Recent vulnerabilities
| ID | Description | Published | Updated |
|---|---|---|---|
| ghsa-f5x9-j9rr-qwgg | If right-to-left text is used in the addressbar with left-to-right alignment, it is possible in som… | 2022-05-13T01:52:42Z | 2025-11-25T18:32:11Z |
| ghsa-cx2r-fxw7-w76f | In the Windows 10 April 2018 Update, Windows Defender SmartScreen honors the "SEE_MASK_FLAG_NO_UI" … | 2022-05-13T01:52:43Z | 2025-11-25T18:32:13Z |
| ghsa-rvjq-qp5f-gvx6 | VMware NSX SD-WAN Edge by VeloCloud prior to version 3.1.0 contains a command injection vulnerabili… | 2022-05-13T01:53:14Z | 2025-10-22T00:31:35Z |
| ghsa-v82r-2hh9-72g8 | An elevation of privilege vulnerability exists in Windows when the Win32k component fails to proper… | 2022-05-13T01:53:31Z | 2025-10-22T00:31:35Z |
| ghsa-87h6-m3qc-h3rx | An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver im… | 2022-05-13T01:53:40Z | 2025-10-22T00:31:36Z |
| ghsa-mxvv-3vrg-ch3p | An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver im… | 2022-05-13T01:53:41Z | 2025-10-22T00:31:36Z |
| ghsa-8587-44mr-xf6j | An elevation of privilege vulnerability exists in Windows when the Win32k component fails to proper… | 2022-05-13T01:53:42Z | 2025-10-22T00:31:36Z |
| ghsa-jw7v-w46m-p6pp | An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Lo… | 2022-05-13T01:53:42Z | 2025-10-22T00:31:36Z |
| ghsa-24mr-rp5r-phj8 | An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle obj… | 2022-05-13T01:53:46Z | 2025-10-22T00:31:36Z |
| ghsa-67qx-v8w9-q5x5 | An elevation of privilege vulnerability exists when Windows improperly handles calls to Win32k.sys,… | 2022-05-13T01:53:46Z | 2025-10-22T00:31:36Z |
| ghsa-93mm-g479-2cx4 | An elevation of privilege vulnerability exists in Windows when the Win32k component fails to proper… | 2022-05-13T01:53:46Z | 2025-10-22T00:31:36Z |
| ghsa-498p-qg8p-wgxg | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Updat… | 2022-05-14T00:03:06Z | 2025-10-22T03:30:34Z |
| ghsa-fw99-8m5g-58p8 | Multiple vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update… | 2022-05-14T00:03:19Z | 2025-10-22T03:30:31Z |
| ghsa-ch9c-pq9h-jrr9 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 updat… | 2022-05-14T00:03:23Z | 2025-10-22T03:30:31Z |
| ghsa-8x43-549v-7wcw | Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.… | 2022-05-14T00:53:46Z | 2025-10-22T00:31:35Z |
| ghsa-rfp6-w338-jp8m | Execution of user supplied Javascript during array deserialization leading to an out of bounds writ… | 2022-05-14T00:53:55Z | 2025-10-22T00:31:36Z |
| ghsa-3fjx-35vx-pq97 | An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the _libssh2_packet_require an… | 2022-05-14T00:55:55Z | 2025-12-18T12:30:27Z |
| ghsa-fj79-76j8-9vjm | Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information … | 2022-05-14T00:57:15Z | 2025-10-22T00:31:19Z |
| ghsa-fq8g-m89m-mrw9 | Use-after-free vulnerability in Adobe Flash Player before 23.0.0.205 on Windows and OS X and before… | 2022-05-14T01:01:34Z | 2025-10-22T00:31:17Z |
| ghsa-7w6v-23gr-722w | Buffer underflow in atmfd.dll in the Windows Adobe Type Manager Library in Microsoft Windows Vista … | 2022-05-14T01:02:19Z | 2025-10-22T00:31:10Z |
| ghsa-w64p-pvrc-c5w3 | OleAut32.dll in OLE in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP… | 2022-05-14T01:02:27Z | 2025-10-22T03:30:41Z |
| ghsa-h63q-2463-x5hq | A flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive respo… | 2022-05-14T01:02:41Z | 2025-12-19T06:30:27Z |
| ghsa-259r-5hvg-4f6x | win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vist… | 2022-05-14T01:02:46Z | 2025-10-22T00:31:09Z |
| ghsa-5c8h-c2cj-96mm | The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows … | 2022-05-14T01:02:47Z | 2025-10-22T00:31:11Z |
| ghsa-p8wc-6g47-vh8j | HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Window… | 2022-05-14T01:02:48Z | 2025-10-22T03:30:42Z |
| ghsa-fj6j-88c7-c8gx | Mount Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Wi… | 2022-05-14T01:03:06Z | 2025-10-22T00:31:11Z |
| ghsa-7627-vgq8-rcjv | The InformationCardSigninHelper Class ActiveX control in icardie.dll in Microsoft Windows XP SP2 an… | 2022-05-14T01:03:34Z | 2025-10-22T03:30:35Z |
| ghsa-cm2m-vv5g-hpc2 | The Group Policy implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1,… | 2022-05-14T01:03:39Z | 2025-10-22T03:30:37Z |
| ghsa-fprc-fr29-2qmp | The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and earlier allows remote attackers t… | 2022-05-14T01:03:39Z | 2025-10-22T03:30:36Z |
| ghsa-35f2-76rg-h8vq | ATMFD.DLL in the Adobe Type Manager Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista… | 2022-05-14T01:05:07Z | 2025-10-22T00:31:10Z |
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| cve-2018-15473 | N/A | OpenSSH through 7.7 is prone to a user enumeratio… |
n/a |
n/a |
2018-08-17T00:00:00.000Z | 2025-12-17T21:22:47.283Z |
| cve-2018-11776 | N/A | Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2… |
Apache Software Foundation |
Apache Struts |
2018-08-22T13:00:00.000Z | 2025-10-21T23:45:48.386Z |
| cve-2018-15919 | N/A | Remotely observable behaviour in auth-gss2.c in O… |
n/a |
n/a |
2018-08-28T08:00:00.000Z | 2025-12-18T11:48:27.405Z |
| cve-2018-16790 | N/A | _bson_iter_next_internal in bson-iter.c in libbso… |
n/a |
n/a |
2018-09-10T05:00:00.000Z | 2025-11-03T19:25:21.191Z |
| cve-2018-8440 | N/A | An elevation of privilege vulnerability exists wh… |
Microsoft |
Windows 7 |
2018-09-13T00:00:00.000Z | 2025-10-21T23:45:48.243Z |
| cve-2018-15961 | N/A | Adobe ColdFusion versions July 12 release (2018.0… |
Adobe |
ColdFusion |
2018-09-25T13:00:00.000Z | 2025-10-21T23:45:48.090Z |
| cve-2018-16151 | N/A | In verify_emsa_pkcs1_signature() in gmp_rsa_publi… |
n/a |
n/a |
2018-09-26T21:00:00.000Z | 2025-12-03T20:26:00.122Z |
| cve-2018-16152 | N/A | In verify_emsa_pkcs1_signature() in gmp_rsa_publi… |
n/a |
n/a |
2018-09-26T21:00:00.000Z | 2025-12-03T20:24:34.312Z |
| cve-2018-8453 | N/A | An elevation of privilege vulnerability exists in… |
Microsoft |
Windows 7 |
2018-10-10T13:00:00.000Z | 2025-10-21T23:45:47.893Z |
| cve-2018-9206 | N/A | Unauthenticated arbitrary file upload vulnerabili… |
Blueimp |
Blueimp jQuery-File-Upload |
2018-10-11T15:00:00 | 2025-11-04T14:26:56.318Z |
| cve-2018-14558 | N/A | An issue was discovered on Tenda AC7 devices with… |
n/a |
n/a |
2018-10-30T18:00:00.000Z | 2025-10-21T23:45:47.726Z |
| cve-2018-14667 | The RichFaces Framework 3.X through 3.3.4 is vuln… |
[UNKNOWN] |
RichFaces |
2018-11-06T22:00:00.000Z | 2025-10-21T23:45:47.440Z | |
| cve-2018-8581 | N/A | An elevation of privilege vulnerability exists in… |
Microsoft |
Microsoft Exchange Server |
2018-11-14T01:00:00.000Z | 2025-10-21T23:45:47.294Z |
| cve-2018-8589 | N/A | An elevation of privilege vulnerability exists wh… |
Microsoft |
Windows Server 2008 |
2018-11-14T01:00:00.000Z | 2025-10-21T23:45:47.156Z |
| cve-2018-17463 | N/A | Incorrect side effect annotation in V8 in Google … |
Google |
Chrome |
2018-11-14T15:00:00.000Z | 2025-10-21T23:45:47.003Z |
| cve-2018-6065 | N/A | Integer overflow in computing the required alloca… |
Google |
Chrome |
2018-11-14T15:00:00.000Z | 2025-10-21T23:45:46.861Z |
| cve-2018-19410 | N/A | PRTG Network Monitor before 18.2.40.1683 allows r… |
n/a |
n/a |
2018-11-21T16:00:00.000Z | 2025-10-21T23:45:46.722Z |
| cve-2018-19787 | N/A | An issue was discovered in lxml before 4.2.5. lxm… |
n/a |
n/a |
2018-12-02T10:00:00.000Z | 2025-12-18T15:15:39.190Z |
| cve-2018-19591 | N/A | In the GNU C Library (aka glibc or libc6) through… |
n/a |
n/a |
2018-12-04T16:00:00.000Z | 2025-12-03T19:13:21.308Z |
| cve-2018-1000861 | N/A | A code execution vulnerability exists in the Stap… |
n/a |
n/a |
2018-12-10T14:00:00.000Z | 2025-10-21T23:45:46.593Z |
| cve-2018-17480 | N/A | Execution of user supplied Javascript during arra… |
Google |
Chrome |
2018-12-11T15:00:00.000Z | 2025-10-21T23:45:46.405Z |
| cve-2018-20062 | N/A | An issue was discovered in NoneCms V1.3. thinkphp… |
n/a |
n/a |
2018-12-11T18:00:00.000Z | 2025-10-21T23:45:46.278Z |
| cve-2018-8611 | N/A | An elevation of privilege vulnerability exists wh… |
Microsoft |
Windows 7 |
2018-12-12T00:00:00.000Z | 2025-10-21T23:45:46.145Z |
| cve-2018-8639 | N/A | An elevation of privilege vulnerability exists in… |
Microsoft |
Windows 7 |
2018-12-12T00:00:00.000Z | 2025-10-21T23:45:46.009Z |
| cve-2018-8653 | N/A | A remote code execution vulnerability exists in t… |
Microsoft |
Internet Explorer 9 |
2018-12-20T13:00:00.000Z | 2025-10-21T23:45:45.766Z |
| cve-2018-19320 | N/A | The GDrv low-level driver in GIGABYTE APP Center … |
n/a |
n/a |
2018-12-21T23:00:00.000Z | 2025-10-21T23:45:45.601Z |
| cve-2018-19321 | N/A | The GPCIDrv and GDrv low-level drivers in GIGABYT… |
n/a |
n/a |
2018-12-21T23:00:00.000Z | 2025-10-21T23:45:45.399Z |
| cve-2018-19322 | N/A | The GPCIDrv and GDrv low-level drivers in GIGABYT… |
n/a |
n/a |
2018-12-21T23:00:00.000Z | 2025-10-21T23:45:45.244Z |
| cve-2018-19323 | N/A | The GDrv low-level driver in GIGABYTE APP Center … |
n/a |
n/a |
2018-12-21T23:00:00.000Z | 2025-10-21T23:45:44.914Z |
| cve-2018-20573 | N/A | The Scanner::EnsureTokensInQueue function in yaml… |
n/a |
n/a |
2018-12-28T16:00:00.000Z | 2025-11-03T21:44:07.301Z |
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| cve-2017-13687 | N/A | The Cisco HDLC parser in tcpdump before 4.9.2 has… |
n/a |
n/a |
2017-09-14T06:00:00.000Z | 2025-12-04T14:35:48.307Z |
| cve-2017-13688 | N/A | The OLSR parser in tcpdump before 4.9.2 has a buf… |
n/a |
n/a |
2017-09-14T06:00:00.000Z | 2025-12-04T14:23:45.484Z |
| cve-2017-13689 | N/A | The IKEv1 parser in tcpdump before 4.9.2 has a bu… |
n/a |
n/a |
2017-09-14T06:00:00.000Z | 2025-12-04T14:21:38.055Z |
| cve-2017-9805 | N/A | The REST Plugin in Apache Struts 2.1.1 through 2.… |
Apache Software Foundation |
Apache Struts |
2017-09-15T19:00:00.000Z | 2025-10-21T23:55:34.589Z |
| cve-2017-9798 | N/A | Apache httpd allows remote attackers to read secr… |
Apache Software Foundation |
Apache HTTP Server |
2017-09-18T15:00:00.000Z | 2025-11-04T16:09:11.219Z |
| cve-2017-12615 | N/A | When running Apache Tomcat 7.0.0 to 7.0.79 on Win… |
Apache Software Foundation |
Apache Tomcat |
2017-09-19T13:00:00.000Z | 2025-10-21T23:55:34.335Z |
| cve-2015-1187 | N/A | The ping tool in multiple D-Link and TRENDnet dev… |
n/a |
n/a |
2017-09-21T16:00:00.000Z | 2025-10-21T23:55:34.177Z |
| cve-2017-12231 | N/A | A vulnerability in the implementation of Network … |
n/a |
Cisco IOS |
2017-09-28T07:00:00.000Z | 2025-10-21T23:55:34.025Z |
| cve-2017-12232 | N/A | A vulnerability in the implementation of a protoc… |
n/a |
Cisco IOS |
2017-09-28T07:00:00.000Z | 2025-10-21T23:55:33.696Z |
| cve-2017-12233 | N/A | Multiple vulnerabilities in the implementation of… |
n/a |
Cisco IOS |
2017-09-28T07:00:00.000Z | 2025-10-21T23:55:33.512Z |
| cve-2017-12234 | N/A | Multiple vulnerabilities in the implementation of… |
n/a |
Cisco IOS |
2017-09-28T07:00:00.000Z | 2025-10-21T23:55:33.317Z |
| cve-2017-12235 | N/A | A vulnerability in the implementation of the PROF… |
n/a |
Cisco IOS |
2017-09-28T07:00:00.000Z | 2025-10-21T23:55:33.076Z |
| cve-2017-12237 | N/A | A vulnerability in the Internet Key Exchange Vers… |
n/a |
Cisco IOS and IOS XE |
2017-09-28T07:00:00.000Z | 2025-10-21T23:55:32.904Z |
| cve-2017-12238 | N/A | A vulnerability in the Virtual Private LAN Servic… |
n/a |
Cisco IOS |
2017-09-28T07:00:00.000Z | 2025-10-21T23:55:32.747Z |
| cve-2017-12240 | N/A | The DHCP relay subsystem of Cisco IOS 12.2 throug… |
n/a |
Cisco IOS and IOS XE |
2017-09-28T07:00:00.000Z | 2025-10-21T23:55:32.580Z |
| cve-2017-12617 | N/A | When running Apache Tomcat versions 9.0.0.M1 to 9… |
Apache Software Foundation |
Apache Tomcat |
2017-10-03T15:00:00.000Z | 2025-10-21T23:55:32.381Z |
| cve-2017-12149 | N/A | In Jboss Application Server as shipped with Red H… |
Red Hat, Inc. |
jbossas |
2017-10-04T20:00:00.000Z | 2025-10-21T23:55:31.822Z |
| cve-2017-1000253 | N/A | Linux distributions that have not patched their l… |
n/a |
n/a |
2017-10-04T01:00:00.000Z | 2025-10-21T23:55:32.192Z |
| cve-2017-11774 | N/A | Microsoft Outlook 2010 SP2, Outlook 2013 SP1 and … |
Microsoft Corporation |
Microsoft Outlook |
2017-10-13T13:00:00.000Z | 2025-10-21T23:55:31.465Z |
| cve-2017-11826 | N/A | Microsoft Office 2010, SharePoint Enterprise Serv… |
Microsoft Corporation |
Microsoft Office |
2017-10-13T13:00:00.000Z | 2025-10-21T23:55:31.281Z |
| cve-2017-10271 | N/A | Vulnerability in the Oracle WebLogic Server compo… |
Oracle Corporation |
WebLogic Server |
2017-10-19T17:00:00.000Z | 2025-10-21T23:55:31.111Z |
| cve-2017-11292 | N/A | Adobe Flash Player version 27.0.0.159 and earlier… |
n/a |
Adobe Flash Player version 27.0.0.159 and earlier |
2017-10-21T05:00:00.000Z | 2025-10-21T23:55:30.944Z |
| cve-2017-5070 | N/A | Type confusion in V8 in Google Chrome prior to 59… |
n/a |
Google Chrome prior to 59.0.3071.86 for Linux, Windows and Mac, and 59.0.3071.92 for Android |
2017-10-27T05:00:00.000Z | 2025-10-21T23:55:30.609Z |
| cve-2017-16651 | N/A | Roundcube Webmail before 1.1.10, 1.2.x before 1.2… |
n/a |
n/a |
2017-11-09T14:00:00.000Z | 2025-10-21T23:55:30.379Z |
| cve-2017-11882 | N/A | Microsoft Office 2007 Service Pack 3, Microsoft O… |
Microsoft Corporation |
Microsoft Office |
2017-11-15T03:00:00.000Z | 2025-10-21T23:55:30.163Z |
| cve-2017-1000218 | N/A | LightFTP version 1.1 is vulnerable to a buffer ov… |
n/a |
n/a |
2017-11-17T00:00:00Z | 2024-09-16T17:15:03.605Z |
| cve-2017-1000234 | N/A | I, Librarian version <=4.6 & 4.7 is vulnerable to… |
n/a |
n/a |
2017-11-17T04:00:00Z | 2024-09-17T00:36:36.282Z |
| cve-2017-1000235 | N/A | I, Librarian version <=4.6 & 4.7 is vulnerable to… |
n/a |
n/a |
2017-11-17T04:00:00Z | 2024-09-16T17:24:10.095Z |
| cve-2017-1000236 | N/A | I, Librarian version <=4.6 & 4.7 is vulnerable to… |
n/a |
n/a |
2017-11-17T04:00:00Z | 2024-09-17T03:22:42.978Z |
| cve-2017-1000237 | N/A | I, Librarian version <=4.6 & 4.7 is vulnerable to… |
n/a |
n/a |
2017-11-17T04:00:00Z | 2024-09-17T03:01:58.931Z |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| mal-2024-10062 | Malicious code in openaes (PyPI) | 2024-06-28T20:16:20Z | 2025-12-11T09:27:53Z |
| mal-2024-10063 | Malicious code in openasea (PyPI) | 2024-06-28T20:16:20Z | 2025-12-11T09:27:53Z |
| mal-2024-10064 | Malicious code in openeaa (PyPI) | 2024-06-28T20:16:20Z | 2025-12-11T09:27:53Z |
| mal-2024-10065 | Malicious code in openeasea (PyPI) | 2024-06-28T20:16:20Z | 2025-12-11T09:27:53Z |
| mal-2024-10066 | Malicious code in openes (PyPI) | 2024-06-28T20:16:20Z | 2025-12-11T09:27:53Z |
| mal-2024-10067 | Malicious code in openesa (PyPI) | 2024-06-28T20:16:20Z | 2025-12-11T09:27:53Z |
| mal-2024-10068 | Malicious code in openesaa (PyPI) | 2024-06-28T20:16:20Z | 2025-12-11T09:27:53Z |
| mal-2024-10069 | Malicious code in openrea (PyPI) | 2024-06-28T20:16:20Z | 2025-12-11T09:27:53Z |
| mal-2024-10070 | Malicious code in openresa (PyPI) | 2024-06-28T20:16:20Z | 2025-12-11T09:27:53Z |
| mal-2024-10071 | Malicious code in openrsea (PyPI) | 2024-06-28T20:16:20Z | 2025-12-11T09:27:53Z |
| mal-2024-10072 | Malicious code in opensa (PyPI) | 2024-06-28T20:16:20Z | 2025-12-11T09:27:53Z |
| mal-2024-10073 | Malicious code in opensae (PyPI) | 2024-06-28T20:16:20Z | 2025-12-11T09:27:53Z |
| mal-2024-10074 | Malicious code in opensar (PyPI) | 2024-06-28T20:16:20Z | 2025-12-11T09:27:53Z |
| mal-2024-10075 | Malicious code in openseaa (PyPI) | 2024-06-28T20:16:20Z | 2025-12-11T09:27:53Z |
| mal-2024-10076 | Malicious code in opensead (PyPI) | 2024-06-28T20:16:20Z | 2025-12-11T09:27:53Z |
| mal-2024-10077 | Malicious code in openseae (PyPI) | 2024-06-28T20:16:20Z | 2025-12-11T09:27:53Z |
| mal-2024-10078 | Malicious code in opensear (PyPI) | 2024-06-28T20:16:20Z | 2025-12-11T09:27:53Z |
| mal-2024-10079 | Malicious code in openseax (PyPI) | 2024-06-28T20:16:20Z | 2025-12-11T09:27:53Z |
| mal-2024-10080 | Malicious code in openseaz (PyPI) | 2024-06-28T20:16:20Z | 2025-12-11T09:27:53Z |
| mal-2024-10081 | Malicious code in opensee (PyPI) | 2024-06-28T20:16:20Z | 2025-12-11T09:27:53Z |
| mal-2024-10082 | Malicious code in openseea (PyPI) | 2024-06-28T20:16:20Z | 2025-12-11T09:27:53Z |
| mal-2024-10083 | Malicious code in opensesa (PyPI) | 2024-06-28T20:16:20Z | 2025-12-11T09:27:53Z |
| mal-2024-10084 | Malicious code in opensew (PyPI) | 2024-06-28T20:16:20Z | 2025-12-11T09:27:53Z |
| mal-2024-10085 | Malicious code in openswa (PyPI) | 2024-06-28T20:16:20Z | 2025-12-11T09:27:53Z |
| mal-2024-10086 | Malicious code in openwae (PyPI) | 2024-06-28T20:16:20Z | 2025-12-11T09:27:53Z |
| mal-2024-10087 | Malicious code in openwea (PyPI) | 2024-06-28T20:16:20Z | 2025-12-11T09:27:53Z |
| mal-2024-10088 | Malicious code in openwsaa (PyPI) | 2024-06-28T20:16:20Z | 2025-12-11T09:27:53Z |
| mal-2024-10089 | Malicious code in openwse (PyPI) | 2024-06-28T20:16:20Z | 2025-12-11T09:27:53Z |
| mal-2024-10090 | Malicious code in openwsea (PyPI) | 2024-06-28T20:16:20Z | 2025-12-11T09:27:53Z |
| mal-2024-10091 | Malicious code in openxsa (PyPI) | 2024-06-28T20:16:20Z | 2025-12-11T09:27:53Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| rhsa-2004:504 | Red Hat Security Advisory: Updated Itanium kernel packages resolve security issues | 2004-12-13T20:17:00+00:00 | 2025-11-21T17:27:50+00:00 |
| rhsa-2004:634 | Red Hat Security Advisory: zip security update | 2004-12-16T20:49:00+00:00 | 2025-11-21T17:27:58+00:00 |
| rhsa-2004:650 | Red Hat Security Advisory: libxml security update | 2004-12-16T20:52:00+00:00 | 2025-11-21T17:28:01+00:00 |
| rhsa-2004:670 | Red Hat Security Advisory: samba security update | 2004-12-16T21:08:00+00:00 | 2025-11-21T17:28:04+00:00 |
| rhsa-2004:638 | Red Hat Security Advisory: gd security update | 2004-12-17T09:54:00+00:00 | 2025-11-21T17:28:03+00:00 |
| rhsa-2004:610 | Red Hat Security Advisory: XFree86 security update | 2004-12-20T09:38:00+00:00 | 2025-11-21T17:27:57+00:00 |
| rhsa-2004:653 | Red Hat Security Advisory: apache, mod_ssl security update for Stronghold | 2004-12-20T16:40:00+00:00 | 2025-11-21T17:28:02+00:00 |
| rhsa-2004:489 | Red Hat Security Advisory: rh-postgresql security update | 2004-12-20T17:54:00+00:00 | 2025-11-21T17:27:48+00:00 |
| rhsa-2004:583 | Red Hat Security Advisory: nfs-utils security update | 2004-12-20T17:57:00+00:00 | 2025-11-21T17:27:54+00:00 |
| rhsa-2004:586 | Red Hat Security Advisory: glibc security update | 2004-12-20T18:14:00+00:00 | 2025-11-21T17:27:55+00:00 |
| rhsa-2004:612 | Red Hat Security Advisory: XFree86 security update | 2004-12-20T18:57:00+00:00 | 2025-11-21T17:27:58+00:00 |
| rhsa-2004:687 | Red Hat Security Advisory: php security update | 2004-12-21T18:52:00+00:00 | 2025-11-21T17:28:05+00:00 |
| rhsa-2004:681 | Red Hat Security Advisory: samba security update | 2004-12-21T18:57:00+00:00 | 2025-11-21T17:28:06+00:00 |
| rhsa-2004:674 | Red Hat Security Advisory: acroread security update | 2004-12-23T09:10:00+00:00 | 2025-11-21T17:28:04+00:00 |
| rhsa-2004:654 | Red Hat Security Advisory: squirrelmail security update | 2004-12-23T20:23:00+00:00 | 2025-11-21T17:28:03+00:00 |
| rhsa-2004:689 | Red Hat Security Advisory: kernel security update | 2004-12-23T20:47:00+00:00 | 2025-11-21T17:28:06+00:00 |
| rhsa-2005:010 | Red Hat Security Advisory: vim security update | 2005-01-05T15:38:00+00:00 | 2025-11-21T17:28:08+00:00 |
| rhsa-2005:020 | Red Hat Security Advisory: samba security update | 2005-01-05T15:40:00+00:00 | 2025-11-21T17:28:12+00:00 |
| rhsa-2005:005 | Red Hat Security Advisory: fam security update | 2005-01-05T15:41:00+00:00 | 2025-11-21T17:28:08+00:00 |
| rhsa-2005:030 | Red Hat Security Advisory: Netscape Directory Server security update | 2005-01-11T12:09:00+00:00 | 2025-11-21T17:28:14+00:00 |
| rhsa-2005:007 | Red Hat Security Advisory: unarj security update | 2005-01-12T18:38:00+00:00 | 2025-11-21T17:28:06+00:00 |
| rhsa-2005:015 | Red Hat Security Advisory: pine security update | 2005-01-12T18:40:00+00:00 | 2025-11-21T17:28:10+00:00 |
| rhsa-2005:018 | Red Hat Security Advisory: xpdf security update | 2005-01-12T18:43:00+00:00 | 2025-11-21T17:28:12+00:00 |
| rhsa-2005:004 | Red Hat Security Advisory: lesstif security update | 2005-01-12T18:44:00+00:00 | 2025-11-21T17:28:06+00:00 |
| rhsa-2005:013 | Red Hat Security Advisory: cups security update | 2005-01-12T18:47:00+00:00 | 2025-11-21T17:28:10+00:00 |
| rhsa-2005:014 | Red Hat Security Advisory: nfs-utils security update | 2005-01-12T18:48:00+00:00 | 2025-11-21T17:28:10+00:00 |
| rhsa-2005:019 | Red Hat Security Advisory: libtiff security update | 2005-01-13T13:21:00+00:00 | 2025-11-21T17:28:12+00:00 |
| rhsa-2005:043 | Red Hat Security Advisory: kernel security update | 2005-01-18T23:52:00+00:00 | 2025-11-21T17:28:18+00:00 |
| rhsa-2005:031 | Red Hat Security Advisory: php security update | 2005-01-19T18:46:00+00:00 | 2025-11-21T17:28:15+00:00 |
| rhsa-2005:012 | Red Hat Security Advisory: krb5 security update | 2005-01-19T18:51:00+00:00 | 2025-11-21T17:28:08+00:00 |
| ID | Description | Published | Updated |
|---|---|---|---|
| msrc_cve-2018-21232 | re2c before 2.0 has uncontrolled recursion that causes stack consumption in find_fixed_tags. | 2020-04-02T00:00:00.000Z | 2022-01-19T00:00:00.000Z |
| msrc_cve-2020-11102 | hw/net/tulip.c in QEMU 4.2.0 has a buffer overflow during the copying of tx/rx buffers because the frame size is not validated against the r/w data length. | 2020-04-02T00:00:00.000Z | 2020-08-18T00:00:00.000Z |
| msrc_cve-2020-11494 | An issue was discovered in slc_bump in drivers/net/can/slcan.c in the Linux kernel 3.16 through 5.6.2. It allows attackers to read uninitialized can_frame data potentially containing sensitive information from kernel stack memory if the configuration lacks CONFIG_INIT_STACK_ALL aka CID-b9258a2cece4. | 2020-04-02T00:00:00.000Z | 2020-08-18T00:00:00.000Z |
| msrc_cve-2020-11501 | GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 (2018-07-16) because of an error in a 2017-10-06 commit. The DTLS client always uses 32 '\0' bytes instead of a random value and thus contributes no randomness to a DTLS negotiation. This breaks the security guarantees of the DTLS protocol. | 2020-04-02T00:00:00.000Z | 2020-09-09T00:00:00.000Z |
| msrc_cve-2020-11565 | An issue was discovered in the Linux kernel through 5.6.2. mpol_parse_str in mm/mempolicy.c has a stack-based out-of-bounds write because an empty nodelist is mishandled during mount option parsing aka CID-aa9f7d5172fa. NOTE: Someone in the security community disagrees that this is a vulnerability because the issue “is a bug in parsing mount options which can only be specified by a privileged user so triggering the bug does not grant any powers not already held.” | 2020-04-02T00:00:00.000Z | 2020-08-18T00:00:00.000Z |
| msrc_cve-2020-11608 | An issue was discovered in the Linux kernel before 5.6.1. drivers/media/usb/gspca/ov519.c allows NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs when there are zero endpoints aka CID-998912346c0d. | 2020-04-02T00:00:00.000Z | 2020-09-25T00:00:00.000Z |
| msrc_cve-2020-11609 | An issue was discovered in the stv06xx subsystem in the Linux kernel before 5.6.1. drivers/media/usb/gspca/stv06xx/stv06xx.c and drivers/media/usb/gspca/stv06xx/stv06xx_pb0100.c mishandle invalid descriptors as demonstrated by a NULL pointer dereference aka CID-485b06aadb93. | 2020-04-02T00:00:00.000Z | 2020-09-25T00:00:00.000Z |
| msrc_cve-2020-11655 | SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled. | 2020-04-02T00:00:00.000Z | 2024-06-30T07:00:00.000Z |
| msrc_cve-2020-11656 | In SQLite through 3.31.1 the ALTER TABLE implementation has a use-after-free as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement. | 2020-04-02T00:00:00.000Z | 2024-06-30T07:00:00.000Z |
| msrc_cve-2020-11668 | In the Linux kernel before 5.6.1 drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) mishandles invalid descriptors aka CID-a246b4d54770. | 2020-04-02T00:00:00.000Z | 2020-09-25T00:00:00.000Z |
| msrc_cve-2020-11725 | snd_ctl_elem_add in sound/core/control.c in the Linux kernel through 5.6.3 has a count=info->owner line which later affects a private_size*count multiplication for unspecified "interesting side effects." NOTE: kernel engineers dispute this finding because it could be relevant only if new callers were added that were unfamiliar with the misuse of the info->owner field to represent data unrelated to the "owner" concept. The existing callers SNDRV_CTL_IOCTL_ELEM_ADD and SNDRV_CTL_IOCTL_ELEM_REPLACE have been designed to misuse the info->owner field in a safe way | 2020-04-02T00:00:00.000Z | 2020-08-18T00:00:00.000Z |
| msrc_cve-2020-11869 | An integer overflow was found in QEMU 4.0.1 through 4.2.0 in the way it implemented ATI VGA emulation. This flaw occurs in the ati_2d_blt() routine in hw/display/ati-2d.c while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could abuse this flaw to crash the QEMU process resulting in a denial of service. | 2020-04-02T00:00:00.000Z | 2020-08-18T00:00:00.000Z |
| msrc_cve-2020-11884 | In the Linux kernel 4.19 through 5.6.7 on the s390 platform code execution may occur because of a race condition as demonstrated by code in enable_sacf_uaccess in arch/s390/lib/uaccess.c that fails to protect against a concurrent page table upgrade aka CID-3f777e19d171. A crash could also occur. | 2020-04-02T00:00:00.000Z | 2020-11-10T00:00:00.000Z |
| msrc_cve-2020-12464 | usb_sg_cancel in drivers/usb/core/message.c in the Linux kernel before 5.6.8 has a use-after-free because a transfer occurs without a reference aka CID-056ad39ee925. | 2020-04-02T00:00:00.000Z | 2020-09-25T00:00:00.000Z |
| msrc_cve-2020-12465 | An array overflow was discovered in mt76_add_fragment in drivers/net/wireless/mediatek/mt76/dma.c in the Linux kernel before 5.5.10 aka CID-b102f0c522cf. An oversized packet with too many rx fragments can corrupt memory of adjacent pages. | 2020-04-02T00:00:00.000Z | 2020-09-25T00:00:00.000Z |
| msrc_cve-2020-1751 | An out-of-bounds write vulnerability was found in glibc before 2.31 when handling signal trampolines on PowerPC. Specifically the backtrace function did not properly check the array bounds when storing the frame address resulting in a denial of service or potential code execution. The highest threat from this vulnerability is to system availability. | 2020-04-02T00:00:00.000Z | 2020-09-25T00:00:00.000Z |
| msrc_cve-2020-1752 | A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion was carried out. Directory paths containing an initial tilde followed by a valid username were affected by this issue. A local attacker could exploit this flaw by creating a specially crafted path that when processed by the glob function would potentially lead to arbitrary code execution. This was fixed in version 2.32. | 2020-04-02T00:00:00.000Z | 2020-08-18T00:00:00.000Z |
| msrc_cve-2020-6096 | An exploitable signed comparison vulnerability exists in the ARMv7 memcpy() implementation of GNU glibc 2.30.9000. Calling memcpy() (on ARMv7 targets that utilize the GNU glibc implementation) with a negative value for the 'num' parameter results in a signed comparison vulnerability. If an attacker underflows the 'num' parameter to memcpy() this vulnerability could lead to undefined behavior such as writing to out-of-bounds memory and potentially remote code execution. Furthermore this memcpy() implementation allows for program execution to continue in scenarios where a segmentation fault or crash should have occurred. The dangers occur in that subsequent execution and iterations of this code will be executed with this corrupted data. | 2020-04-02T00:00:00.000Z | 2020-09-25T00:00:00.000Z |
| msrc_cve-2018-20225 | An issue was discovered in pip (all versions) because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not already exist in the public index (and thus the attacker can put the package there with an arbitrary version number). NOTE: it has been reported that this is intended functionality and the user is responsible for using --extra-index-url securely | 2020-05-02T00:00:00.000Z | 2025-10-01T23:11:01.000Z |
| msrc_cve-2019-20794 | An issue was discovered in the Linux kernel 4.18 through 5.6.11 when unprivileged user namespaces are allowed. A user can create their own PID namespace and mount a FUSE filesystem. Upon interaction with this FUSE filesystem if the userspace component is terminated via a kill of the PID namespace's pid 1 it will result in a hung task and resources being permanently locked up until system reboot. This can result in resource exhaustion. | 2020-05-02T00:00:00.000Z | 2020-09-25T00:00:00.000Z |
| msrc_cve-2019-20807 | In Vim before 8.1.0881 users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g. Python Ruby or Lua). | 2020-05-02T00:00:00.000Z | 2020-09-25T00:00:00.000Z |
| msrc_cve-2020-10690 | There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device file (like /dev/ptpX) and voluntarily goes to sleep. During this time if the underlying device is removed it can cause an exploitable condition as the process wakes up to terminate and clean all attached files. The system crashes due to the cdev structure being invalid (as already freed) which is pointed to by the inode. | 2020-05-02T00:00:00.000Z | 2020-09-25T00:00:00.000Z |
| msrc_cve-2020-10711 | A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine. While processing the CIPSO restricted bitmap tag in the 'cipso_v4_parsetag_rbm' routine it sets the security attribute to indicate that the category bitmap is present even if it has not been allocated. This issue leads to a NULL pointer dereference issue while importing the same category bitmap into SELinux. This flaw allows a remote network user to crash the system kernel resulting in a denial of service. | 2020-05-02T00:00:00.000Z | 2020-09-25T00:00:00.000Z |
| msrc_cve-2020-10722 | A vulnerability was found in DPDK versions 18.05 and above. A missing check for an integer overflow in vhost_user_set_log_base() could result in a smaller memory map than requested, possibly allowing memory corruption. | 2020-05-02T00:00:00.000Z | 2025-09-03T20:43:23.000Z |
| msrc_cve-2020-10723 | A memory corruption issue was found in DPDK versions 17.05 and above | 2020-05-02T00:00:00.000Z | 2025-09-03T22:10:21.000Z |
| msrc_cve-2020-10724 | A vulnerability was found in DPDK versions 18.11 and above | 2020-05-02T00:00:00.000Z | 2025-09-03T21:55:35.000Z |
| msrc_cve-2020-10744 | An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansible: insecure temporary directory when running become_user from become directive. The provided fix is insufficient to prevent the race condition on systems using ACLs and FUSE filesystems. Ansible Engine 2.7.18 2.8.12 and 2.9.9 as well as previous versions are affected and Ansible Tower 3.4.5 3.5.6 and 3.6.4 as well as previous versions are affected. | 2020-05-02T00:00:00.000Z | 2020-08-18T00:00:00.000Z |
| msrc_cve-2020-10933 | An issue was discovered in Ruby 2.5.x through 2.5.7 2.6.x through 2.6.5 and 2.7.0. If a victim calls BasicSocket#read_nonblock(requested_size buffer exception: false) the method resizes the buffer to fit the requested size but no data is copied. Thus the buffer string provides the previous value of the heap. This may expose possibly sensitive data from the interpreter. | 2020-05-02T00:00:00.000Z | 2020-09-25T00:00:00.000Z |
| msrc_cve-2020-12653 | An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv() function in drivers/net/wireless/marvell/mwifiex/scan.c allows local users to gain privileges or cause a denial of service because of an incorrect memcpy and buffer overflow aka CID-b70261a288ea. | 2020-05-02T00:00:00.000Z | 2020-09-25T00:00:00.000Z |
| msrc_cve-2020-12654 | An issue was found in Linux kernel before 5.5.4. mwifiex_ret_wmm_get_status() in drivers/net/wireless/marvell/mwifiex/wmm.c allows a remote AP to trigger a heap-based buffer overflow because of an incorrect memcpy aka CID-3a9b153c5591. | 2020-05-02T00:00:00.000Z | 2020-09-25T00:00:00.000Z |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| jvndb-2010-000008 | Compiere vulnerable to cross-site scripting | 2010-04-02T17:32+09:00 | 2010-04-02T17:32+09:00 |
| jvndb-2010-000009 | Compiere vulnerable to cross-site scripting | 2010-04-02T17:32+09:00 | 2010-04-02T17:32+09:00 |
| jvndb-2010-000010 | HL-SiteManager vulnerable to SQL injection | 2010-04-02T17:33+09:00 | 2010-04-02T17:33+09:00 |
| jvndb-2010-000011 | Internet Explorer information disclosure vulnerability | 2010-04-08T17:47+09:00 | 2010-04-08T17:47+09:00 |
| jvndb-2010-000012 | MODx vulnerable to SQL injection | 2010-04-08T17:47+09:00 | 2010-04-08T17:47+09:00 |
| jvndb-2010-000013 | MODx vulnerable to cross-site scripting | 2010-04-08T17:47+09:00 | 2010-04-08T17:47+09:00 |
| jvndb-2010-000014 | Cisco Router and Security Device Manager vulnerable to cross-site scripting | 2010-04-08T17:47+09:00 | 2010-04-08T17:47+09:00 |
| jvndb-2010-001204 | Accela BizSearch Access Control Bypass Vulnerability | 2010-04-09T16:36+09:00 | 2010-04-09T16:36+09:00 |
| jvndb-2010-000015 | Ichitaro series vulnerable to arbitrary code execution | 2010-04-12T17:17+09:00 | 2010-04-12T17:17+09:00 |
| jvndb-2010-000016 | Multiple Cybozu products vulnerable to authentication bypass | 2010-04-21T17:27+09:00 | 2010-04-21T17:27+09:00 |
| jvndb-2010-000017 | Movable Type vulnerable to cross-site scripting | 2010-05-12T15:25+09:00 | 2010-05-12T15:25+09:00 |
| jvndb-2010-000018 | Interstage Application Server vulnerable in request processing | 2010-05-17T16:42+09:00 | 2010-05-17T16:42+09:00 |
| jvndb-2010-000019 | WebSAM DeploymentManager vulnerable to denial of service | 2010-05-17T16:42+09:00 | 2010-05-17T16:42+09:00 |
| jvndb-2010-000020 | CapsSuite Small Edition PatchMeister vulnerable to denial of service | 2010-05-17T16:43+09:00 | 2010-05-17T16:43+09:00 |
| jvndb-2010-001395 | Several EUR Form/EUR Products Arbitrary Code Execution Vulnerability | 2010-05-18T11:33+09:00 | 2010-05-18T11:33+09:00 |
| jvndb-2010-001427 | XMAP3 Arbitrary Code Execution Vulnerability | 2010-05-18T11:34+09:00 | 2010-05-18T11:34+09:00 |
| jvndb-2010-000024 | Ichitaro series vulnerable to arbitrary code execution | 2010-06-01T17:37+09:00 | 2010-06-01T17:37+09:00 |
| jvndb-2010-000021 | e-Pares vulnerable to cross-site scripting | 2010-06-03T11:29+09:00 | 2010-06-03T11:29+09:00 |
| jvndb-2010-000022 | e-Pares vulnerable to cross-site request forgery | 2010-06-03T11:29+09:00 | 2010-06-03T11:29+09:00 |
| jvndb-2010-000023 | e-Pares vulnerable to session fixation | 2010-06-03T11:29+09:00 | 2010-06-03T11:29+09:00 |
| jvndb-2010-001494 | Arbitrary Code Execution Vulnerability in CA ARCserve Backup and BrightStor ARCserve Backup | 2010-06-08T14:03+09:00 | 2010-06-08T14:03+09:00 |
| jvndb-2010-001495 | Stack-Based Buffer Overflow Vulnerability in Collaboration Common Utility | 2010-06-08T14:03+09:00 | 2010-06-08T14:03+09:00 |
| jvndb-2010-000025 | Multiple vulnerabilities in ActiveGeckoBrowser | 2010-06-17T19:50+09:00 | 2010-06-17T19:50+09:00 |
| jvndb-2010-001518 | TP1/Message Control Denial of Service (DoS) Vulnerability | 2010-06-22T11:23+09:00 | 2010-06-22T11:23+09:00 |
| jvndb-2010-001519 | Improper Authentication Vulnerability in Handling of Revoked Certificate in Hitachi Web Server SSL Client Authentication | 2010-06-22T11:23+09:00 | 2010-06-22T11:23+09:00 |
| jvndb-2010-001520 | Groupmax World Wide Web Desktop Cross-Site Scripting Vulnerability | 2010-06-22T11:23+09:00 | 2010-06-22T11:23+09:00 |
| jvndb-2010-001534 | Cross-Site Scripting Vulnerability in Interstage Portalworks and Interstage Interaction Manager Portal Function | 2010-06-22T11:24+09:00 | 2010-06-22T11:24+09:00 |
| jvndb-2010-000026 | Explzh buffer overflow vulnerability | 2010-06-22T16:37+09:00 | 2010-06-22T16:37+09:00 |
| jvndb-2010-001545 | Forced Shutdown or Restart with JP1/ServerConductor/Deployment Manager | 2010-06-29T15:35+09:00 | 2010-06-29T15:35+09:00 |
| jvndb-2010-001719 | Internet Navigware Server Information Disclosure Vulnerability | 2010-07-28T18:14+09:00 | 2010-07-28T18:14+09:00 |
| ID | Description | Updated |
|---|