Recent vulnerabilities
| ID | Description | Published | Updated |
|---|---|---|---|
| ghsa-hhcx-w758-8p3p | The content security policy (CSP) "sandbox" directive did not create a unique origin for the docume… | 2022-05-14T03:08:37Z | 2025-11-25T18:32:10Z |
| ghsa-27h4-qjq2-62v3 | A use-after-free vulnerability can occur during WebRTC connections when interacting with the DTMF t… | 2022-05-14T03:08:38Z | 2025-11-25T18:32:11Z |
| ghsa-2f4j-64mc-h8m2 | The Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization… | 2022-05-14T03:08:38Z | 2025-11-25T18:32:09Z |
| ghsa-3rhj-p6qq-r5mv | A buffer overflow occurs when drawing and validating elements using Direct 3D 9 with the ANGLE grap… | 2022-05-14T03:08:38Z | 2025-11-25T18:32:11Z |
| ghsa-4v77-6pxw-9whf | A mechanism to bypass file system access protections in the sandbox to use the file picker to acces… | 2022-05-14T03:08:38Z | 2025-11-25T18:32:08Z |
| ghsa-56mj-fm7c-959m | A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window … | 2022-05-14T03:08:38Z | 2025-11-25T18:32:09Z |
| ghsa-9m9q-2r2h-7j8v | A use-after-free vulnerability can occur when manipulating arrays of Accessible Rich Internet Appli… | 2022-05-14T03:08:38Z | 2025-11-25T18:32:10Z |
| ghsa-crj5-jxxg-27p8 | A use-after-free vulnerability can occur in design mode when image objects are resized if objects r… | 2022-05-14T03:08:38Z | 2025-11-25T18:32:10Z |
| ghsa-gvp7-j4mc-vqc9 | A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used… | 2022-05-14T03:08:38Z | 2025-11-25T18:32:10Z |
| ghsa-hx2v-35mh-6pxc | If a page is loaded from an original site through a hyperlink and contains a redirect to a "data:te… | 2022-05-14T03:08:38Z | 2025-11-25T18:32:07Z |
| ghsa-jhx9-2v44-3f39 | The Pocket toolbar button, once activated, listens for events fired from it's own pages but does no… | 2022-05-14T03:08:38Z | 2025-11-25T18:32:06Z |
| ghsa-jqh9-5c52-gwx9 | A possibly exploitable crash triggered during layout and manipulation of bidirectional unicode text… | 2022-05-14T03:08:38Z | 2025-11-25T18:32:08Z |
| ghsa-vvjr-2r7m-cm7q | A mechanism to spoof the addressbar through the user interaction on the addressbar and the "onblur"… | 2022-05-14T03:08:38Z | 2025-11-25T18:32:08Z |
| ghsa-4x26-g6p5-4wpg | Memory safety bugs were reported in Firefox 52, Firefox ESR 52, and Thunderbird 52. Some of these b… | 2022-05-14T03:08:42Z | 2025-11-25T18:32:08Z |
| ghsa-2f28-6595-fhpf | A potentially exploitable crash in "EnumerateSubDocuments" while adding or removing sub-documents. … | 2022-05-14T03:09:02Z | 2025-11-25T18:32:07Z |
| ghsa-cmgc-v5fc-wx68 | A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulne… | 2022-05-14T03:09:02Z | 2025-10-22T00:31:36Z |
| ghsa-wwm5-654g-jj42 | An existing mitigation of timing side-channel attacks is insufficient in some circumstances. This i… | 2022-05-14T03:09:03Z | 2025-11-25T18:32:04Z |
| ghsa-x8jx-j549-3mc7 | A use-after-free vulnerability can occur in the compositor during certain graphics operations when … | 2022-05-14T03:09:04Z | 2025-11-25T18:32:13Z |
| ghsa-3x73-p8v6-p37w | A use-after-free and use-after-scope vulnerability when logging errors from headers for XML HTTP Re… | 2022-05-14T03:09:08Z | 2025-11-25T18:32:08Z |
| ghsa-3p4h-hgf4-rvgh | The Firefox installer on Windows can be made to load malicious DLL files stored in the same directo… | 2022-05-14T03:09:09Z | 2025-11-25T18:32:08Z |
| ghsa-48r8-78r7-q4f3 | A use-after-free vulnerability in IndexedDB when one of its objects is destroyed in memory while a … | 2022-05-14T03:09:09Z | 2025-11-25T18:32:08Z |
| ghsa-22wm-h2wq-6vm3 | A use-after-free vulnerability can occur while editing events in form elements on a page, resulting… | 2022-05-14T03:09:40Z | 2025-11-25T18:32:11Z |
| ghsa-9m53-4c27-h8f5 | A use-after-free can occur when events are fired for a "FontFace" object after the object has been … | 2022-05-14T03:09:40Z | 2025-11-25T18:32:07Z |
| ghsa-qhch-r8x3-jvqq | A crash triggerable by web content in which an "ErrorResult" references unassigned memory due to a … | 2022-05-14T03:09:40Z | 2025-11-25T18:32:07Z |
| ghsa-rcwj-h3fp-5w66 | Memory corruption resulting in a potentially exploitable crash during garbage collection of JavaScr… | 2022-05-14T03:09:40Z | 2025-11-25T18:32:07Z |
| ghsa-vv4c-g69x-3f3f | JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protectio… | 2022-05-14T03:09:40Z | 2025-11-25T18:32:07Z |
| ghsa-whvc-wc3m-jcv5 | Video files loaded video captions cross-origin without checking for the presence of CORS headers pe… | 2022-05-14T03:09:40Z | 2025-11-25T18:32:07Z |
| ghsa-2m8q-984r-f6q8 | A use-after-free error can occur when manipulating ranges in selections with one node inside a nati… | 2022-05-14T03:09:41Z | 2025-11-25T18:32:07Z |
| ghsa-3mv8-qr3m-89rv | Several fonts on OS X display some Tibetan and Arabic characters as whitespace. When used in the ad… | 2022-05-14T03:10:11Z | 2025-11-25T18:32:10Z |
| ghsa-ggg7-2mjh-7h65 | The destructor function for the "WindowsDllDetourPatcher" class can be re-purposed by malicious cod… | 2022-05-14T03:10:11Z | 2025-11-25T18:32:09Z |
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| cve-2019-4716 | IBM Planning Analytics 2.0.0 through 2.0.8 is vul… |
IBM |
Planning Analytics |
2019-12-18T16:15:16.452Z | 2025-10-21T23:35:55.984Z | |
| cve-2019-7287 | N/A | A memory corruption issue was addressed with impr… |
Apple |
iOS |
2019-12-18T17:33:15.000Z | 2025-10-21T23:35:55.813Z |
| cve-2019-7286 | N/A | A memory corruption issue was addressed with impr… |
Apple |
iOS |
2019-12-18T17:33:16.000Z | 2025-10-21T23:35:55.589Z |
| cve-2019-8506 | N/A | A type confusion issue was addressed with improve… |
Apple |
iOS |
2019-12-18T17:33:16.000Z | 2025-10-21T23:35:55.429Z |
| cve-2019-8526 | N/A | A use after free issue was addressed with improve… |
Apple |
macOS |
2019-12-18T17:33:16.000Z | 2025-10-21T23:35:55.289Z |
| cve-2019-8605 | N/A | A use after free issue was addressed with improve… |
Apple |
iOS |
2019-12-18T17:33:18.000Z | 2025-10-21T23:35:55.110Z |
| cve-2019-1387 | N/A | An issue was found in Git before v2.24.1, v2.23.1… |
Microsoft Corporation |
Git |
2019-12-18T20:11:53.000Z | 2025-11-04T16:09:13.231Z |
| cve-2019-7483 | N/A | In SonicWall SMA100, an unauthenticated Directory… |
SonicWall |
SMA100 |
2019-12-19T00:35:43.000Z | 2025-10-21T23:35:54.935Z |
| cve-2019-19956 | N/A | xmlParseBalancedChunkMemoryRecover in parser.c in… |
n/a |
n/a |
2019-12-24T15:12:57.000Z | 2025-12-03T18:29:29.480Z |
| cve-2019-10758 | N/A | mongo-express before 0.54.0 is vulnerable to Remo… |
n/a |
mongo-express |
2019-12-24T21:08:36.000Z | 2025-10-21T23:35:54.793Z |
| cve-2019-19781 | N/A | An issue was discovered in Citrix Application Del… |
n/a |
n/a |
2019-12-27T13:06:46.000Z | 2025-10-21T23:35:54.648Z |
| cve-2019-20085 | N/A | TVT NVMS-1000 devices allow GET /.. Directory Traversal |
n/a |
n/a |
2019-12-30T02:28:29.000Z | 2025-10-21T23:35:54.497Z |
| cve-2019-17621 | N/A | The UPnP endpoint URL /gena.cgi in the D-Link DIR… |
n/a |
n/a |
2019-12-30T16:09:17.000Z | 2025-10-21T23:35:54.315Z |
| cve-2019-17558 | N/A | Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulner… |
n/a |
Apache Solr |
2019-12-30T16:36:08.000Z | 2025-10-21T23:35:54.150Z |
| cve-2020-5510 | N/A | PHPGurukul Hostel Management System v2.0 allows S… |
n/a |
n/a |
2020-01-08T17:32:49.000Z | 2025-11-11T18:20:39.843Z |
| cve-2020-0601 | N/A | A spoofing vulnerability exists in the way Window… |
Microsoft |
Windows |
2020-01-14T23:11:20.000Z | 2025-10-21T23:35:53.978Z |
| cve-2020-0638 | N/A | An elevation of privilege vulnerability exists in… |
Microsoft |
Windows |
2020-01-14T23:11:35.000Z | 2025-10-21T23:35:53.819Z |
| cve-2020-0646 | N/A | A remote code execution vulnerability exists when… |
Microsoft |
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 |
2020-01-14T23:11:38.000Z | 2025-10-21T23:35:53.664Z |
| cve-2020-2551 | Vulnerability in the Oracle WebLogic Server produ… |
Oracle Corporation |
WebLogic Server |
2020-01-15T16:34:00.000Z | 2025-10-21T23:35:53.506Z | |
| cve-2020-2555 | Vulnerability in the Oracle Coherence product of … |
Oracle Corporation |
WebCenter Portal |
2020-01-15T16:34:00.000Z | 2025-10-21T23:35:53.314Z | |
| cve-2019-18426 | N/A | A vulnerability in WhatsApp Desktop versions prio… |
Facebook |
WhatsApp Desktop |
2020-01-21T20:30:15.000Z | 2025-10-21T23:35:53.174Z |
| cve-2019-20388 | N/A | xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10… |
n/a |
n/a |
2020-01-21T22:53:50.000Z | 2025-12-17T21:50:14.836Z |
| cve-2020-7595 | N/A | xmlStringLenDecodeEntities in parser.c in libxml2… |
n/a |
n/a |
2020-01-21T22:54:14.000Z | 2025-12-03T15:50:13.875Z |
| cve-2020-7247 | N/A | smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6,… |
n/a |
n/a |
2020-01-29T15:53:18.000Z | 2025-10-21T23:35:53.008Z |
| cve-2020-8515 | N/A | DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Bet… |
n/a |
n/a |
2020-02-01T12:36:59.000Z | 2025-10-21T23:35:52.845Z |
| cve-2020-8597 | N/A | eap.c in pppd in ppp 2.4.2 through 2.4.8 has an r… |
n/a |
n/a |
2020-02-03T22:58:21.000Z | 2025-12-03T15:15:50.472Z |
| cve-2020-3118 | Cisco IOS XR Software Cisco Discovery Protocol Format … |
Cisco |
Cisco IOS XR Software |
2020-02-05T17:40:16.080Z | 2025-10-21T23:35:52.708Z | |
| cve-2020-8644 | N/A | PlaySMS before 1.4.3 does not sanitize inputs fro… |
n/a |
n/a |
2020-02-05T21:03:11.000Z | 2025-10-21T23:35:52.570Z |
| cve-2020-8657 | N/A | An issue was discovered in EyesOfNetwork 5.3. The… |
n/a |
n/a |
2020-02-06T17:48:08.000Z | 2025-10-21T23:35:52.410Z |
| cve-2020-8655 | N/A | An issue was discovered in EyesOfNetwork 5.3. The… |
n/a |
n/a |
2020-02-06T23:58:09.000Z | 2025-10-21T23:35:52.277Z |
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| cve-2017-7779 | N/A | Memory safety bugs were reported in Firefox 54, F… |
Mozilla |
Thunderbird |
2018-06-11T21:00:00 | 2024-08-05T16:12:28.265Z |
| cve-2017-7782 | N/A | An error in the "WindowsDllDetourPatcher" where a… |
Mozilla |
Thunderbird |
2018-06-11T21:00:00 | 2024-08-05T16:12:28.408Z |
| cve-2017-7785 | N/A | A buffer overflow can occur when manipulating Acc… |
Mozilla |
Thunderbird |
2018-06-11T21:00:00 | 2024-08-05T16:12:28.371Z |
| cve-2017-7791 | N/A | On pages containing an iframe, the "data:" protoc… |
Mozilla |
Thunderbird |
2018-06-11T21:00:00 | 2024-08-05T16:12:28.504Z |
| cve-2017-7792 | N/A | A buffer overflow will occur when viewing a certi… |
Mozilla |
Thunderbird |
2018-06-11T21:00:00 | 2024-08-05T16:12:28.356Z |
| cve-2017-7793 | N/A | A use-after-free vulnerability can occur in the F… |
Mozilla |
Firefox |
2018-06-11T21:00:00 | 2024-08-05T16:12:28.398Z |
| cve-2017-7798 | N/A | The Developer Tools feature suffers from a XUL in… |
Mozilla |
Firefox ESR |
2018-06-11T21:00:00 | 2024-08-05T16:12:28.384Z |
| cve-2017-7800 | N/A | A use-after-free vulnerability can occur in WebSo… |
Mozilla |
Thunderbird |
2018-06-11T21:00:00 | 2024-08-05T16:12:28.512Z |
| cve-2017-7801 | N/A | A use-after-free vulnerability can occur while re… |
Mozilla |
Thunderbird |
2018-06-11T21:00:00 | 2024-08-05T16:12:28.379Z |
| cve-2017-7802 | N/A | A use-after-free vulnerability can occur when man… |
Mozilla |
Thunderbird |
2018-06-11T21:00:00 | 2024-08-05T16:12:28.392Z |
| cve-2017-7803 | N/A | When a page's content security policy (CSP) heade… |
Mozilla |
Thunderbird |
2018-06-11T21:00:00 | 2024-08-05T16:12:28.433Z |
| cve-2017-7804 | N/A | The destructor function for the "WindowsDllDetour… |
Mozilla |
Thunderbird |
2018-06-11T21:00:00 | 2024-08-05T16:12:28.400Z |
| cve-2017-7807 | N/A | A mechanism that uses AppCache to hijack a URL in… |
Mozilla |
Thunderbird |
2018-06-11T21:00:00 | 2024-08-05T16:12:28.435Z |
| cve-2017-7809 | N/A | A use-after-free vulnerability can occur when an … |
n/a |
n/a |
2018-06-11T21:00:00 | 2024-08-05T16:12:28.364Z |
| cve-2017-7810 | N/A | Memory safety bugs were reported in Firefox 55 an… |
Mozilla |
Firefox |
2018-06-11T21:00:00 | 2024-08-05T16:12:28.494Z |
| cve-2017-7814 | N/A | File downloads encoded with "blob:" and "data:" U… |
Mozilla |
Firefox |
2018-06-11T21:00:00 | 2024-08-05T16:12:28.371Z |
| cve-2017-7818 | N/A | A use-after-free vulnerability can occur when man… |
Mozilla |
Firefox |
2018-06-11T21:00:00 | 2024-08-05T16:12:28.417Z |
| cve-2017-7819 | N/A | A use-after-free vulnerability can occur in desig… |
Mozilla |
Firefox |
2018-06-11T21:00:00 | 2024-08-05T16:12:28.511Z |
| cve-2017-7823 | N/A | The content security policy (CSP) "sandbox" direc… |
Mozilla |
Firefox |
2018-06-11T21:00:00 | 2024-08-05T16:12:28.434Z |
| cve-2017-7824 | N/A | A buffer overflow occurs when drawing and validat… |
Mozilla |
Firefox |
2018-06-11T21:00:00 | 2024-08-05T16:12:28.449Z |
| cve-2017-7825 | N/A | Several fonts on OS X display some Tibetan and Ar… |
Mozilla |
Firefox |
2018-06-11T21:00:00 | 2024-08-05T16:12:28.365Z |
| cve-2017-7826 | N/A | Memory safety bugs were reported in Firefox 56 an… |
Mozilla |
Firefox |
2018-06-11T21:00:00 | 2024-08-05T16:12:28.321Z |
| cve-2017-7828 | N/A | A use-after-free vulnerability can occur when flu… |
Mozilla |
Firefox |
2018-06-11T21:00:00 | 2024-08-05T16:19:27.680Z |
| cve-2017-7830 | N/A | The Resource Timing API incorrectly revealed navi… |
Mozilla |
Firefox |
2018-06-11T21:00:00 | 2024-08-05T16:19:27.734Z |
| cve-2017-7843 | N/A | When Private Browsing mode is used, it is possibl… |
Mozilla |
Firefox ESR |
2018-06-11T21:00:00 | 2024-08-05T16:19:28.564Z |
| cve-2017-7845 | N/A | A buffer overflow occurs when drawing and validat… |
Mozilla |
Thunderbird |
2018-06-11T21:00:00 | 2024-08-05T16:19:28.566Z |
| cve-2018-5089 | N/A | Memory safety bugs were reported in Firefox 57 an… |
Mozilla |
Thunderbird |
2018-06-11T21:00:00 | 2024-08-05T05:26:47.041Z |
| cve-2018-5091 | N/A | A use-after-free vulnerability can occur during W… |
Mozilla |
Firefox ESR |
2018-06-11T21:00:00 | 2024-08-05T05:26:46.599Z |
| cve-2018-5095 | N/A | An integer overflow vulnerability in the Skia lib… |
Mozilla |
Thunderbird |
2018-06-11T21:00:00 | 2024-08-05T05:26:46.649Z |
| cve-2018-5096 | N/A | A use-after-free vulnerability can occur while ed… |
Mozilla |
Firefox ESR |
2018-06-11T21:00:00 | 2024-08-05T05:26:46.688Z |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| mal-2024-12319 | Malicious code in openai-py3 (PyPI) | 2024-07-09T18:52:06Z | 2025-12-11T09:27:53Z |
| mal-0000-kam193-2384ead182322f38 | Malicious code in fasdghjkhjafsd (PyPI) | 2024-07-11T12:37:19Z | 2024-07-11T12:37:19Z |
| mal-0000-kam193-f6987c03f6e0e923 | Malicious code in fasdghjkhjafsd (PyPI) | 2024-07-11T12:37:19Z | 2024-07-11T12:37:19Z |
| mal-2024-12271 | Malicious code in fasdghjkhjafsd (PyPI) | 2024-07-11T12:37:19Z | 2025-12-11T09:27:53Z |
| mal-2024-7839 | Malicious code in testjsonn1 (PyPI) | 2024-07-21T01:02:37Z | 2025-12-11T09:27:54Z |
| mal-2024-7838 | Malicious code in testjson3 (PyPI) | 2024-07-21T01:25:45Z | 2025-12-11T09:27:54Z |
| mal-2024-7840 | Malicious code in testjsonn2 (PyPI) | 2024-07-21T01:28:21Z | 2025-12-11T09:27:54Z |
| mal-0000-kam193-0d75d52ae07c9c9e | Malicious code in testjsonn2 (PyPI) | 2024-07-21T11:39:54Z | 2024-07-21T11:39:54Z |
| mal-0000-kam193-23725a4f8bef9ce5 | Malicious code in testjson3 (PyPI) | 2024-07-21T11:39:54Z | 2024-07-21T11:39:54Z |
| mal-0000-kam193-23c1a7041a4424ef | Malicious code in gentorqkkh1 (PyPI) | 2024-07-21T11:39:54Z | 2024-07-21T11:39:54Z |
| mal-0000-kam193-4cce90d464a762cc | Malicious code in testjsonn1 (PyPI) | 2024-07-21T11:39:54Z | 2024-07-21T11:39:54Z |
| mal-0000-kam193-619c1c18a2867ae5 | Malicious code in gentorqkkh (PyPI) | 2024-07-21T11:39:54Z | 2024-07-21T11:39:54Z |
| mal-0000-kam193-783bce620b6d8288 | Malicious code in testjson3 (PyPI) | 2024-07-21T11:39:54Z | 2024-07-21T11:39:54Z |
| mal-0000-kam193-9ca822b55fdf080d | Malicious code in testjsonn2 (PyPI) | 2024-07-21T11:39:54Z | 2024-07-21T11:39:54Z |
| mal-0000-kam193-a3d98ba1080ae4e7 | Malicious code in gentorqkkh1 (PyPI) | 2024-07-21T11:39:54Z | 2024-07-21T11:39:54Z |
| mal-0000-kam193-d6d9d057c596541a | Malicious code in gentorqkkh (PyPI) | 2024-07-21T11:39:54Z | 2024-07-21T11:39:54Z |
| mal-0000-kam193-d8b57f71eadeb645 | Malicious code in testjsonn1 (PyPI) | 2024-07-21T11:39:54Z | 2024-07-21T11:39:54Z |
| mal-2024-10030 | Malicious code in gentorqkkh (PyPI) | 2024-07-21T11:39:54Z | 2025-12-11T09:27:53Z |
| mal-2024-10031 | Malicious code in gentorqkkh1 (PyPI) | 2024-07-21T11:39:54Z | 2025-12-11T09:27:53Z |
| mal-0000-kam193-0d894aaf391a92c4 | Pentesting or research code in asptcer (PyPI) | 2024-07-21T17:46:21Z | 2024-07-21T17:46:21Z |
| mal-0000-kam193-177fad5db442840c | Pentesting or research code in hexteamibm (PyPI) | 2024-07-21T17:46:21Z | 2024-07-21T17:46:21Z |
| mal-0000-kam193-7e39a6455fe7cac6 | Pentesting or research code in hexteamibm (PyPI) | 2024-07-21T17:46:21Z | 2024-07-21T17:46:21Z |
| mal-0000-kam193-f6112b61a7030419 | Pentesting or research code in asptcer (PyPI) | 2024-07-21T17:46:21Z | 2024-07-21T17:46:21Z |
| mal-2024-12207 | Malicious code in asptcer (PyPI) | 2024-07-21T17:46:21Z | 2025-12-11T09:27:52Z |
| mal-2024-12285 | Malicious code in hexteamibm (PyPI) | 2024-07-21T17:46:21Z | 2025-12-11T09:27:53Z |
| mal-2024-7783 | Malicious code in chromestatus-openapi (npm) | 2024-07-22T12:58:52Z | 2025-10-30T06:50:51Z |
| mal-0000-kam193-1918134ca56ca1e6 | Pentesting or research code in popeye-xyz (PyPI) | 2024-07-22T20:38:38Z | 2024-07-22T20:38:38Z |
| mal-0000-kam193-583bf7b6e6437de0 | Pentesting or research code in popeye-xyz (PyPI) | 2024-07-22T20:38:38Z | 2024-07-22T20:38:38Z |
| mal-0000-kam193-92a9a2d167594b96 | Pentesting or research code in me-dheeraj-moye-moye (PyPI) | 2024-07-22T20:38:38Z | 2024-07-22T20:38:38Z |
| mal-0000-kam193-940ada25d3157d4f | Pentesting or research code in popeye-pip-v3 (PyPI) | 2024-07-22T20:38:38Z | 2024-07-22T20:38:38Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| rhsa-2005:517 | Red Hat Security Advisory: HelixPlayer security update | 2005-06-23T19:31:00+00:00 | 2025-11-21T17:29:14+00:00 |
| rhsa-2005:535 | Red Hat Security Advisory: sudo security update | 2005-06-29T15:54:00+00:00 | 2025-11-21T17:29:21+00:00 |
| rhsa-2005:569 | Red Hat Security Advisory: zlib security update | 2005-07-06T14:30:00+00:00 | 2025-11-21T17:29:18+00:00 |
| rhsa-2005:564 | Red Hat Security Advisory: php security update | 2005-07-07T19:56:00+00:00 | 2025-11-21T17:29:17+00:00 |
| rhsa-2005:575 | Red Hat Security Advisory: Adobe Acrobat Reader security update | 2005-07-08T19:40:00+00:00 | 2025-11-21T17:29:22+00:00 |
| rhsa-2005:562 | Red Hat Security Advisory: krb5 security update | 2005-07-12T18:12:00+00:00 | 2025-11-21T17:29:16+00:00 |
| rhsa-2005:567 | Red Hat Security Advisory: krb5 security update | 2005-07-12T18:15:00+00:00 | 2025-11-21T17:29:18+00:00 |
| rhsa-2005:571 | Red Hat Security Advisory: cups security update | 2005-07-14T17:48:00+00:00 | 2025-11-21T17:29:18+00:00 |
| rhsa-2005:586 | Red Hat Security Advisory: firefox security update | 2005-07-21T10:14:00+00:00 | 2025-11-21T17:29:21+00:00 |
| rhsa-2005:601 | Red Hat Security Advisory: thunderbird security update | 2005-07-21T17:42:00+00:00 | 2025-11-21T17:29:23+00:00 |
| rhsa-2005:584 | Red Hat Security Advisory: zlib security update | 2005-07-21T17:50:00+00:00 | 2025-11-21T17:29:21+00:00 |
| rhsa-2005:378 | Red Hat Security Advisory: cpio security update | 2005-07-21T18:12:00+00:00 | 2025-11-21T17:28:58+00:00 |
| rhsa-2005:639 | Red Hat Security Advisory: kdenetwork security update | 2005-07-22T01:26:00+00:00 | 2025-11-21T17:29:24+00:00 |
| rhsa-2005:587 | Red Hat Security Advisory: mozilla security update | 2005-07-22T10:41:00+00:00 | 2025-11-21T17:29:21+00:00 |
| rhsa-2005:582 | Red Hat Security Advisory: httpd security update | 2005-07-25T07:46:00+00:00 | 2025-11-21T17:29:19+00:00 |
| rhsa-2005:640 | Red Hat Security Advisory: fetchmail security update | 2005-07-25T07:50:00+00:00 | 2025-11-21T17:29:29+00:00 |
| rhsa-2005:603 | Red Hat Security Advisory: dhcpcd security update | 2005-07-27T15:11:00+00:00 | 2025-11-21T17:29:23+00:00 |
| rhsa-2005:612 | Red Hat Security Advisory: kdelibs security update | 2005-07-27T15:22:00+00:00 | 2025-11-21T17:29:24+00:00 |
| rhsa-2005:583 | Red Hat Security Advisory: dump security update | 2005-08-03T14:12:00+00:00 | 2025-11-21T17:29:21+00:00 |
| rhsa-2005:595 | Red Hat Security Advisory: squirrelmail security update | 2005-08-03T14:16:00+00:00 | 2025-11-21T17:29:23+00:00 |
| rhsa-2005:543 | Red Hat Security Advisory: ruby security update | 2005-08-05T13:31:00+00:00 | 2025-11-21T17:29:15+00:00 |
| rhsa-2005:706 | Red Hat Security Advisory: cups security update | 2005-08-09T15:54:00+00:00 | 2025-11-21T17:29:28+00:00 |
| rhsa-2005:598 | Red Hat Security Advisory: sysreport security update | 2005-08-09T16:02:00+00:00 | 2025-11-21T17:29:23+00:00 |
| rhsa-2005:720 | Red Hat Security Advisory: ucd-snmp security update | 2005-08-09T16:10:00+00:00 | 2025-11-21T17:29:29+00:00 |
| rhsa-2005:670 | Red Hat Security Advisory: xpdf security update | 2005-08-09T16:13:00+00:00 | 2025-11-21T17:29:26+00:00 |
| rhsa-2005:671 | Red Hat Security Advisory: kdegraphics security update | 2005-08-09T16:45:00+00:00 | 2025-11-21T17:29:26+00:00 |
| rhsa-2005:589 | Red Hat Security Advisory: gaim security update | 2005-08-10T03:48:00+00:00 | 2025-11-21T17:29:25+00:00 |
| rhsa-2005:687 | Red Hat Security Advisory: ethereal security update | 2005-08-10T17:28:00+00:00 | 2025-11-21T17:29:28+00:00 |
| rhsa-2005:708 | Red Hat Security Advisory: gpdf security update | 2005-08-10T17:38:00+00:00 | 2025-11-21T17:29:31+00:00 |
| rhsa-2005:750 | Red Hat Security Advisory: Adobe Acrobat Reader security update | 2005-08-16T20:01:00+00:00 | 2025-11-21T17:29:31+00:00 |
| ID | Description | Published | Updated |
|---|---|---|---|
| msrc_cve-2020-14331 | A flaw was found in the Linux kernel’s implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console calling an ioctl VT_RESIZE which causes an out-of-bounds write to occur. This flaw allows a local user with access to the VGA console to crash the system potentially escalating their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | 2020-09-02T00:00:00.000Z | 2020-09-25T00:00:00.000Z |
| msrc_cve-2020-14342 | It was found that cifs-utils' mount.cifs was invoking a shell when requesting the Samba password which could be used to inject arbitrary commands. An attacker able to invoke mount.cifs with special permission such as via sudo rules could use this flaw to escalate their privileges. | 2020-09-02T00:00:00.000Z | 2021-12-16T00:00:00.000Z |
| msrc_cve-2020-14376 | A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A lack of bounds checking when copying iv_data from the VM guest memory into host memory can lead to a large buffer overflow. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | 2020-09-02T00:00:00.000Z | 2025-09-03T22:40:46.000Z |
| msrc_cve-2020-14378 | An integer underflow in dpdk versions before 18.11.10 and before 19.11.5 in the `move_desc` function can lead to large amounts of CPU cycles being eaten up in a long running loop. An attacker could cause `move_desc` to get stuck in a 4,294,967,295-count iteration loop. Depending on how `vhost_crypto` is being used this could prevent other VMs or network tasks from being serviced by the busy DPDK lcore for an extended period. | 2020-09-02T00:00:00.000Z | 2025-09-03T20:28:35.000Z |
| msrc_cve-2020-14385 | A flaw was found in the Linux kernel before 5.9-rc4. A failure of the file system metadata validator in XFS can cause an inode with a valid user-creatable extended attribute to be flagged as corrupt. This can lead to the filesystem being shutdown or otherwise rendered inaccessible until it is remounted leading to a denial of service. The highest threat from this vulnerability is to system availability. | 2020-09-02T00:00:00.000Z | 2020-09-25T00:00:00.000Z |
| msrc_cve-2020-14386 | A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity. | 2020-09-02T00:00:00.000Z | 2020-09-25T00:00:00.000Z |
| msrc_cve-2020-14390 | A flaw was found in the Linux kernel in versions before 5.9-rc6. When changing screen size an out-of-bounds memory write can occur leading to memory corruption or a denial of service. Due to the nature of the flaw privilege escalation cannot be fully ruled out. | 2020-09-02T00:00:00.000Z | 2020-09-30T00:00:00.000Z |
| msrc_cve-2020-24553 | Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header. | 2020-09-02T00:00:00.000Z | 2024-09-11T00:00:00.000Z |
| msrc_cve-2020-24659 | An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing and then an invalid second handshake occurs. The crash happens in the application's error handling path where the gnutls_deinit function is called after detecting a handshake failure. | 2020-09-02T00:00:00.000Z | 2021-12-16T00:00:00.000Z |
| msrc_cve-2020-24977 | GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e. | 2020-09-02T00:00:00.000Z | 2020-09-11T00:00:00.000Z |
| msrc_cve-2020-24978 | In NASM 2.15.04rc3, there is a double-free vulnerability in pp_tokline asm/preproc.c. This is fixed in commit 8806c3ca007b84accac21dd88b900fb03614ceb7. | 2020-09-02T00:00:00.000Z | 2025-09-03T23:25:22.000Z |
| msrc_cve-2020-25211 | In the Linux kernel through 5.8.7 local attackers able to inject conntrack netlink configuration could overflow a local buffer causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c aka CID-1cc5ef91d2ff. | 2020-09-02T00:00:00.000Z | 2020-09-17T00:00:00.000Z |
| msrc_cve-2020-25212 | A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c aka CID-b4487b935452. | 2020-09-02T00:00:00.000Z | 2020-09-25T00:00:00.000Z |
| msrc_cve-2020-25219 | url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character. This leads to stack exhaustion. | 2020-09-02T00:00:00.000Z | 2021-12-16T00:00:00.000Z |
| msrc_cve-2020-25284 | The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices which could be leveraged by local attackers to map or unmap rbd block devices aka CID-f44d04e696fe. | 2020-09-02T00:00:00.000Z | 2020-09-25T00:00:00.000Z |
| msrc_cve-2020-25285 | A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory cause a NULL pointer dereference or possibly have unspecified other impact aka CID-17743798d812. | 2020-09-02T00:00:00.000Z | 2020-09-25T00:00:00.000Z |
| msrc_cve-2020-25576 | An issue was discovered in the rand_core crate before 0.4.2 for Rust. Casting of byte slices to integer slices mishandles alignment constraints. | 2020-09-02T00:00:00.000Z | 2024-09-11T00:00:00.000Z |
| msrc_cve-2020-25791 | An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation the array size is not checked when constructed with unit(). | 2020-09-02T00:00:00.000Z | 2020-09-25T00:00:00.000Z |
| msrc_cve-2020-25792 | An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation the array size is not checked when constructed with pair(). | 2020-09-02T00:00:00.000Z | 2020-09-25T00:00:00.000Z |
| msrc_cve-2020-25793 | An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation the array size is not checked when constructed with From<InlineArray<A T>>. | 2020-09-02T00:00:00.000Z | 2020-09-26T00:00:00.000Z |
| msrc_cve-2020-25794 | An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation clone can have a memory-safety issue upon a panic. | 2020-09-02T00:00:00.000Z | 2020-09-25T00:00:00.000Z |
| msrc_cve-2020-25795 | An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation insert_from can have a memory-safety issue upon a panic. | 2020-09-02T00:00:00.000Z | 2020-09-26T00:00:00.000Z |
| msrc_cve-2020-25796 | An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the InlineArray implementation an unaligned reference may be generated for a type that has a large alignment requirement. | 2020-09-02T00:00:00.000Z | 2020-09-26T00:00:00.000Z |
| msrc_cve-2020-26088 | A missing CAP_NET_RAW check in NFC socket creation in net/nfc/rawsock.c in the Linux kernel before 5.8.2 could be used by local attackers to create raw sockets bypassing security mechanisms aka CID-26896f01467a. | 2020-09-02T00:00:00.000Z | 2020-10-07T00:00:00.000Z |
| msrc_cve-2020-26116 | http.client in Python 3.x before 3.5.10 3.6.x before 3.6.12 3.7.x before 3.7.9 and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request. | 2020-09-02T00:00:00.000Z | 2020-11-10T00:00:00.000Z |
| msrc_cve-2020-26137 | urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116. | 2020-09-02T00:00:00.000Z | 2020-12-21T00:00:00.000Z |
| msrc_cve-2020-26154 | url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when PAC is enabled as demonstrated by a large PAC file that is delivered without a Content-length header. | 2020-09-02T00:00:00.000Z | 2022-01-19T00:00:00.000Z |
| msrc_cve-2020-26159 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Further investigation showed that it was not a security issue. Notes: none | 2020-09-02T00:00:00.000Z | 2025-10-01T23:11:05.000Z |
| msrc_cve-2020-26160 | jwt-go before 4.0.0-preview1 allows attackers to bypass intended access restrictions in situations with []string{} for m["aud"] (which is allowed by the specification). Because the type assertion fails "" is the value of aud. This is a security problem if the JWT token is presented to a service that lacks its own audience check. | 2020-09-02T00:00:00.000Z | 2024-09-11T00:00:00.000Z |
| msrc_cve-2020-11979 | As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process. | 2020-10-02T00:00:00.000Z | 2020-10-14T00:00:00.000Z |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| jvndb-2011-000082 | WEB FORUM vulnerable to cross-site scripting | 2011-10-11T19:28+09:00 | 2011-10-25T13:46+09:00 |
| jvndb-2011-000083 | Plume vulnerable to cross-site scripting | 2011-10-13T18:38+09:00 | 2011-10-13T18:38+09:00 |
| jvndb-2011-000084 | Pligg vulnerable to cross-site scripting | 2011-10-13T18:56+09:00 | 2011-10-13T18:56+09:00 |
| jvndb-2011-000085 | DAEMON Tools vulnerable to denial-of-service | 2011-10-13T18:58+09:00 | 2011-10-13T18:58+09:00 |
| jvndb-2011-000086 | DBD::mysqlPP vulnerable to SQL injection | 2011-10-14T17:50+09:00 | 2011-10-14T17:50+09:00 |
| jvndb-2011-000087 | EC-CUBE vulnerable to SQL injection | 2011-10-14T17:53+09:00 | 2011-10-14T17:53+09:00 |
| jvndb-2011-000088 | Safari for iOS vulnerable to cross-site scripting | 2011-10-17T18:56+09:00 | 2012-08-07T12:11+09:00 |
| jvndb-2011-000091 | FFFTP may insecurely load executable files | 2011-10-28T17:39+09:00 | 2011-10-28T17:39+09:00 |
| jvndb-2011-000092 | Multiple D-Link products vulnerable to buffer overflow | 2011-10-28T17:42+09:00 | 2011-10-28T17:42+09:00 |
| jvndb-2011-000089 | Touhou Hisouten vulnerable to denial-of-service | 2011-10-28T17:49+09:00 | 2011-10-28T17:49+09:00 |
| jvndb-2011-000093 | Multiple SKYARC System Co., Ltd. products fail to restrict access permissions | 2011-10-31T17:54+09:00 | 2011-11-08T17:38+09:00 |
| jvndb-2011-000094 | Multiple SKYARC System Co., Ltd. products vulnerable to cross-site request forgery | 2011-10-31T18:03+09:00 | 2011-11-08T17:38+09:00 |
| jvndb-2011-000095 | CSWorks LiveData Service vulnerable to denial-of-service (DoS) | 2011-11-01T16:05+09:00 | 2011-11-02T14:42+09:00 |
| jvndb-2011-000096 | Opengear console servers vulnerable to authentication bypass | 2011-11-04T17:34+09:00 | 2011-11-04T17:34+09:00 |
| jvndb-2011-000097 | WebObjects vulnerable to cross-site scripting | 2011-11-04T17:36+09:00 | 2011-11-04T17:36+09:00 |
| jvndb-2011-000098 | Iwate Portal Bar vulnerable to arbitrary script execution | 2011-11-08T18:25+09:00 | 2011-11-08T18:25+09:00 |
| jvndb-2011-000099 | ChaSen vulnerable to buffer overflow | 2011-11-08T18:31+09:00 | 2011-12-20T18:13+09:00 |
| jvndb-2011-000075 | Nikki vulnerable to directory traversal | 2011-11-21T18:22+09:00 | 2011-11-21T18:22+09:00 |
| jvndb-2011-000076 | Nikki vulnerable to OS command injection | 2011-11-21T18:23+09:00 | 2011-11-21T18:23+09:00 |
| jvndb-2011-000100 | PowerChute Business Edition vulnerable to cross-site scripting | 2011-12-06T16:49+09:00 | 2011-12-06T16:49+09:00 |
| jvndb-2011-000101 | Etomite vulnerable to cross-site scripting | 2011-12-06T17:45+09:00 | 2011-12-06T17:45+09:00 |
| jvndb-2011-000103 | phpWebSite vulnerable to cross-site scripting | 2011-12-08T17:15+09:00 | 2011-12-08T17:15+09:00 |
| jvndb-2011-000104 | FFFTP may insecurely load executable files | 2011-12-09T17:08+09:00 | 2011-12-09T17:08+09:00 |
| jvndb-2011-000102 | Multiple vulnerabilities in products that use the Preboot Execution Environment (PXE) SDK | 2011-12-15T16:26+09:00 | 2011-12-20T18:14+09:00 |
| jvndb-2011-000105 | Safari for iOS vulnerable to denial-of-service | 2011-12-15T16:30+09:00 | 2011-12-15T16:30+09:00 |
| jvndb-2011-000106 | Apache Struts vulnerable to cross-site scripting | 2011-12-22T18:08+09:00 | 2011-12-22T18:08+09:00 |
| jvndb-2011-000107 | PukiWiki Plus! vulnerable to cross-site scripting | 2011-12-22T18:16+09:00 | 2011-12-22T18:16+09:00 |
| jvndb-2011-000110 | WordPress Japanese vulnerable to cross-site scripting | 2011-12-26T14:26+09:00 | 2011-12-26T14:26+09:00 |
| jvndb-2011-000109 | WordPress vulnerable to arbitrary PHP code execution | 2011-12-26T14:28+09:00 | 2011-12-26T14:28+09:00 |
| jvndb-2011-000108 | Movable Type Plugin MailForm vulnerable to cross-site scripting | 2011-12-26T14:49+09:00 | 2011-12-26T14:49+09:00 |
| ID | Description | Updated |
|---|