35.541Z |
| cve-2017-11185 | N/A | The gmp plugin in strongSwan before 5.6.0 allows … |
n/a |
n/a |
2017-08-18T17:00:00.000Z | 2025-12-04T15:57:04.783Z |
| cve-2015-5224 | N/A | The mkostemp function in login-utils in util-linu… |
n/a |
n/a |
2017-08-23T15:00:00.000Z | 2025-12-04T20:03:59.057Z |
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| cve-2016-3718 | N/A | The (1) HTTP and (2) FTP coders in ImageMagick be… |
n/a |
n/a |
2016-05-05T18:00:00.000Z | 2025-10-21T23:55:52.756Z |
| cve-2016-0185 | N/A | Media Center in Microsoft Windows Vista SP2, Wind… |
n/a |
n/a |
2016-05-11T01:00:00.000Z | 2025-10-21T23:55:52.588Z |
| cve-2016-0189 | N/A | The Microsoft (1) JScript 5.8 and (2) VBScript 5.… |
n/a |
n/a |
2016-05-11T01:00:00.000Z | 2025-10-21T23:55:52.367Z |
| cve-2016-4117 | N/A | Adobe Flash Player 21.0.0.226 and earlier allows … |
n/a |
n/a |
2016-05-11T01:00:00.000Z | 2025-11-17T19:45:00.514Z |
| cve-2010-5326 | N/A | The Invoker Servlet on SAP NetWeaver Application … |
n/a |
n/a |
2016-05-13T10:00:00.000Z | 2025-10-21T23:55:52.045Z |
| cve-2016-3627 | N/A | The xmlStringGetNodeList function in tree.c in li… |
n/a |
n/a |
2016-05-17T14:00:00.000Z | 2025-12-04T17:11:28.323Z |
| cve-2016-4425 | N/A | Jansson 2.7 and earlier allows context-dependent … |
n/a |
n/a |
2016-05-17T14:00:00.000Z | 2025-12-04T17:09:13.364Z |
| cve-2016-1834 | N/A | Heap-based buffer overflow in the xmlStrncat func… |
n/a |
n/a |
2016-05-20T10:00:00.000Z | 2025-12-04T17:15:15.868Z |
| cve-2016-3088 | N/A | The Fileserver web application in Apache ActiveMQ… |
n/a |
n/a |
2016-06-01T20:00:00.000Z | 2025-10-21T23:55:51.892Z |
| cve-2016-4437 | N/A | Apache Shiro before 1.2.5, when a cipher key has … |
n/a |
n/a |
2016-06-07T14:00:00.000Z | 2025-10-21T23:55:51.717Z |
| cve-2016-4523 | N/A | The WAP interface in Trihedral VTScada (formerly … |
n/a |
n/a |
2016-06-09T10:00:00.000Z | 2025-10-21T23:55:51.558Z |
| cve-2016-2815 | N/A | Multiple unspecified vulnerabilities in the brows… |
n/a |
n/a |
2016-06-13T10:00:00 | 2024-08-05T23:32:20.962Z |
| cve-2016-3235 | N/A | Microsoft Visio 2007 SP3, Visio 2010 SP2, Visio 2… |
n/a |
n/a |
2016-06-16T01:00:00.000Z | 2025-10-21T23:55:51.339Z |
| cve-2016-4171 | N/A | Unspecified vulnerability in Adobe Flash Player 2… |
n/a |
n/a |
2016-06-16T14:00:00.000Z | 2025-11-17T19:40:40.799Z |
| cve-2016-3643 | N/A | SolarWinds Virtualization Manager 6.3.1 and earli… |
n/a |
n/a |
2016-06-17T15:00:00.000Z | 2025-10-21T23:55:51.005Z |
| cve-2016-5131 | N/A | Use-after-free vulnerability in libxml2 through 2… |
n/a |
n/a |
2016-07-23T19:00:00.000Z | 2025-12-04T16:49:22.168Z |
| cve-2016-3309 | N/A | The kernel-mode drivers in Microsoft Windows Vist… |
n/a |
n/a |
2016-08-09T21:00:00.000Z | 2025-10-21T23:55:50.847Z |
| cve-2016-6366 | N/A | Buffer overflow in Cisco Adaptive Security Applia… |
n/a |
n/a |
2016-08-18T18:00:00.000Z | 2025-10-21T23:55:50.638Z |
| cve-2016-6367 | N/A | Cisco Adaptive Security Appliance (ASA) Software … |
n/a |
n/a |
2016-08-18T18:00:00.000Z | 2025-10-21T23:55:50.466Z |
| cve-2016-4655 | N/A | The kernel in Apple iOS before 9.3.5 allows attac… |
n/a |
n/a |
2016-08-25T21:00:00.000Z | 2025-10-21T23:55:50.320Z |
| cve-2016-4656 | N/A | The kernel in Apple iOS before 9.3.5 allows attac… |
n/a |
n/a |
2016-08-25T21:00:00.000Z | 2025-10-21T23:55:50.185Z |
| cve-2016-4657 | N/A | WebKit in Apple iOS before 9.3.5 allows remote at… |
n/a |
n/a |
2016-08-25T21:00:00.000Z | 2025-10-21T23:55:50.057Z |
| cve-2016-3351 | N/A | Microsoft Internet Explorer 9 through 11 and Micr… |
n/a |
n/a |
2016-09-14T10:00:00.000Z | 2025-10-21T23:55:49.907Z |
| cve-2016-7420 | N/A | Crypto++ (aka cryptopp) through 5.6.4 does not do… |
n/a |
n/a |
2016-09-16T00:00:00.000Z | 2025-11-14T20:04:12.033Z |
| cve-2016-6415 | N/A | The server IKEv1 implementation in Cisco IOS 12.2… |
n/a |
n/a |
2016-09-19T01:00:00.000Z | 2025-10-21T23:55:49.758Z |
| cve-2014-5414 | 9.1 (v3.1) | Beckhoff Embedded PC Images and TwinCAT Components Imp… |
Beckhoff |
Embedded PC Images |
2016-10-05T10:00:00 | 2025-11-04T23:09:34.639Z |
| cve-2014-5415 | 9.1 (v3.1) | Beckhoff Embedded PC Images and TwinCAT Components Exp… |
Beckhoff |
Embedded PC Images |
2016-10-05T10:00:00 | 2025-11-04T23:12:23.266Z |
| cve-2016-3298 | N/A | Microsoft Internet Explorer 9 through 11 and the … |
n/a |
n/a |
2016-10-14T01:00:00.000Z | 2025-10-21T23:55:49.581Z |
| cve-2016-3393 | N/A | Graphics Device Interface (aka GDI or GDI+) in Mi… |
n/a |
n/a |
2016-10-14T01:00:00.000Z | 2025-10-21T23:55:49.334Z |
| cve-2016-7193 | N/A | Microsoft Word 2007 SP2, Office 2010 SP2, Word 20… |
n/a |
n/a |
2016-10-14T01:00:00.000Z | 2025-10-21T23:55:49.146Z |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| mal-0000-kam193-8fc25469c3664804 | Malicious code in ettherium (PyPI) | 2024-06-28T20:16:20Z | 2024-06-28T20:16:20Z |
| mal-0000-kam193-8fc729f9a829f785 | Malicious code in wdb3 (PyPI) | 2024-06-28T20:16:20Z | 2024-06-28T20:16:20Z |
| mal-0000-kam193-9046579c11ebb423 | Malicious code in openesaa (PyPI) | 2024-06-28T20:16:20Z | 2024-06-28T20:16:20Z |
| mal-0000-kam193-9400a8b0c9b0c821 | Malicious code in oopensea (PyPI) | 2024-06-28T20:16:20Z | 2024-06-28T20:16:20Z |
| mal-0000-kam193-96026f609d0fb12d | Malicious code in web4-py (PyPI) | 2024-06-28T20:16:20Z | 2024-06-28T20:16:20Z |
| mal-0000-kam193-96c90216b9b82c38 | Malicious code in pythob (PyPI) | 2024-06-28T20:16:20Z | 2024-06-28T20:16:20Z |
| mal-0000-kam193-97ab0aba132bab88 | Malicious code in etherriuum (PyPI) | 2024-06-28T20:16:20Z | 2024-06-28T20:16:20Z |
| mal-0000-kam193-984cb125e77ec44c | Malicious code in oenasea (PyPI) | 2024-06-28T20:16:20Z | 2024-06-28T20:16:20Z |
| mal-0000-kam193-987047337ed22e7c | Malicious code in openseae (PyPI) | 2024-06-28T20:16:20Z | 2024-06-28T20:16:20Z |
| mal-0000-kam193-9a0400cabc3a9660 | Malicious code in web3-pyy (PyPI) | 2024-06-28T20:16:20Z | 2024-06-28T20:16:20Z |
| mal-0000-kam193-9b4b303c14b66bb6 | Malicious code in bussardweg4av3 (PyPI) | 2024-06-28T20:16:20Z | 2024-06-28T20:16:20Z |
| mal-0000-kam193-9c97f1dc5d3f5a02 | Malicious code in wbe3 (PyPI) | 2024-06-28T20:16:20Z | 2024-06-28T20:16:20Z |
| mal-0000-kam193-9e4e788c445eb9c6 | Malicious code in ewb3-py (PyPI) | 2024-06-28T20:16:20Z | 2024-06-28T20:16:20Z |
| mal-0000-kam193-9fabb2ea206d9d2f | Malicious code in opensee (PyPI) | 2024-06-28T20:16:20Z | 2024-06-28T20:16:20Z |
| mal-0000-kam193-a0cce0d9b6be0d0e | Malicious code in ethrum (PyPI) | 2024-06-28T20:16:20Z | 2024-06-28T20:16:20Z |
| mal-0000-kam193-a0efb4f6e87bca06 | Malicious code in oensea (PyPI) | 2024-06-28T20:16:20Z | 2024-06-28T20:16:20Z |
| mal-0000-kam193-a16630eb134423c9 | Malicious code in etheriumm (PyPI) | 2024-06-28T20:16:20Z | 2024-06-28T20:16:20Z |
| mal-0000-kam193-a1e31c4e1fd704f7 | Malicious code in pytnon (PyPI) | 2024-06-28T20:16:20Z | 2024-06-28T20:16:20Z |
| mal-0000-kam193-a2b194067d7fe54b | Malicious code in opensar (PyPI) | 2024-06-28T20:16:20Z | 2024-06-28T20:16:20Z |
| mal-0000-kam193-a31789670347d825 | Malicious code in openseaz (PyPI) | 2024-06-28T20:16:20Z | 2024-06-28T20:16:20Z |
| mal-0000-kam193-a331a24b50f06550 | Malicious code in etherriuum (PyPI) | 2024-06-28T20:16:20Z | 2024-06-28T20:16:20Z |
| mal-0000-kam193-a4337864b0220315 | Malicious code in openresa (PyPI) | 2024-06-28T20:16:20Z | 2024-06-28T20:16:20Z |
| mal-0000-kam193-a490cf49a1ca3b59 | Malicious code in web3-pyu (PyPI) | 2024-06-28T20:16:20Z | 2024-06-28T20:16:20Z |
| mal-0000-kam193-a4d6bcb8e980e38a | Malicious code in wbe3-py (PyPI) | 2024-06-28T20:16:20Z | 2024-06-28T20:16:20Z |
| mal-0000-kam193-a525305442100b68 | Malicious code in openwea (PyPI) | 2024-06-28T20:16:20Z | 2024-06-28T20:16:20Z |
| mal-0000-kam193-a58640a071a30e15 | Malicious code in oepensea (PyPI) | 2024-06-28T20:16:20Z | 2024-06-28T20:16:20Z |
| mal-0000-kam193-a5cbf1cd83d68dd4 | Malicious code in wb3 (PyPI) | 2024-06-28T20:16:20Z | 2024-06-28T20:16:20Z |
| mal-0000-kam193-a640afc34034f034 | Malicious code in web3-0py (PyPI) | 2024-06-28T20:16:20Z | 2024-06-28T20:16:20Z |
| mal-0000-kam193-a6cf651a74f3c404 | Malicious code in etheruum (PyPI) | 2024-06-28T20:16:20Z | 2024-06-28T20:16:20Z |
| mal-0000-kam193-a79b2c3d1625c673 | Malicious code in ethereium (PyPI) | 2024-06-28T20:16:20Z | 2024-06-28T20:16:20Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| wid-sec-w-2025-2464 | OpenSMTP: Schwachstelle ermöglicht Denial of Service | 2025-11-02T23:00:00.000+00:00 | 2025-11-20T23:00:00.000+00:00 |
| wid-sec-w-2025-2466 | QEMU e1000 Network Devices: Schwachstelle ermöglicht Denial of Service | 2025-11-02T23:00:00.000+00:00 | 2025-12-23T23:00:00.000+00:00 |
| wid-sec-w-2025-2468 | CPython: Schwachstelle ermöglicht Denial of Service | 2025-11-02T23:00:00.000+00:00 | 2025-12-16T23:00:00.000+00:00 |
| wid-sec-w-2025-2469 | Redis: Schwachstelle ermöglicht Codeausführung | 2025-11-02T23:00:00.000+00:00 | 2025-11-04T23:00:00.000+00:00 |
| wid-sec-w-2025-2472 | Samsung Android: Mehrere Schwachstellen | 2025-11-03T23:00:00.000+00:00 | 2025-11-17T23:00:00.000+00:00 |
| wid-sec-w-2025-2473 | Apple iOS: Mehrere Schwachstellen | 2025-11-03T23:00:00.000+00:00 | 2025-11-04T23:00:00.000+00:00 |
| wid-sec-w-2025-2474 | Android Patchday November 2025: Multiple Vulnerabilities | 2025-11-03T23:00:00.000+00:00 | 2025-11-17T23:00:00.000+00:00 |
| wid-sec-w-2025-2475 | Apple macOS: Mehrere Schwachstellen | 2025-11-03T23:00:00.000+00:00 | 2025-11-04T23:00:00.000+00:00 |
| wid-sec-w-2025-2480 | Apple Safari: Mehrere Schwachstellen | 2025-11-03T23:00:00.000+00:00 | 2025-11-04T23:00:00.000+00:00 |
| wid-sec-w-2025-2481 | Apple Xcode: Mehrere Schwachstellen | 2025-11-03T23:00:00.000+00:00 | 2025-11-04T23:00:00.000+00:00 |
| wid-sec-w-2025-2485 | cURL (wcurl): Schwachstelle ermöglicht Manipulation von Dateien | 2025-11-03T23:00:00.000+00:00 | 2025-12-16T23:00:00.000+00:00 |
| wid-sec-w-2025-2488 | Red Hat Enterprise Linux (SSSD, libsoup): Mehrere Schwachstellen | 2025-11-04T23:00:00.000+00:00 | 2025-12-01T23:00:00.000+00:00 |
| wid-sec-w-2025-2491 | Google Chrome/Microsoft Edge: Mehrere Schwachstellen | 2025-11-05T23:00:00.000+00:00 | 2025-11-24T23:00:00.000+00:00 |
| wid-sec-w-2025-2495 | Django: Mehrere Schwachstellen ermöglichen Denial of Service und SQL-Injection | 2025-11-05T23:00:00.000+00:00 | 2025-11-30T23:00:00.000+00:00 |
| wid-sec-w-2025-2499 | IBM WebSphere Application Server: Schwachstelle ermöglicht Manipulation von Dateien und potenziell Umgehen von Sicherheitsvorkehrungen | 2025-11-05T23:00:00.000+00:00 | 2025-11-20T23:00:00.000+00:00 |
| wid-sec-w-2025-2500 | Cisco Contact Center Produkte (CCE,CCX,CUIC): Mehrere Schwachstellen | 2025-11-05T23:00:00.000+00:00 | 2025-11-18T23:00:00.000+00:00 |
| wid-sec-w-2025-2508 | Red Hat Enterprise Linux: Schwachstelle ermöglicht Denial of Service | 2025-11-06T23:00:00.000+00:00 | 2025-12-01T23:00:00.000+00:00 |
| wid-sec-w-2025-2510 | AnyDesk: Mehrere Schwachstellen | 2025-11-06T23:00:00.000+00:00 | 2025-12-07T23:00:00.000+00:00 |
| wid-sec-w-2025-2518 | Red Hat Enterprise Linux (runc): Mehrere Schwachstellen ermöglichen Umgehen von Sicherheitsvorkehrungen | 2025-11-09T23:00:00.000+00:00 | 2025-12-16T23:00:00.000+00:00 |
| wid-sec-w-2025-2533 | RedHat Multicluster Engine for Kubernetes: Schwachstelle ermöglicht Privilegieneskalation | 2025-11-09T23:00:00.000+00:00 | 2025-12-01T23:00:00.000+00:00 |
| wid-sec-w-2025-2537 | BusyBox (wget): Schwachstelle ermöglicht Umgehung von Sicherheitsvorkehrungen | 2025-11-10T23:00:00.000+00:00 | 2025-12-21T23:00:00.000+00:00 |
| wid-sec-w-2025-2564 | Microsoft Windows und Windows Server: Mehrere Schwachstellen | 2025-11-11T23:00:00.000+00:00 | 2025-12-22T23:00:00.000+00:00 |
| wid-sec-w-2025-2566 | Mozilla Firefox und Firefox ESR: Mehrere Schwachstellen | 2025-11-11T23:00:00.000+00:00 | 2025-12-16T23:00:00.000+00:00 |
| wid-sec-w-2025-2579 | Linux Kernel: Mehrere Schwachstellen | 2025-11-11T23:00:00.000+00:00 | 2025-11-24T23:00:00.000+00:00 |
| wid-sec-w-2025-2580 | Google Chrome/Microsoft Edge: Schwachstelle ermöglicht nicht näher beschriebene Auswirkungen | 2025-11-11T23:00:00.000+00:00 | 2025-12-14T23:00:00.000+00:00 |
| wid-sec-w-2025-2586 | Red Hat Enterprise Linux (python-kdcproxy): Mehrere Schwachstellen | 2025-11-12T23:00:00.000+00:00 | 2025-12-21T23:00:00.000+00:00 |
| wid-sec-w-2025-2595 | Linux Kernel: Mehrere Schwachstellen | 2025-11-12T23:00:00.000+00:00 | 2025-12-16T23:00:00.000+00:00 |
| wid-sec-w-2025-2598 | CUPS (Filters): Mehrere Schwachstellen | 2025-11-13T23:00:00.000+00:00 | 2025-11-24T23:00:00.000+00:00 |
| wid-sec-w-2025-2603 | Fortinet FortiWeb: Schwachstelle ermöglicht Erlangen von Administratorrechten | 2025-11-13T23:00:00.000+00:00 | 2025-11-16T23:00:00.000+00:00 |
| wid-sec-w-2025-2607 | Red Hat Enterprise Linux (lasso): Eine Schwachstelle ermöglichen Codeausführung | 2025-11-16T23:00:00.000+00:00 | 2025-11-17T23:00:00.000+00:00 |
| ID | Description | Published | Updated |
|---|---|---|---|
| ssa-615116 | SSA-615116: Multiple Vulnerabilities in Apogee PXC and Talon TC Devices | 2025-02-11T00:00:00Z | 2025-02-11T00:00:00Z |
| ssa-637914 | SSA-637914: Local Code Execution Vulnerability in Questa and ModelSim Before V2025.1 | 2025-02-11T00:00:00Z | 2025-02-11T00:00:00Z |
| ssa-647005 | SSA-647005: Memory Corruption Vulnerability in OpenV2G | 2025-02-11T00:00:00Z | 2025-02-11T00:00:00Z |
| ssa-656895 | SSA-656895: Open Redirect Vulnerability in Teamcenter | 2025-02-11T00:00:00Z | 2025-06-10T00:00:00Z |
| ssa-687955 | SSA-687955: Accessible Development Shell via Physical Interface in SIPROTEC 5 | 2025-02-11T00:00:00Z | 2025-11-11T00:00:00Z |
| ssa-769027 | SSA-769027: Multiple Vulnerabilities fixed in SCALANCE W700 IEEE 802.11ax devices before V3.0.0 | 2025-02-11T00:00:00Z | 2025-02-11T00:00:00Z |
| ssa-770770 | SSA-770770: Multiple Vulnerabilities in Fortigate NGFW Before V7.4.7 on RUGGEDCOM APE1808 Devices | 2025-02-11T00:00:00Z | 2025-11-11T00:00:00Z |
| ssa-992434 | SSA-992434: Directory Traversal Vulnerability in Third-Party Component in SiPass integrated | 2025-02-17T00:00:00Z | 2025-02-17T00:00:00Z |
| ssa-050438 | SSA-050438: Multiple File Parsing Vulnerabilities in Teamcenter Visualization and Tecnomatix Plant Simulation | 2025-03-11T00:00:00Z | 2025-03-11T00:00:00Z |
| ssa-073066 | SSA-073066: Multiple Vulnerabilities in SINEMA Remote Connect Server Before V3.2 SP3 | 2025-03-11T00:00:00Z | 2025-03-11T00:00:00Z |
| ssa-075201 | SSA-075201: Multiple Vulnerabilities in SCALANCE LPE9403 Before V4.0 | 2025-03-11T00:00:00Z | 2025-03-11T00:00:00Z |
| ssa-216014 | SSA-216014: Vulnerabilities in EFI variable of SIMATIC IPCs, SIMATIC Tablet PCs, and SIMATIC Field PGs | 2025-03-11T00:00:00Z | 2025-11-11T00:00:00Z |
| ssa-280834 | SSA-280834: Improper OpenVPN Credential Validation Vulnerability in SCALANCE M-800 and SC-600 Families | 2025-03-11T00:00:00Z | 2025-03-11T00:00:00Z |
| ssa-507653 | SSA-507653: Improper Access Control Vulnerabilities in Tecnomatix Plant Simulation | 2025-03-11T00:00:00Z | 2025-03-11T00:00:00Z |
| ssa-515903 | SSA-515903: Multiple Vulnerabilities in SiPass integrated AC5102 / ACC-G2 and ACC-AP | 2025-03-11T00:00:00Z | 2025-03-11T00:00:00Z |
| ssa-615740 | SSA-615740: Multiple Vulnerabilities in SINEMA Remote Connect Client Before V3.2 SP3 | 2025-03-11T00:00:00Z | 2025-03-11T00:00:00Z |
| ssa-787280 | SSA-787280: Unlocked Bootloader Vulnerability in SINAMICS S200 | 2025-03-11T00:00:00Z | 2025-03-11T00:00:00Z |
| ssa-858251 | SSA-858251: Authentication Bypass Vulnerabilities in OPC UA | 2025-03-11T00:00:00Z | 2025-06-10T00:00:00Z |
| ssa-920092 | SSA-920092: Memory Corruption Vulnerability in Simcenter Femap | 2025-03-13T00:00:00Z | 2025-03-13T00:00:00Z |
| ssa-187636 | SSA-187636: Multiple Vulnerabilities in SENTRON 7KT PAC1260 Data Manager | 2025-04-08T00:00:00Z | 2025-04-08T00:00:00Z |
| ssa-277137 | SSA-277137: Multiple Vulnerabilities in SIDIS Prime Before V4.0.700 | 2025-04-08T00:00:00Z | 2025-04-08T00:00:00Z |
| ssa-525431 | SSA-525431: Privilege Escalation Vulnerabilities in Siemens License Server Before V4.3 | 2025-04-08T00:00:00Z | 2025-04-08T00:00:00Z |
| ssa-672923 | SSA-672923: Out of Bounds Write Vulnerability in Solid Edge | 2025-04-08T00:00:00Z | 2025-04-08T00:00:00Z |
| ssa-817234 | SSA-817234: Multiple Kubernetes Ingress NGINX Controller Vulnerabilities in Insights Hub Private Cloud | 2025-04-08T00:00:00Z | 2025-04-08T00:00:00Z |
| ssa-819629 | SSA-819629: Weak Authentication Vulnerability in Industrial Edge Device Kit | 2025-04-08T00:00:00Z | 2025-05-13T00:00:00Z |
| ssa-874353 | SSA-874353: Entity Enumeration Vulnerability in Mendix Runtime | 2025-04-08T00:00:00Z | 2025-06-10T00:00:00Z |
| ssa-395348 | SSA-395348: Improper Handling of Length Parameter Inconsistency Vulnerability in TeleControl Server Basic before V3.1.2.2 | 2025-04-16T00:00:00Z | 2025-04-16T00:00:00Z |
| ssa-443402 | SSA-443402: Multiple SQL Injection Vulnerabilities in TeleControl Server Basic before V3.1.2.2 | 2025-04-16T00:00:00Z | 2025-04-16T00:00:00Z |
| ssa-047424 | SSA-047424: Code Execution and SQL Injection Vulnerabilities in OZW Web Servers | 2025-05-13T00:00:00Z | 2025-05-13T00:00:00Z |
| ssa-162255 | SSA-162255: Multiple Vulnerabilities in Polarion Before V2410 | 2025-05-13T00:00:00Z | 2025-05-13T00:00:00Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| rhsa-2003:312 | Red Hat Security Advisory: pan security update | 2003-12-10T16:52:00+00:00 | 2025-11-21T17:26:37+00:00 |
| rhsa-2003:360 | Red Hat Security Advisory: apache security update | 2003-12-10T16:52:00+00:00 | 2025-11-21T17:26:41+00:00 |
| rhsa-2003:386 | Red Hat Security Advisory: freeradius security update | 2003-12-10T16:59:00+00:00 | 2025-11-21T17:26:44+00:00 |
| rhsa-2003:395 | Red Hat Security Advisory: gnupg security update | 2003-12-11T00:21:00+00:00 | 2025-11-21T17:26:43+00:00 |
| rhsa-2003:390 | Red Hat Security Advisory: : Updated gnupg packages disable ElGamal keys | 2003-12-11T00:25:00+00:00 | 2025-11-21T17:26:43+00:00 |
| rhsa-2003:403 | Red Hat Security Advisory: : Updated lftp packages fix security vulnerability | 2003-12-16T14:05:00+00:00 | 2025-11-21T17:26:46+00:00 |
| rhsa-2003:404 | Red Hat Security Advisory: lftp security update | 2003-12-16T14:06:00+00:00 | 2025-11-21T17:26:46+00:00 |
| rhsa-2003:320 | Red Hat Security Advisory: : Updated httpd packages fix Apache security vulnerabilities | 2003-12-16T21:48:00+00:00 | 2025-11-21T17:26:39+00:00 |
| rhsa-2003:405 | Red Hat Security Advisory: : Updated apache packages fix minor security vulnerability | 2003-12-18T09:27:00+00:00 | 2025-11-21T17:26:47+00:00 |
| rhsa-2003:368 | Red Hat Security Advisory: Updated IA64 kernel packages address security vulnerabilities, bugfixes | 2003-12-19T18:10:00+00:00 | 2025-11-21T17:26:41+00:00 |
| rhsa-2003:417 | Red Hat Security Advisory: : Updated kernel resolves security vulnerability | 2004-01-05T12:50:00+00:00 | 2025-11-21T17:26:47+00:00 |
| rhsa-2003:418 | Red Hat Security Advisory: kernel security update | 2004-01-05T14:41:00+00:00 | 2025-11-21T17:26:48+00:00 |
| rhsa-2003:419 | Red Hat Security Advisory: kernel security update | 2004-01-05T14:51:00+00:00 | 2025-11-21T17:26:49+00:00 |
| rhsa-2004:001 | Red Hat Security Advisory: : Updated Ethereal packages fix security issues | 2004-01-07T18:12:00+00:00 | 2025-11-21T17:26:49+00:00 |
| rhsa-2003:416 | Red Hat Security Advisory: kernel security update | 2004-01-07T18:20:00+00:00 | 2025-11-21T17:26:47+00:00 |
| rhsa-2004:003 | Red Hat Security Advisory: : Updated CVS packages fix minor security issue | 2004-01-12T15:44:00+00:00 | 2025-11-21T17:26:50+00:00 |
| rhsa-2004:006 | Red Hat Security Advisory: : Updated kdepim packages resolve security vulnerability | 2004-01-14T13:09:00+00:00 | 2025-11-21T17:26:51+00:00 |
| rhsa-2004:005 | Red Hat Security Advisory: kdepim security update | 2004-01-14T13:10:00+00:00 | 2025-11-21T17:26:50+00:00 |
| rhsa-2004:015 | Red Hat Security Advisory: httpd security update | 2004-01-14T13:12:00+00:00 | 2025-11-21T17:26:52+00:00 |
| rhsa-2004:004 | Red Hat Security Advisory: cvs security update | 2004-01-14T13:16:00+00:00 | 2025-11-21T17:26:50+00:00 |
| rhsa-2004:009 | Red Hat Security Advisory: elm security update | 2004-01-14T13:16:00+00:00 | 2025-11-21T17:26:52+00:00 |
| rhsa-2004:007 | Red Hat Security Advisory: : : : Updated tcpdump packages fix various vulnerabilities | 2004-01-14T19:43:00+00:00 | 2025-11-21T17:26:53+00:00 |
| rhsa-2004:008 | Red Hat Security Advisory: tcpdump security update | 2004-01-15T10:31:00+00:00 | 2025-11-21T17:26:52+00:00 |
| rhsa-2004:023 | Red Hat Security Advisory: net-snmp security update | 2004-01-15T14:14:00+00:00 | 2025-11-21T17:26:54+00:00 |
| rhsa-2004:017 | Red Hat Security Advisory: Updated kernel packages available for Red Hat Enterprise Linux 3 Update 1 | 2004-01-16T17:01:00+00:00 | 2025-11-21T17:26:57+00:00 |
| rhsa-2004:002 | Red Hat Security Advisory: ethereal security update | 2004-01-20T16:45:00+00:00 | 2025-11-21T17:26:49+00:00 |
| rhsa-2004:034 | Red Hat Security Advisory: : Updated mc packages resolve buffer overflow vulnerability | 2004-01-21T09:38:00+00:00 | 2025-11-21T17:26:56+00:00 |
| rhsa-2004:040 | Red Hat Security Advisory: : Updated slocate packages fix vulnerability | 2004-01-22T16:38:00+00:00 | 2025-11-21T17:26:56+00:00 |
| rhsa-2004:032 | Red Hat Security Advisory: : Updated Gaim packages fix various vulnerabiliies | 2004-01-26T17:38:00+00:00 | 2025-11-21T17:26:55+00:00 |
| rhsa-2004:041 | Red Hat Security Advisory: slocate security update | 2004-01-26T19:02:00+00:00 | 2025-11-21T17:26:57+00:00 |
| ID | Description | Published | Updated |
|---|---|---|---|
| msrc_cve-2019-9210 | In AdvanceCOMP 2.1 png_compress in pngex.cc in advpng has an integer overflow upon encountering an invalid PNG size which results in an attempted memcpy to write into a buffer that is too small. (There is also a heap-based buffer over-read.) | 2019-02-02T00:00:00.000Z | 2023-05-25T00:00:00.000Z |
| msrc_cve-2019-3816 | Openwsman versions up to and including 2.6.9 are vulnerable to arbitrary file disclosure because the working directory of openwsmand daemon was set to root directory. A remote unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP request to openwsman server. | 2019-03-02T00:00:00.000Z | 2025-05-27T00:00:00.000Z |
| msrc_cve-2019-3832 | It was discovered the fix for CVE-2018-19758 (libsndfile) was not complete and still allows a read beyond the limits of a buffer in wav_write_header() function in wav.c. A local attacker may use this flaw to make the application crash. | 2019-03-02T00:00:00.000Z | 2021-01-28T00:00:00.000Z |
| msrc_cve-2019-3833 | Openwsman versions up to and including 2.6.9 are vulnerable to infinite loop in process_connection() when parsing specially crafted HTTP requests. A remote unauthenticated attacker can exploit this vulnerability by sending malicious HTTP request to cause denial of service to openwsman server. | 2019-03-02T00:00:00.000Z | 2025-05-27T00:00:00.000Z |
| msrc_cve-2019-5737 | In Node.js including 6.x before 6.17.0 8.x before 8.15.1 10.x before 10.15.2 and 11.x before 11.10.1 an attacker can cause a Denial of Service (DoS) by establishing an HTTP or HTTPS connection in keep-alive mode and by sending headers very slowly. This keeps the connection and associated resources alive for a long period of time. Potential attacks are mitigated by the use of a load balancer or other proxy layer. This vulnerability is an extension of CVE-2018-12121 addressed in November and impacts all active Node.js release lines including 6.x before 6.17.0 8.x before 8.15.1 10.x before 10.15.2 and 11.x before 11.10.1. | 2019-03-02T00:00:00.000Z | 2021-06-06T00:00:00.000Z |
| msrc_cve-2019-6454 | An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1 causing the stack pointer to jump over the stack guard pages into an unmapped memory region and trigger a denial of service (systemd PID1 crash and kernel panic). | 2019-03-02T00:00:00.000Z | 2020-08-18T00:00:00.000Z |
| msrc_cve-2019-9185 | Controller/Async/FilesystemManager.php in the filemanager in Bolt allows remote attacke | 2019-03-02T00:00:00.000Z | 2025-10-01T23:11:03.000Z |
| msrc_cve-2019-9741 | An issue was discovered in net/http in Go 1.11.5. CRLF injection is possible if the attacker controls a url parameter as demonstrated by the second argument to http.NewRequest with \r\n followed by an HTTP header or a Redis command. | 2019-03-02T00:00:00.000Z | 2024-06-30T07:00:00.000Z |
| msrc_cve-2016-1585 | AppArmor mount rules grant excessive permissions | 2019-04-02T00:00:00.000Z | 2025-05-02T00:00:00.000Z |
| msrc_cve-2018-20505 | SQLite 3.25.2 when queries are run on a table with a malformed PRIMARY KEY allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). | 2019-04-02T00:00:00.000Z | 2024-06-30T07:00:00.000Z |
| msrc_cve-2018-20506 | SQLite before 3.25.3 when the FTS3 extension is enabled encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a "merge" operation that occurs after crafted changes to FTS3 shadow tables allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). This is a different vulnerability than CVE-2018-20346. | 2019-04-02T00:00:00.000Z | 2024-06-30T07:00:00.000Z |
| msrc_cve-2019-10906 | In Pallets Jinja before 2.10.1 str.format_map allows a sandbox escape. | 2019-04-02T00:00:00.000Z | 2024-09-23T00:00:00.000Z |
| msrc_cve-2019-11236 | In the urllib3 library through 1.24.1 for Python CRLF injection is possible if the attacker controls the request parameter. | 2019-04-02T00:00:00.000Z | 2020-12-21T00:00:00.000Z |
| msrc_cve-2019-11324 | The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome. This is related to use of the ssl_context, ca_certs, or ca_certs_dir argument. | 2019-04-02T00:00:00.000Z | 2025-09-03T23:00:29.000Z |
| msrc_cve-2019-11358 | jQuery before 3.4.0 as used in Drupal Backdrop CMS and other products mishandles jQuery.extend(true {} ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property it could extend the native Object.prototype. | 2019-04-02T00:00:00.000Z | 2025-02-11T00:00:00.000Z |
| msrc_cve-2019-2708 | Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are Prior to 6.138 prior to 6.2.38 and prior to 18.1.32. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Data Store. CVSS 3.0 Base Score 3.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L). | 2019-04-02T00:00:00.000Z | 2024-06-30T07:00:00.000Z |
| msrc_cve-2019-3842 | In systemd before v242-rc4 it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker in some particular configurations to set a XDG_SEAT environment variable which allows for commands to be checked against polkit policies using the "allow_active" element rather than "allow_any". | 2019-04-02T00:00:00.000Z | 2020-08-18T00:00:00.000Z |
| msrc_cve-2019-3843 | It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future when the UID/GID will be recycled. | 2019-04-02T00:00:00.000Z | 2020-08-18T00:00:00.000Z |
| msrc_cve-2019-3844 | It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries which would allow to create binaries owned by the service transient group with the setgid bit set. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future when the GID will be recycled. | 2019-04-02T00:00:00.000Z | 2020-08-18T00:00:00.000Z |
| msrc_cve-2019-3870 | A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC files are created in a private subdirectory of the install location. This directory is typically mode 0700 that is owner (root) only access. However in some upgraded installations it will have other permissions such as 0755 because this was the default before Samba 4.8. Within this directory files are created with mode 0666 which is world-writable including a sample krb5.conf and the list of DNS names and servicePrincipalName values to update. | 2019-04-02T00:00:00.000Z | 2024-10-15T00:00:00.000Z |
| msrc_cve-2019-3886 | An incorrect permissions check was discovered in libvirt 4.8.0 and above. The readonly permission was allowed to invoke APIs depending on the guest agent which could lead to potentially disclosing unintended information or denial of service by causing libvirt to block. | 2019-04-02T00:00:00.000Z | 2020-09-25T00:00:00.000Z |
| msrc_cve-2019-3887 | A flaw was found in the way KVM hypervisor handled x2APIC Machine Specific Rregister (MSR) access with nested(=1) virtualization enabled. In that L1 guest could access L0's APIC register values via L2 guest when 'virtualize x2APIC mode' is enabled. A guest could use this flaw to potentially crash the host kernel resulting in DoS issue. Kernel versions from 4.16 and newer are vulnerable to this issue. | 2019-04-02T00:00:00.000Z | 2021-12-16T00:00:00.000Z |
| msrc_cve-2019-11834 | cJSON before 1.7.11 allows out-of-bounds access related to \x00 in a string literal. | 2019-05-02T00:00:00.000Z | 2024-06-30T07:00:00.000Z |
| msrc_cve-2019-11835 | cJSON before 1.7.11 allows out-of-bounds access related to multiline comments. | 2019-05-02T00:00:00.000Z | 2024-06-30T07:00:00.000Z |
| msrc_cve-2019-12439 | bubblewrap.c in Bubblewrap before 0.3.3 misuses temporary directories in /tmp as a mount point. In some particular configurations (related to XDG_RUNTIME_DIR) a local attacker may abuse this flaw to prevent other users from executing bubblewrap or potentially execute code. | 2019-05-02T00:00:00.000Z | 2020-08-18T00:00:00.000Z |
| msrc_cve-2019-12450 | file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead default permissions are used. | 2019-05-02T00:00:00.000Z | 2021-12-16T00:00:00.000Z |
| msrc_cve-2019-8457 | SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables. | 2019-05-02T00:00:00.000Z | 2024-06-30T07:00:00.000Z |
| msrc_cve-2018-20843 | In libexpat in Expat before 2.2.7 XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks). | 2019-06-02T00:00:00.000Z | 2020-08-18T00:00:00.000Z |
| msrc_cve-2019-12280 | PC-Doctor Toolbox before 7.3 has an Uncontrolled Search Path Element. | 2019-06-02T00:00:00.000Z | 2025-10-01T23:11:01.000Z |
| msrc_cve-2019-12735 | getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline as demonstrated by execute in Vim and assert_fails or nvim_input in Neovim. | 2019-06-02T00:00:00.000Z | 2020-09-25T00:00:00.000Z |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| jvndb-2008-000028 | WEB MART from KENT WEB vulnerable to cross-site scripting | 2008-06-06T12:01+09:00 | 2008-06-06T12:01+09:00 |
| jvndb-2006-000639 | Pixelpost cross-site scripting vulnerability | 2008-06-10T13:57+09:00 | 2008-06-10T13:57+09:00 |
| jvndb-2008-000029 | Sleipnir and Grani vulnerable to arbitrary script execution when Bookmark search results are restored from history | 2008-06-10T13:59+09:00 | 2008-06-10T13:59+09:00 |
| jvndb-2008-001043 | X.Org Foundation X server buffer overflow vulnerability | 2008-06-13T17:11+09:00 | 2008-11-21T12:19+09:00 |
| jvndb-2008-000030 | BlognPlus SQL injection vulnerability | 2008-06-20T13:45+09:00 | 2008-06-20T13:45+09:00 |
| jvndb-2008-000031 | CGIWrap error page cross-site scripting vulnerability | 2008-06-20T13:46+09:00 | 2008-06-20T13:46+09:00 |
| jvndb-2008-000032 | nProtect : Netizen denial of service (DoS) vulnerability | 2008-07-07T10:24+09:00 | 2008-07-07T10:24+09:00 |
| jvndb-2008-001417 | Vulnerability in Sample Code in Hitachi uCosminexus Portal Framework Manuals | 2008-07-07T10:38+09:00 | 2008-07-07T10:38+09:00 |
| jvndb-2008-000033 | Multiple Cybozu products vulnerable to cross-site request forgery | 2008-07-08T12:14+09:00 | 2008-07-08T12:14+09:00 |
| jvndb-2008-000034 | Cybozu Garoon session fixation vulnerability | 2008-07-08T12:14+09:00 | 2008-07-08T12:14+09:00 |
| jvndb-2008-000035 | Cybozu Garoon vulnerable to arbitrary script execution | 2008-07-08T12:14+09:00 | 2008-07-08T12:14+09:00 |
| jvndb-2008-000036 | FreeStyleWiki cross-site scripting vulnerability | 2008-07-08T12:14+09:00 | 2008-07-08T12:14+09:00 |
| jvndb-2008-000038 | Redmine vulnerable to cross-site scripting | 2008-07-08T12:15+09:00 | 2008-07-08T12:15+09:00 |
| jvndb-2008-000039 | Safari installed in iPod touch and iPhone vulnerable in handling server certificates | 2008-07-16T12:27+09:00 | 2008-07-16T12:27+09:00 |
| jvndb-2008-000040 | Directory traversal vulnerability in WebLogic Server and WebLogic Express plug-ins | 2008-07-24T14:22+09:00 | 2008-07-24T14:22+09:00 |
| jvndb-2008-000041 | WebProxy from LunarNight Laboratory vulnerable to cross-site scripting | 2008-07-24T14:23+09:00 | 2008-07-24T14:23+09:00 |
| jvndb-2008-000042 | Multiple Century Systems routers vulnerable to cross-site request forgery | 2008-07-24T14:23+09:00 | 2008-07-24T14:23+09:00 |
| jvndb-2008-000043 | K's CGI Access Log Kaiseki (jcode.pl) vulnerable to cross-site scripting | 2008-07-29T14:56+09:00 | 2008-07-29T14:56+09:00 |
| jvndb-2008-000044 | K's CGI Access Log Kaiseki (Jcode.pm) vulnerable to cross-site scripting | 2008-07-29T14:56+09:00 | 2008-07-29T14:56+09:00 |
| jvndb-2008-000045 | Geeklog Forum Plugin vulnerable to cross-site scripting | 2008-07-29T14:57+09:00 | 2008-07-29T14:57+09:00 |
| jvndb-2008-001513 | Cross-Site Scripting Vulnerability in Hitachi Web Server Status Information Display Function | 2008-07-30T13:45+09:00 | 2014-05-21T18:19+09:00 |
| jvndb-2008-001514 | Cross-Site Scripting Vulnerability in Hitachi Collaboration - Online Community Management | 2008-07-30T13:46+09:00 | 2008-07-30T13:46+09:00 |
| jvndb-2008-000037 | Multiple Panasonic Communications Co., Ltd. network cameras vulnerable to cross-site scripting | 2008-08-04T14:34+09:00 | 2008-08-04T14:34+09:00 |
| jvndb-2008-000050 | Virus Security and Virus Security ZERO denial of service (DoS) vulnerability | 2008-08-14T18:15+09:00 | 2008-08-14T18:15+09:00 |
| jvndb-2008-000046 | La!cooda WIZ and LacoodaST vulnerable to cross-site request forgery | 2008-09-02T16:58+09:00 | 2008-09-02T16:58+09:00 |
| jvndb-2008-000047 | LacoodaST from SpaceTag, Inc. session fixation vulnerability | 2008-09-02T17:01+09:00 | 2008-09-02T17:01+09:00 |
| jvndb-2008-000048 | La!cooda WIZ and LacoodaST vulnerable to cross-site scripting | 2008-09-02T17:02+09:00 | 2008-09-02T17:02+09:00 |
| jvndb-2008-000049 | Vulnerability in La!cooda WIZ and LacoodaST allowing an arbitrary PHP script execution | 2008-09-02T17:03+09:00 | 2008-09-02T17:03+09:00 |
| jvndb-2008-000053 | mysql-lists from AquaGardenSoft Co.,Ltd. vulnerable to cross-site scripting | 2008-09-02T17:05+09:00 | 2008-09-02T17:05+09:00 |
| jvndb-2008-000054 | Blogn vulnerable to cross-site request forgery | 2008-09-02T17:22+09:00 | 2008-09-02T17:22+09:00 |
| ID | Description | Updated |
|---|