Recent vulnerabilities
| ID | Description | Published | Updated |
|---|---|---|---|
| ghsa-xqqj-2hmg-wc6r | Microsoft Internet Explorer 9 through 11 allow remote attackers to execute arbitrary code or cause … | 2022-05-17T02:30:43Z | 2025-10-22T00:31:19Z |
| ghsa-cvfv-748g-qpfc | A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in … | 2022-05-17T02:35:09Z | 2025-10-22T00:31:21Z |
| ghsa-67j3-p5pq-jgr7 | Adobe Flash Player 18.x through 18.0.0.252 and 19.x through 19.0.0.207 on Windows and OS X and 11.x… | 2022-05-17T02:38:22Z | 2025-10-22T00:31:11Z |
| ghsa-6gc8-5v43-5g2x | SKYSEA Client View Ver.11.221.03 and earlier allows remote code execution via a flaw in processing … | 2022-05-17T02:40:58Z | 2025-10-22T00:31:23Z |
| ghsa-x6r5-p9fx-6346 | A command injection vulnerability was discovered on the Zyxel EMG2926 home router with firmware V1.… | 2022-05-17T02:50:37Z | 2025-10-22T00:31:19Z |
| ghsa-wm2p-97xq-7h48 | The SingleDocParser::HandleNode function in yaml-cpp (aka LibYaml-C++) 0.5.3 allows remote attacker… | 2022-05-17T02:50:58Z | 2025-11-04T00:30:29Z |
| ghsa-vwmm-77c8-pxrj | fastping.c in MRLG (aka Multi-Router Looking Glass) before 5.5.0 allows remote attackers to cause a… | 2022-05-17T02:51:55Z | 2025-10-22T00:31:19Z |
| ghsa-jvpx-9hv9-4qf6 | Format string vulnerability in Dropbear SSH before 2016.74 allows remote attackers to execute arbit… | 2022-05-17T02:56:50Z | 2025-11-04T18:30:33Z |
| ghsa-hjrc-qggq-2w49 | ping.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated use… | 2022-05-17T02:57:10Z | 2025-10-22T00:31:17Z |
| ghsa-8p63-f9jh-3gch | Integer overflow in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Win… | 2022-05-17T02:58:55Z | 2025-10-22T00:31:12Z |
| ghsa-rf44-cp45-ppcv | Integer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on… | 2022-05-17T03:02:18Z | 2025-10-22T00:31:12Z |
| ghsa-3792-ff84-674w | Use-after-free vulnerability in the ByteArray class in the ActionScript 3 (AS3) implementation in A… | 2022-05-17T03:03:30Z | 2025-11-17T21:31:17Z |
| ghsa-m362-frg6-j2v7 | Adobe Reader and Acrobat 10.x before 10.1.11 and 11.x before 11.0.08 on Windows allow attackers to … | 2022-05-17T03:07:03Z | 2025-11-21T18:30:27Z |
| ghsa-xpgm-72rm-72p4 | The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an inc… | 2022-05-17T03:07:37Z | 2025-10-22T03:30:33Z |
| ghsa-x629-5xff-w7qg | The D-Link DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote at… | 2022-05-17T03:11:58Z | 2025-10-22T03:30:42Z |
| ghsa-xg37-4cgv-wc3c | Integer overflow in the fb_mmap function in drivers/video/fbmem.c in the Linux kernel before 3.8.9,… | 2022-05-17T03:13:10Z | 2025-10-22T03:30:33Z |
| ghsa-fvjr-v348-9w2x | eWON devices with firmware before 10.1s0 do not have an off autocomplete attribute for a password f… | 2022-05-17T03:25:30Z | 2025-11-04T18:30:33Z |
| ghsa-43vr-5w6h-pr3g | Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, 6.3.0r13 before 6.3.0r13b, 6… | 2022-05-17T03:25:31Z | 2025-10-22T00:31:12Z |
| ghsa-fww7-75jj-wj62 | SolarWinds Virtualization Manager 6.3.1 and earlier allow local users to gain privileges by leverag… | 2022-05-17T03:28:58Z | 2025-10-22T00:31:16Z |
| ghsa-mrfm-jxgf-2h6v | Elasticsearch Improper Access Control vulnerability | 2022-05-17T03:28:58Z | 2025-10-22T19:34:14Z |
| ghsa-rcg3-4524-mq7j | Directory traversal vulnerability in Arcserve UDP before 5.0 Update 4 allows remote attackers to ob… | 2022-05-17T03:29:55Z | 2025-10-22T00:31:09Z |
| ghsa-xh64-jjg2-744m | Crypto++ (aka cryptopp) through 5.6.4 does not document the requirement for a compile-time NDEBUG d… | 2022-05-17T03:38:48Z | 2025-11-14T21:30:26Z |
| ghsa-pfgh-2mw6-962h | Buffer overflow in Cisco Adaptive Security Appliance (ASA) Software through 9.4.2.3 on ASA 5500, AS… | 2022-05-17T03:39:31Z | 2025-10-22T00:31:16Z |
| ghsa-cxx8-9qq9-rm4x | Cisco Adaptive Security Appliance (ASA) Software before 8.4(1) on ASA 5500, ASA 5500-X, PIX, and FW… | 2022-05-17T03:39:32Z | 2025-10-22T00:31:16Z |
| ghsa-rp9v-r63v-9vfg | The WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote… | 2022-05-17T03:41:20Z | 2025-10-22T00:31:15Z |
| ghsa-f3qh-p6vf-frvj | Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT com… | 2022-05-17T03:46:06Z | 2025-11-05T00:31:12Z |
| ghsa-jj96-ggr5-64rp | Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT com… | 2022-05-17T03:46:06Z | 2025-11-05T00:31:12Z |
| ghsa-h772-f5rg-qrvv | Buffer overflow in the mconvert function in softmagic.c in file before 5.19, as used in the Fileinf… | 2022-05-17T03:46:07Z | 2025-12-04T21:31:01Z |
| ghsa-vm23-73fg-gcq2 | The cdf_count_chain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP… | 2022-05-17T03:46:07Z | 2025-12-04T21:31:01Z |
| ghsa-gwwq-gpw7-qfjr | The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component … | 2022-05-17T03:46:12Z | 2025-12-04T21:31:01Z |
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| cve-2020-25223 | N/A | A remote code execution vulnerability exists in t… |
n/a |
n/a |
2020-09-25T00:00:00.000Z | 2025-10-21T23:35:36.271Z |
| cve-2020-8243 | N/A | A vulnerability in the Pulse Connect Secure < 9.1… |
n/a |
Pulse Connect Secre |
2020-09-29T13:44:31.000Z | 2025-10-21T23:35:36.130Z |
| cve-2020-25760 | N/A | Projectworlds Visitor Management System in PHP 1.… |
n/a |
n/a |
2020-09-29T19:00:10.000Z | 2025-11-11T16:57:59.747Z |
| cve-2020-25761 | N/A | Projectworlds Visitor Management System in PHP 1.… |
n/a |
n/a |
2020-09-29T19:06:00.000Z | 2025-11-11T16:54:20.353Z |
| cve-2020-26919 | NETGEAR JGS516PE devices before 2.6.0.43 are affe… |
n/a |
n/a |
2020-10-09T06:29:14.000Z | 2025-10-21T23:35:35.982Z | |
| cve-2020-5135 | N/A | A buffer overflow vulnerability in SonicOS allows… |
SonicWall |
SonicOS |
2020-10-12T10:40:28.000Z | 2025-10-21T23:35:35.728Z |
| cve-2020-9907 | N/A | A memory corruption issue was addressed by removi… |
Apple |
iOS |
2020-10-16T16:43:32.000Z | 2025-10-21T23:35:35.574Z |
| cve-2020-9934 | N/A | An issue existed in the handling of environment v… |
Apple |
iOS |
2020-10-16T16:51:05.000Z | 2025-10-21T23:35:35.426Z |
| cve-2020-3992 | N/A | OpenSLP as used in VMware ESXi (7.0 before ESXi_7… |
n/a |
VMware ESXi |
2020-10-20T16:11:13.000Z | 2025-10-21T23:35:35.278Z |
| cve-2020-14864 | Vulnerability in the Oracle Business Intelligence… |
Oracle Corporation |
Business Intelligence Enterprise Edition |
2020-10-21T14:04:29.000Z | 2025-10-21T23:35:35.107Z | |
| cve-2020-14871 | Vulnerability in the Oracle Solaris product of Or… |
Oracle Corporation |
Solaris Operating System |
2020-10-21T14:04:29.000Z | 2025-10-21T23:35:34.957Z | |
| cve-2020-14882 | Vulnerability in the Oracle WebLogic Server produ… |
Oracle Corporation |
WebLogic Server |
2020-10-21T14:04:30.000Z | 2025-10-21T23:35:34.807Z | |
| cve-2020-14883 | Vulnerability in the Oracle WebLogic Server produ… |
Oracle Corporation |
WebLogic Server |
2020-10-21T14:04:30.000Z | 2025-10-21T23:35:34.637Z | |
| cve-2020-3580 | Cisco Adaptive Security Appliance Software and Firepow… |
Cisco |
Cisco Adaptive Security Appliance (ASA) Software |
2020-10-21T18:40:26.821Z | 2025-10-21T23:35:34.486Z | |
| cve-2020-8260 | N/A | A vulnerability in the Pulse Connect Secure < 9.1… |
n/a |
Pulse Connect Secure / Pulse Policy Secure |
2020-10-28T12:47:13.000Z | 2025-10-21T23:35:34.332Z |
| cve-2018-19943 | If exploited, this cross-site scripting vulnerabi… |
QNAP Systems Inc. |
QTS |
2020-10-28T17:55:18.000Z | 2025-10-21T23:35:34.195Z | |
| cve-2018-19949 | N/A | If exploited, this command injection vulnerabilit… |
QNAP Systems Inc. |
QTS |
2020-10-28T17:55:18.000Z | 2025-10-21T23:35:34.057Z |
| cve-2018-19953 | N/A | If exploited, this cross-site scripting vulnerabi… |
QNAP Systems Inc. |
QTS |
2020-10-28T17:55:18.000Z | 2025-10-21T23:35:33.900Z |
| cve-2020-14750 | Vulnerability in the Oracle WebLogic Server produ… |
Oracle Corporation |
WebLogic Server |
2020-11-01T23:50:13.000Z | 2025-10-21T23:35:33.742Z | |
| cve-2020-15999 | N/A | Heap buffer overflow in Freetype in Google Chrome… |
Google |
Chrome |
2020-11-03T00:00:00.000Z | 2025-10-21T23:35:33.599Z |
| cve-2020-16009 | N/A | Inappropriate implementation in V8 in Google Chro… |
Google |
Chrome |
2020-11-03T02:21:47.000Z | 2025-10-21T23:35:33.440Z |
| cve-2020-16010 | N/A | Heap buffer overflow in UI in Google Chrome on An… |
Google |
Chrome |
2020-11-03T02:21:48.000Z | 2025-10-21T23:35:33.265Z |
| cve-2020-28196 | N/A | MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.… |
n/a |
n/a |
2020-11-06T07:07:38.000Z | 2025-12-03T18:15:34.180Z |
| cve-2020-16846 | N/A | An issue was discovered in SaltStack Salt through… |
n/a |
n/a |
2020-11-06T07:27:24.000Z | 2025-10-21T23:35:33.124Z |
| cve-2020-13927 | N/A | The previous default setting for Airflow's Experi… |
n/a |
Apache Airflow |
2020-11-10T00:00:00.000Z | 2025-10-21T23:35:32.975Z |
| cve-2020-17087 | 7.8 (v3.1) | Windows Kernel Local Elevation of Privilege Vulnerability |
Microsoft |
Windows 10 Version 1803 |
2020-11-11T06:48:33.000Z | 2025-10-21T23:35:32.826Z |
| cve-2020-12355 | N/A | Authentication bypass by capture-replay in RPMB p… |
n/a |
Intel(R) TXE |
2020-11-12T18:08:15.000Z | 2025-11-04T19:12:06.172Z |
| cve-2020-28949 | N/A | Archive_Tar through 1.4.10 has :// filename sanit… |
n/a |
n/a |
2020-11-19T18:14:18.000Z | 2025-10-21T23:35:32.687Z |
| cve-2020-13671 | N/A | Drupal core does not properly sanitize certain fi… |
Drupal |
Drupal Core |
2020-11-20T15:40:39.000Z | 2025-10-21T23:35:32.528Z |
| cve-2020-4006 | N/A | VMware Workspace One Access, Access Connector, Id… |
n/a |
VMware Workspace One Access (Access), VMware Workspace One Access Connector (Access Connector), VMware Identity Manager (vIDM), VMware Identity Manager Connector (vIDM Connector), VMware Cloud Foundation, vRealize Suite Lifecycle Manager |
2020-11-23T21:22:40.000Z | 2025-10-21T23:35:32.373Z |
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| cve-2019-3863 | A flaw was found in libssh2 before 1.8.1 creating… |
The libssh2 Project |
libssh2 |
2019-03-25T17:52:10.000Z | 2025-12-19T03:02:32.466Z | |
| cve-2019-3396 | N/A | The Widget Connector macro in Atlassian Confluenc… |
Atlassian |
Confluence Server |
2019-03-25T18:37:06.256Z | 2025-10-21T23:45:41.385Z |
| cve-2019-7609 | N/A | Kibana versions before 5.6.15 and 6.6.1 contain a… |
Elastic |
Kibana |
2019-03-25T00:00:00.000Z | 2025-10-21T23:45:41.577Z |
| cve-2014-5401 | 10 (v2.0) | Hospira MedNet Code Injection |
Hospira |
MedNet |
2019-03-26T16:21:54 | 2025-11-03T18:20:04.649Z |
| cve-2019-9053 | N/A | An issue was discovered in CMS Made Simple 2.2.8.… |
n/a |
n/a |
2019-03-26T16:15:38.000Z | 2025-11-17T19:19:52.125Z |
| cve-2019-10068 | N/A | An issue was discovered in Kentico 12.0.x before … |
n/a |
n/a |
2019-03-26T17:43:23.000Z | 2025-10-21T23:45:41.184Z |
| cve-2019-5418 | N/A | There is a File Content Disclosure vulnerability … |
Rails |
https://github.com/rails/rails |
2019-03-27T13:38:58.000Z | 2025-10-21T23:45:41.038Z |
| cve-2019-10648 | N/A | Robocode through 1.9.3.5 allows remote attackers … |
n/a |
n/a |
2019-03-30T12:53:57 | 2024-08-04T22:31:59.962Z |
| cve-2018-4344 | N/A | A memory corruption issue was addressed with impr… |
n/a |
iOS, macOS, tvOS, watchOS |
2019-04-03T17:43:15.000Z | 2025-10-21T23:45:40.920Z |
| cve-2019-11001 | N/A | On Reolink RLC-410W, C1 Pro, C2 Pro, RLC-422W, an… |
n/a |
n/a |
2019-04-08T17:00:21.000Z | 2025-10-21T23:45:40.747Z |
| cve-2019-0211 | N/A | In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.… |
Apache |
Apache HTTP Server |
2019-04-08T21:31:09.000Z | 2025-10-21T23:45:40.583Z |
| cve-2019-0703 | N/A | An information disclosure vulnerability exists in… |
Microsoft |
Windows |
2019-04-08T23:41:43.000Z | 2025-10-21T23:45:40.413Z |
| cve-2019-0797 | N/A | An elevation of privilege vulnerability exists in… |
Microsoft |
Windows Server |
2019-04-09T02:34:55.000Z | 2025-10-21T23:45:40.120Z |
| cve-2019-0808 | N/A | An elevation of privilege vulnerability exists in… |
Microsoft |
Windows |
2019-04-09T02:31:32.000Z | 2025-10-21T23:45:40.287Z |
| cve-2019-0752 | N/A | A remote code execution vulnerability exists in t… |
Microsoft |
Internet Explorer 11 |
2019-04-09T20:15:16.000Z | 2025-10-21T23:45:39.942Z |
| cve-2019-0803 | N/A | An elevation of privilege vulnerability exists in… |
Microsoft |
Windows |
2019-04-09T20:15:28.000Z | 2025-10-21T23:45:39.783Z |
| cve-2019-0841 | N/A | An elevation of privilege vulnerability exists wh… |
Microsoft |
Windows |
2019-04-09T20:18:32.000Z | 2025-10-21T23:45:39.637Z |
| cve-2019-0859 | N/A | An elevation of privilege vulnerability exists in… |
Microsoft |
Windows |
2019-04-09T20:19:48.000Z | 2025-10-21T23:45:39.450Z |
| cve-2018-19453 | N/A | Kentico CMS before 11.0.45 allows unrestricted up… |
n/a |
n/a |
2019-04-10T20:49:51 | 2024-08-05T11:37:11.415Z |
| cve-2019-3398 | N/A | Confluence Server and Data Center had a path trav… |
Atlassian |
Confluence |
2019-04-18T17:21:37.687Z | 2025-10-21T23:45:39.283Z |
| cve-2019-11359 | N/A | Cross-site scripting (XSS) vulnerability in displ… |
n/a |
n/a |
2019-04-19T23:59:25 | 2024-08-04T22:48:09.106Z |
| cve-2019-11428 | N/A | I, Librarian 4.10 has XSS via the export.php expo… |
n/a |
n/a |
2019-04-21T22:06:45 | 2024-08-04T22:55:39.979Z |
| cve-2019-11449 | N/A | I, Librarian 4.10 has XSS via the notes.php notes… |
n/a |
n/a |
2019-04-22T13:51:18 | 2024-08-04T22:55:40.239Z |
| cve-2019-2616 | N/A | Vulnerability in the BI Publisher (formerly XML P… |
Oracle Corporation |
BI Publisher (formerly XML Publisher) |
2019-04-23T18:16:41.000Z | 2025-10-21T23:45:39.141Z |
| cve-2019-11539 | In Pulse Secure Pulse Connect Secure version 9.0R… |
n/a |
n/a |
2019-04-26T01:39:36.000Z | 2025-10-21T23:45:38.985Z | |
| cve-2019-9788 | N/A | Mozilla developers and community members reported… |
Mozilla |
Thunderbird |
2019-04-26T16:13:22 | 2024-08-04T22:01:54.675Z |
| cve-2019-9790 | N/A | A use-after-free vulnerability can occur when a r… |
Mozilla |
Thunderbird |
2019-04-26T16:13:22 | 2024-08-04T22:01:54.687Z |
| cve-2019-9791 | N/A | The type inference system allows the compilation … |
Mozilla |
Thunderbird |
2019-04-26T16:13:22 | 2024-08-04T22:01:54.733Z |
| cve-2019-9792 | N/A | The IonMonkey just-in-time (JIT) compiler can lea… |
Mozilla |
Thunderbird |
2019-04-26T16:13:22 | 2024-08-04T22:01:54.735Z |
| cve-2019-9794 | N/A | A vulnerability was discovered where specific com… |
Mozilla |
Thunderbird |
2019-04-26T16:13:22 | 2024-08-04T22:01:54.921Z |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| mal-0000-kam193-42f5245aa3b149ad | Pentesting or research code in orion-algo-extrapol (PyPI) | 2024-07-26T16:53:30Z | 2024-07-26T16:53:30Z |
| mal-0000-kam193-437fc060336b54c2 | Pentesting or research code in googleapis-googleapis-grpc-python (PyPI) | 2024-07-26T16:53:30Z | 2024-07-26T16:53:30Z |
| mal-0000-kam193-43f698a82478f2ac | Pentesting or research code in manojmacpy (PyPI) | 2024-07-26T16:53:30Z | 2024-07-26T16:53:30Z |
| mal-0000-kam193-449654d42e6a1f72 | Pentesting or research code in wasi8787878 (PyPI) | 2024-07-26T16:53:30Z | 2024-07-26T16:53:30Z |
| mal-0000-kam193-45f6b806f9dbb3b3 | Pentesting or research code in cugraph-service-client (PyPI) | 2024-07-26T16:53:30Z | 2024-07-26T16:53:30Z |
| mal-0000-kam193-4670119a917f9bce | Pentesting or research code in python-drgn-commons-kafka (PyPI) | 2024-07-26T16:53:30Z | 2024-07-26T16:53:30Z |
| mal-0000-kam193-48a77041985c637b | Pentesting or research code in c8tsdk (PyPI) | 2024-07-26T16:53:30Z | 2024-07-26T16:53:30Z |
| mal-0000-kam193-4952c202b499114b | Pentesting or research code in c8tsdk (PyPI) | 2024-07-26T16:53:30Z | 2024-07-26T16:53:30Z |
| mal-0000-kam193-4a944a63a10d8227 | Pentesting or research code in vsc-accountpage-clients (PyPI) | 2024-07-26T16:53:30Z | 2024-07-26T16:53:30Z |
| mal-0000-kam193-4b2e94e5fff47d48 | Pentesting or research code in nifty-cli (PyPI) | 2024-07-26T16:53:30Z | 2024-07-26T16:53:30Z |
| mal-0000-kam193-4c1f4407cfafbdc3 | Pentesting or research code in 0x000testqwe (PyPI) | 2024-07-26T16:53:30Z | 2024-07-26T16:53:30Z |
| mal-0000-kam193-4cf1aa7242b79df0 | Pentesting or research code in multiutils (PyPI) | 2024-07-26T16:53:30Z | 2024-07-26T16:53:30Z |
| mal-0000-kam193-4d79c8c8b3a7abeb | Pentesting or research code in 0x000testqwe (PyPI) | 2024-07-26T16:53:30Z | 2024-07-26T16:53:30Z |
| mal-0000-kam193-4dc0b3ee3f40f75c | Pentesting or research code in s4transfer (PyPI) | 2024-07-26T16:53:30Z | 2024-07-26T16:53:30Z |
| mal-0000-kam193-4e260abb013bb582 | Pentesting or research code in sklearns (PyPI) | 2024-07-26T16:53:30Z | 2024-07-26T16:53:30Z |
| mal-0000-kam193-4f5e49ec135224db | Pentesting or research code in rtpoc1 (PyPI) | 2024-07-26T16:53:30Z | 2024-07-26T16:53:30Z |
| mal-0000-kam193-4f9b477575c93b3a | Pentesting or research code in test-test-asd-1 (PyPI) | 2024-07-26T16:53:30Z | 2024-07-26T16:53:30Z |
| mal-0000-kam193-536294c64017c165 | Pentesting or research code in route-search (PyPI) | 2024-07-26T16:53:30Z | 2024-07-26T16:53:30Z |
| mal-0000-kam193-53cae38df3fb11b7 | Pentesting or research code in saml-helper (PyPI) | 2024-07-26T16:53:30Z | 2024-07-26T16:53:30Z |
| mal-0000-kam193-551ca9f26ea50e61 | Pentesting or research code in myhexsender (PyPI) | 2024-07-26T16:53:30Z | 2024-07-26T16:53:30Z |
| mal-0000-kam193-55b40b067506b72f | Pentesting or research code in python-drgn-commons-metrics (PyPI) | 2024-07-26T16:53:30Z | 2024-07-26T16:53:30Z |
| mal-0000-kam193-55ea5b13a1064ea6 | Pentesting or research code in c8tks94kspjyhtb (PyPI) | 2024-07-26T16:53:30Z | 2024-07-26T16:53:30Z |
| mal-0000-kam193-5669bbd08960eb40 | Pentesting or research code in graphemer (PyPI) | 2024-07-26T16:53:30Z | 2024-07-26T16:53:30Z |
| mal-0000-kam193-56e2adbf4dfb0160 | Pentesting or research code in some-random-package-33 (PyPI) | 2024-07-26T16:53:30Z | 2024-07-26T16:53:30Z |
| mal-0000-kam193-56ebf0633819f860 | Pentesting or research code in chain00x (PyPI) | 2024-07-26T16:53:30Z | 2024-07-26T16:53:30Z |
| mal-0000-kam193-57a187231b24ff90 | Pentesting or research code in debug-toolbar (PyPI) | 2024-07-26T16:53:30Z | 2024-07-26T16:53:30Z |
| mal-0000-kam193-57be730f23b80bbe | Pentesting or research code in packagemurder (PyPI) | 2024-07-26T16:53:30Z | 2024-07-26T16:53:30Z |
| mal-0000-kam193-58ee02dc44daba45 | Pentesting or research code in atlasctf-21-prod-22 (PyPI) | 2024-07-26T16:53:30Z | 2024-07-26T16:53:30Z |
| mal-0000-kam193-59da172b8a3b8f27 | Pentesting or research code in mkdocs-with-pdfs (PyPI) | 2024-07-26T16:53:30Z | 2024-07-26T16:53:30Z |
| mal-0000-kam193-5a4148b7b80571ae | Pentesting or research code in appsec-script-py (PyPI) | 2024-07-26T16:53:30Z | 2024-07-26T16:53:30Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| rhsa-2006:0272 | Red Hat Security Advisory: openmotif security update | 2006-04-04T09:04:00+00:00 | 2025-11-21T17:30:07+00:00 |
| rhsa-2006:0328 | Red Hat Security Advisory: firefox security update | 2006-04-14T15:54:00+00:00 | 2025-11-21T17:30:09+00:00 |
| rhsa-2006:0329 | Red Hat Security Advisory: mozilla security update | 2006-04-18T11:12:00+00:00 | 2025-11-21T17:30:10+00:00 |
| rhsa-2006:0330 | Red Hat Security Advisory: thunderbird security update | 2006-04-21T15:41:00+00:00 | 2025-11-21T17:30:10+00:00 |
| rhsa-2006:0276 | Red Hat Security Advisory: php security update | 2006-04-25T14:33:00+00:00 | 2025-11-21T17:30:09+00:00 |
| rhsa-2006:0267 | Red Hat Security Advisory: ipsec-tools security update | 2006-04-25T14:45:00+00:00 | 2025-11-21T17:30:06+00:00 |
| rhsa-2006:0281 | Red Hat Security Advisory: struts security update for Red Hat Application Server | 2006-05-03T15:48:00+00:00 | 2025-11-21T17:30:09+00:00 |
| rhsa-2006:0280 | Red Hat Security Advisory: dia security update | 2006-05-03T16:01:00+00:00 | 2025-11-21T17:30:09+00:00 |
| rhsa-2006:0283 | Red Hat Security Advisory: squirrelmail security update | 2006-05-03T16:09:00+00:00 | 2025-11-21T17:30:09+00:00 |
| rhsa-2006:0420 | Red Hat Security Advisory: ethereal security update | 2006-05-03T16:19:00+00:00 | 2025-11-21T17:30:12+00:00 |
| rhsa-2006:0451 | Red Hat Security Advisory: xorg-x11 security update | 2006-05-04T11:49:00+00:00 | 2025-11-21T17:30:14+00:00 |
| rhsa-2006:0427 | Red Hat Security Advisory: ruby security update | 2006-05-09T11:32:00+00:00 | 2025-11-21T17:30:12+00:00 |
| rhsa-2006:0425 | Red Hat Security Advisory: libtiff security update | 2006-05-09T11:39:00+00:00 | 2025-11-21T17:30:12+00:00 |
| rhsa-2006:0270 | Red Hat Security Advisory: Red Hat Directory Server 7.1 security update | 2006-05-17T17:05:00+00:00 | 2025-11-21T17:30:06+00:00 |
| rhsa-2006:0526 | Red Hat Security Advisory: postgresql security update | 2006-05-23T19:31:00+00:00 | 2025-11-21T17:30:17+00:00 |
| rhsa-2006:0501 | Red Hat Security Advisory: php security update | 2006-05-23T20:09:00+00:00 | 2025-11-21T17:30:15+00:00 |
| rhsa-2006:0498 | Red Hat Security Advisory: xscreensaver security update | 2006-05-23T20:38:00+00:00 | 2025-11-21T17:30:14+00:00 |
| rhsa-2006:0493 | Red Hat Security Advisory: kernel security update | 2006-05-24T09:31:00+00:00 | 2025-11-21T17:30:14+00:00 |
| rhsa-2006:0541 | Red Hat Security Advisory: dia security update | 2006-06-01T17:19:00+00:00 | 2025-11-21T17:30:18+00:00 |
| rhsa-2006:0533 | Red Hat Security Advisory: zebra security update | 2006-06-01T17:39:00+00:00 | 2025-11-21T17:30:17+00:00 |
| rhsa-2006:0525 | Red Hat Security Advisory: quagga security update | 2006-06-01T17:46:00+00:00 | 2025-11-21T17:30:17+00:00 |
| rhsa-2006:0543 | Red Hat Security Advisory: spamassassin security update | 2006-06-06T17:08:00+00:00 | 2025-11-21T17:30:18+00:00 |
| rhsa-2006:0486 | Red Hat Security Advisory: mailman security update | 2006-06-09T14:27:00+00:00 | 2025-11-21T17:30:14+00:00 |
| rhsa-2006:0544 | Red Hat Security Advisory: mysql security update | 2006-06-09T15:00:00+00:00 | 2025-11-21T17:30:18+00:00 |
| rhsa-2006:0515 | Red Hat Security Advisory: sendmail security update | 2006-06-14T18:21:00+00:00 | 2025-11-21T17:30:16+00:00 |
| rhsa-2006:0548 | Red Hat Security Advisory: kdebase security update | 2006-06-14T19:04:00+00:00 | 2025-11-21T17:30:20+00:00 |
| rhsa-2006:0573 | Red Hat Security Advisory: openoffice.org security update | 2006-07-03T16:10:00+00:00 | 2025-11-21T17:30:21+00:00 |
| rhsa-2006:0547 | Red Hat Security Advisory: squirrelmail security update | 2006-07-03T16:15:00+00:00 | 2025-11-21T17:30:21+00:00 |
| rhsa-2006:0574 | Red Hat Security Advisory: kernel security update | 2006-07-07T13:47:00+00:00 | 2025-11-21T17:30:23+00:00 |
| rhsa-2006:0568 | Red Hat Security Advisory: php security update | 2006-07-12T18:06:00+00:00 | 2025-11-21T17:30:20+00:00 |
| ID | Description | Published | Updated |
|---|---|---|---|
| msrc_cve-2020-29534 | An issue was discovered in the Linux kernel before 5.9.3. io_uring takes a non-refcounted reference to the files_struct of the process that submitted a request causing execve() to incorrectly optimize unshare_fd() aka CID-0f2122045b94. | 2020-12-02T00:00:00.000Z | 2020-12-08T00:00:00.000Z |
| msrc_cve-2020-29569 | An issue was discovered in the Linux kernel through 5.10.1 as used with Xen through 4.14.x. The Linux kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped. However the handler may not have time to run if the frontend quickly toggles between the states connect and disconnect. As a consequence the block backend may re-use a pointer after it was freed. A misbehaving guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback. | 2020-12-02T00:00:00.000Z | 2020-12-19T00:00:00.000Z |
| msrc_cve-2020-29651 | A denial of service via regular expression in the py.path.svnwc component of py (aka python-py) through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame functionality. | 2020-12-02T00:00:00.000Z | 2020-12-21T00:00:00.000Z |
| msrc_cve-2020-29660 | A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID aka CID-c8bcd9c5be24. | 2020-12-02T00:00:00.000Z | 2020-12-11T00:00:00.000Z |
| msrc_cve-2020-29661 | A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP aka CID-54ffccbf053b. | 2020-12-02T00:00:00.000Z | 2020-12-11T00:00:00.000Z |
| msrc_cve-2020-35457 | GNOME GLib before 2.65.3 has an integer overflow that might lead to an out-of-bounds write in g_option_group_add_entries. NOTE: the vendor's position is "Realistically this is not a security issue. The standard pattern is for callers to provide a static list of option entries in a fixed number of calls to g_option_group_add_entries()." The researcher states that this pattern is undocumented | 2020-12-02T00:00:00.000Z | 2021-12-16T00:00:00.000Z |
| msrc_cve-2020-8169 | curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s). | 2020-12-02T00:00:00.000Z | 2020-12-15T00:00:00.000Z |
| msrc_cve-2020-8177 | curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used. | 2020-12-02T00:00:00.000Z | 2020-12-15T00:00:00.000Z |
| msrc_cve-2020-8231 | Due to use of a dangling pointer libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data. | 2020-12-02T00:00:00.000Z | 2020-12-17T00:00:00.000Z |
| msrc_cve-2020-8284 | A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port and this way potentially make curl extract information about services that are otherwise private and not disclosed for example doing port scanning and service banner extractions. | 2020-12-02T00:00:00.000Z | 2020-12-16T00:00:00.000Z |
| msrc_cve-2020-8285 | curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing. | 2020-12-02T00:00:00.000Z | 2020-12-15T00:00:00.000Z |
| msrc_cve-2020-8286 | curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response. | 2020-12-02T00:00:00.000Z | 2020-12-15T00:00:00.000Z |
| msrc_cve-2020-8563 | Secret leaks in logs for vSphere Provider kube-controller-manager | 2020-12-02T00:00:00.000Z | 2020-12-09T00:00:00.000Z |
| msrc_cve-2020-8565 | Incomplete fix for CVE-2019-11250 allows for token leak in logs when logLevel >= 9 | 2020-12-02T00:00:00.000Z | 2025-03-27T00:00:00.000Z |
| msrc_cve-2020-8908 | Temp directory permission issue in Guava | 2020-12-02T00:00:00.000Z | 2023-04-07T00:00:00.000Z |
| msrc_cve-2019-25013 | The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32 when processing invalid multi-byte input sequences in the EUC-KR encoding may have a buffer over-read. | 2021-01-02T00:00:00.000Z | 2021-01-07T00:00:00.000Z |
| msrc_cve-2020-17380 | A heap-based buffer overflow was found in QEMU through 5.0.0 in the SDHCI device emulation support. It could occur while doing a multi block SDMA transfer via the sdhci_sdma_transfer_multi_blocks() routine in hw/sd/sdhci.c. A guest user or process could use this flaw to crash the QEMU process on the host resulting in a denial of service condition or potentially execute arbitrary code with privileges of the QEMU process on the host. | 2021-01-02T00:00:00.000Z | 2021-02-06T00:00:00.000Z |
| msrc_cve-2020-24025 | Certificate validation in node-sass 2.0.0 to 4.14.1 is disabled when requesting binaries even if the user is not specifying an alternative download path. | 2021-01-02T00:00:00.000Z | 2023-07-31T00:00:00.000Z |
| msrc_cve-2020-25657 | A flaw was found in all released versions of m2crypto where they are vulnerable to Bleichenbacher timing attacks in the RSA decryption API via the timed processing of valid PKCS#1 v1.5 Ciphertext. The highest threat from this vulnerability is to confidentiality. | 2021-01-02T00:00:00.000Z | 2024-06-30T07:00:00.000Z |
| msrc_cve-2020-25659 | python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API via timed processing of valid PKCS#1 v1.5 ciphertext. | 2021-01-02T00:00:00.000Z | 2021-01-20T00:00:00.000Z |
| msrc_cve-2020-25681 | A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in the way RRSets are sorted before validating with DNSSEC data. An attacker on the network who can forge DNS replies such as that they are accepted as valid could use this flaw to cause a buffer overflow with arbitrary data in a heap memory segment possibly executing code on the machine. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | 2021-01-02T00:00:00.000Z | 2021-01-29T00:00:00.000Z |
| msrc_cve-2020-25682 | A flaw was found in dnsmasq before 2.83. A buffer overflow vulnerability was discovered in the way dnsmasq extract names from DNS packets before validating them with DNSSEC data. An attacker on the network who can create valid DNS replies could use this flaw to cause an overflow with arbitrary data in a heap-allocated memory possibly executing code on the machine. The flaw is in the rfc1035.c:extract_name() function which writes data to the memory pointed by name assuming MAXDNAME*2 bytes are available in the buffer. However in some code execution paths it is possible extract_name() gets passed an offset from the base buffer thus reducing in practice the number of available bytes that can be written in the buffer. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | 2021-01-02T00:00:00.000Z | 2021-01-29T00:00:00.000Z |
| msrc_cve-2020-25683 | A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. A remote attacker who can create valid DNS replies could use this flaw to cause an overflow in a heap-allocated memory. This flaw is caused by the lack of length checks in rfc1035.c:extract_name() which could be abused to make the code execute memcpy() with a negative size in get_rdata() and cause a crash in dnsmasq resulting in a denial of service. The highest threat from this vulnerability is to system availability. | 2021-01-02T00:00:00.000Z | 2021-01-27T00:00:00.000Z |
| msrc_cve-2020-25684 | A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query dnsmasq checks in the forward.c:reply_query() if the reply destination address/port is used by the pending forwarded queries. However it does not use the address/port to retrieve the exact forwarded query substantially reducing the number of attempts an attacker on the network would have to perform to forge a reply and get it accepted by dnsmasq. This issue contrasts with RFC5452 which specifies a query's attributes that all must be used to match a reply. This flaw allows an attacker to perform a DNS Cache Poisoning attack. If chained with CVE-2020-25685 or CVE-2020-25686 the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity. | 2021-01-02T00:00:00.000Z | 2021-01-29T00:00:00.000Z |
| msrc_cve-2020-25685 | A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query dnsmasq checks in forward.c:reply_query() which is the forwarded query that matches the reply by only using a weak hash of the query name. Due to the weak hash (CRC32 when dnsmasq is compiled without DNSSEC SHA-1 when it is) this flaw allows an off-path attacker to find several different domains all having the same hash substantially reducing the number of attempts they would have to perform to forge a reply and get it accepted by dnsmasq. This is in contrast with RFC5452 which specifies that the query name is one of the attributes of a query that must be used to match a reply. This flaw could be abused to perform a DNS Cache Poisoning attack. If chained with CVE-2020-25684 the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity. | 2021-01-02T00:00:00.000Z | 2021-01-29T00:00:00.000Z |
| msrc_cve-2020-25686 | A flaw was found in dnsmasq before version 2.83. When receiving a query dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default a maximum of 150 pending queries can be sent to upstream servers so there can be at most 150 queries for the same name. This flaw allows an off-path attacker on the network to substantially reduce the number of attempts that it would have to perform to forge a reply and have it accepted by dnsmasq. This issue is mentioned in the "Birthday Attacks" section of RFC5452. If chained with CVE-2020-25684 the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity. | 2021-01-02T00:00:00.000Z | 2021-01-27T00:00:00.000Z |
| msrc_cve-2020-25687 | A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. This flaw allows a remote attacker who can create valid DNS replies to cause an overflow in a heap-allocated memory. This flaw is caused by the lack of length checks in rfc1035.c:extract_name() which could be abused to make the code execute memcpy() with a negative size in sort_rrset() and cause a crash in dnsmasq resulting in a denial of service. The highest threat from this vulnerability is to system availability. | 2021-01-02T00:00:00.000Z | 2021-01-27T00:00:00.000Z |
| msrc_cve-2020-27814 | A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. An attacker could use this flaw to cause an application crash or in some cases execute arbitrary code with the permission of the user running such an application. | 2021-01-02T00:00:00.000Z | 2024-07-23T00:00:00.000Z |
| msrc_cve-2020-27841 | There's a flaw in openjpeg in versions prior to 2.4.0 in src/lib/openjp2/pi.c. When an attacker is able to provide crafted input to be processed by the openjpeg encoder this could cause an out-of-bounds read. The greatest impact from this flaw is to application availability. | 2021-01-02T00:00:00.000Z | 2024-07-23T00:00:00.000Z |
| msrc_cve-2020-27842 | There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0. An attacker who is able to provide crafted input to be processed by openjpeg could cause a null pointer dereference. The highest impact of this flaw is to application availability. | 2021-01-02T00:00:00.000Z | 2024-07-23T00:00:00.000Z |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| jvndb-2012-000111 | Boat Browser / Boat Browser Mini vulnerable in the WebView class | 2012-12-20T15:00+09:00 | 2012-12-20T15:00+09:00 |
| jvndb-2012-000112 | Opera Mini / Opera Mobile for Android vulnerable in the WebView class | 2012-12-20T15:04+09:00 | 2012-12-28T16:13+09:00 |
| jvndb-2012-000114 | Loctouch for Android vulnerable in handling of implicit intents | 2012-12-21T12:29+09:00 | 2012-12-21T12:29+09:00 |
| jvndb-2012-000115 | Loctouch for Android information management vulnerability | 2012-12-21T12:37+09:00 | 2012-12-21T12:37+09:00 |
| jvndb-2012-000113 | concrete5 vulnerable to cross-site scripting | 2012-12-21T12:41+09:00 | 2013-02-20T16:10+09:00 |
| jvndb-2012-005827 | Cross-site Scripting Vulnerability in Collaboration - Bulletin board in Multiple Hitachi Products | 2012-12-28T16:43+09:00 | 2012-12-28T16:43+09:00 |
| jvndb-2013-000001 | Documents Pro (formerly Files HD) vulnerable to cross-site scripting | 2013-01-18T13:36+09:00 | 2013-01-18T13:36+09:00 |
| jvndb-2013-000002 | Documents Pro (formerly Files HD) vulnerable to directory traversal | 2013-01-18T13:39+09:00 | 2013-01-18T13:39+09:00 |
| jvndb-2013-000003 | myu-s / PHP WeblogSystem by netmania vulnerable to cross-site scripting | 2013-01-22T15:22+09:00 | 2013-01-22T15:22+09:00 |
| jvndb-2013-000004 | WebSphere Application Server (WAS) vulnerable to cross-site scripting | 2013-01-25T12:32+09:00 | 2013-01-25T12:32+09:00 |
| jvndb-2013-000005 | Weathernews Touch for Android stores location information in the system log file | 2013-01-31T13:38+09:00 | 2013-01-31T13:38+09:00 |
| jvndb-2013-000006 | mora Downloader may insecurely load executable files | 2013-02-07T14:00+09:00 | 2013-02-07T14:00+09:00 |
| jvndb-2013-000008 | Cybozu Garoon vulnerable to cross-site scripting | 2013-02-08T13:53+09:00 | 2013-02-08T13:53+09:00 |
| jvndb-2013-000007 | Cybozu Garoon vulnerable to SQL injection | 2013-02-08T13:58+09:00 | 2013-02-08T13:58+09:00 |
| jvndb-2013-001321 | User Authentication Vulnerability in Operational Management Function of Cosminexus | 2013-02-12T14:24+09:00 | 2013-02-12T14:24+09:00 |
| jvndb-2013-001470 | Accela BizSearch Gateway Option for TeamWARE Spoofing Vulnerability | 2013-02-13T16:47+09:00 | 2013-02-13T16:47+09:00 |
| jvndb-2013-000009 | imgboard vulnerable to cross-site scripting | 2013-02-14T14:10+09:00 | 2013-02-14T14:10+09:00 |
| jvndb-2013-000010 | GREE for Android vulnerable to directory traversal | 2013-02-14T14:15+09:00 | 2013-02-14T14:15+09:00 |
| jvndb-2013-000011 | 3DM (3ware Disk Manager) vulnerable to directory traversal | 2013-02-15T14:29+09:00 | 2013-02-15T14:29+09:00 |
| jvndb-2013-000012 | NEC Universal RAID Utility fails to restrict access permissions | 2013-02-21T13:54+09:00 | 2013-03-01T11:34+09:00 |
| jvndb-2013-001605 | Multiple vulnerabilities in Hitachi Tuning Manager and JP1/Performance Management | 2013-02-22T20:09+09:00 | 2013-02-22T20:09+09:00 |
| jvndb-2013-000015 | Multiple JustSystems products vulnerable to arbitrary code execution | 2013-02-26T14:45+09:00 | 2013-02-26T14:45+09:00 |
| jvndb-2013-000013 | dopvCOMET* vulnerable to cross-site scripting | 2013-02-28T13:37+09:00 | 2013-02-28T13:37+09:00 |
| jvndb-2013-000014 | dopvSTAR* vulnerable to cross-site scripting | 2013-02-28T13:46+09:00 | 2013-02-28T13:46+09:00 |
| jvndb-2013-000016 | Kingsoft Writer vulnerable to buffer overflow | 2013-03-01T14:47+09:00 | 2013-03-01T14:47+09:00 |
| jvndb-2013-000017 | Multiple Cisco products vulnerable to denial-of-service (DoS) | 2013-03-07T14:13+09:00 | 2013-03-11T16:22+09:00 |
| jvndb-2013-000020 | VxWorks SSH server (IPSSH) denial-of-service (DoS) vulnerability | 2013-03-18T14:30+09:00 | 2013-06-25T18:01+09:00 |
| jvndb-2013-000019 | VxWorks SSH server (IPSSH) denial-of-service (DoS) vulnerability | 2013-03-18T14:32+09:00 | 2013-06-25T17:57+09:00 |
| jvndb-2013-000018 | VxWorks SSH server (IPSSH) denial-of-service (DoS) vulnerability | 2013-03-18T14:33+09:00 | 2013-06-25T17:54+09:00 |
| jvndb-2013-000021 | VxWorks SSH server (IPSSH) denial-of-service (DoS) vulnerability | 2013-03-18T14:38+09:00 | 2013-06-25T18:06+09:00 |
| ID | Description | Updated |
|---|