Recent vulnerabilities
| ID | Description | Published | Updated |
|---|---|---|---|
| ghsa-v37p-j5qh-w8c9 | Libarchive v3.6.0 was discovered to contain an out-of-bounds read via the component zipx_lzma_alone_init. | 2022-03-30T00:00:31Z | 2025-11-04T00:30:31Z |
| ghsa-36p3-wjmg-h94x | Remote Code Execution in Spring Framework | 2022-03-31T18:30:50Z | 2025-10-22T19:18:34Z |
| ghsa-6v73-fgf6-w5j7 | Spring Cloud Function Code Injection with a specially crafted SpEL as a routing expression | 2022-04-03T00:00:59Z | 2025-10-22T19:18:02Z |
| ghsa-8hfj-j24r-96c4 | Path Traversal: 'dir/../../filename' in moment.locale | 2022-04-04T21:25:48Z | 2025-11-04T16:35:41Z |
| ghsa-q7xc-35g4-g566 | VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due … | 2022-04-12T00:00:29Z | 2025-10-22T00:32:31Z |
| ghsa-8r7c-vjv4-wp6x | VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalatio… | 2022-04-14T00:00:16Z | 2025-10-22T00:32:31Z |
| ghsa-wvcr-2gc8-63gg | In Python (aka CPython) through 3.10.4, the mailcap module does not add escape characters into comm… | 2022-04-14T00:00:18Z | 2025-11-04T00:30:32Z |
| ghsa-cf7g-gj99-69w3 | Windows User Profile Service Elevation of Privilege Vulnerability. | 2022-04-16T00:00:29Z | 2025-10-22T00:32:31Z |
| ghsa-59qr-cc8f-v837 | Windows Common Log File System Driver Elevation of Privilege Vulnerability. This CVE ID is unique f… | 2022-04-16T00:00:38Z | 2025-10-22T00:32:31Z |
| ghsa-f28x-5fx8-2j2h | Kentico CMS before 13.0.66 has an Insecure Direct Object Reference vulnerability. It allows an atta… | 2022-04-17T00:00:32Z | 2025-12-19T21:30:14Z |
| ghsa-rh37-88v6-qm47 | A heap double free issue was found in Opensc before version 0.22.0 in sc_pkcs15_free_tokeninfo. | 2022-04-19T00:00:49Z | 2025-11-04T00:30:31Z |
| ghsa-xq25-8g7f-6hc5 | Stack buffer overflow issues were found in Opensc before version 0.22.0 in various places that coul… | 2022-04-19T00:00:49Z | 2025-11-04T00:30:31Z |
| ghsa-qc73-mcqm-3m29 | A flaw was found in 389-ds-base. If an asterisk is imported as password hashes, either accidentally… | 2022-04-19T00:00:50Z | 2025-11-03T21:30:38Z |
| ghsa-rcjw-9639-853h | A heap use after free issue was found in Opensc before version 0.22.0 in sc_file_valid. | 2022-04-19T00:00:50Z | 2025-11-04T00:30:31Z |
| ghsa-7wjg-mhwg-m2rc | A use after return issue was found in Opensc before version 0.22.0 in insert_pin function that coul… | 2022-04-19T00:00:51Z | 2025-11-04T00:30:31Z |
| ghsa-93j9-4rqq-x6gr | Heap buffer overflow issues were found in Opensc before version 0.22.0 in pkcs15-oberthur.c that co… | 2022-04-19T00:00:52Z | 2025-11-04T00:30:31Z |
| ghsa-q392-qg7v-xvc4 | Zoho ManageEngine ADSelfService Plus before 6122 allows an authenticated user to achieve remote cod… | 2022-04-19T00:00:57Z | 2025-10-22T00:32:32Z |
| ghsa-7f3x-fvqf-q6q5 | Vulnerability in the Oracle JDeveloper product of Oracle Fusion Middleware (component: ADF Faces). … | 2022-04-20T00:00:26Z | 2025-10-22T00:32:31Z |
| ghsa-mfgw-52pj-hrhg | Certain WSO2 products allow unrestricted file upload with resultant remote code execution. This aff… | 2022-04-20T00:00:34Z | 2025-10-22T00:32:32Z |
| ghsa-c5j2-ggvf-gwvg | On certain Ubiquiti devices, Command Injection exists via a GET request to stainfo.cgi (aka Show AP… | 2022-04-21T01:57:42Z | 2025-10-22T00:31:41Z |
| ghsa-763p-5rx7-r4qf | Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 allows an unauthenticated attacker to inject arbitrar… | 2022-04-22T00:00:38Z | 2025-10-22T00:32:32Z |
| ghsa-chc6-9436-6wfq | A reflected cross-site scripting (XSS) vulnerability in the /public/launchNewWindow.jsp component o… | 2022-04-22T00:00:38Z | 2025-10-22T00:32:32Z |
| ghsa-j5r7-6rm3-99mm | Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP arch… | 2022-04-22T00:00:38Z | 2025-10-22T00:32:32Z |
| ghsa-f4rg-w9qm-5f42 | The Service Appliance component in Mitel MiVoice Connect through 19.2 SP3 allows remote code execut… | 2022-04-27T00:00:21Z | 2025-10-22T00:32:32Z |
| ghsa-vxc9-8m8h-9cp6 | In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation… | 2022-04-27T00:00:21Z | 2025-10-22T00:32:32Z |
| ghsa-8m5h-hrqm-pxm2 | Path traversal in the OWASP Enterprise Security API | 2022-04-27T21:09:43Z | 2025-11-03T22:28:22Z |
| ghsa-q77q-vx4q-xx6q | Cross-site Scripting in org.owasp.esapi:esapi | 2022-04-27T21:09:46Z | 2025-11-03T22:28:35Z |
| ghsa-867p-9w54-69hp | The POSIX component of Microsoft Windows NT and Windows 2000 allows local users to execute arbitrar… | 2022-04-29T02:57:20Z | 2025-10-22T03:30:26Z |
| ghsa-7757-mj68-c29v | Cisco IOS 12.2(15) and earlier allows remote attackers to cause a denial of service (refused VTY (v… | 2022-04-29T02:59:39Z | 2025-10-22T03:30:26Z |
| ghsa-6w47-3vvr-m9hm | Incorrect handling of complex species in V8 in Google Chrome prior to 57.0.2987.98 for Linux, Windo… | 2022-04-30T00:02:23Z | 2025-10-22T00:31:21Z |
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| cve-2015-2546 | N/A | The kernel-mode driver in Microsoft Windows Vista… |
n/a |
n/a |
2015-09-09T00:00:00.000Z | 2025-10-21T23:55:57.696Z |
| cve-2015-7645 | N/A | Adobe Flash Player 18.x through 18.0.0.252 and 19… |
n/a |
n/a |
2015-10-15T10:00:00.000Z | 2025-10-21T23:55:57.550Z |
| cve-2015-4902 | N/A | Unspecified vulnerability in Oracle Java SE 6u101… |
n/a |
n/a |
2015-10-21T23:00:00.000Z | 2025-10-21T23:55:57.316Z |
| cve-2015-4852 | N/A | The WLS Security component in Oracle WebLogic Ser… |
n/a |
n/a |
2015-11-18T15:00:00.000Z | 2025-10-21T23:55:57.062Z |
| cve-2015-5317 | N/A | The Fingerprints pages in Jenkins before 1.638 an… |
n/a |
n/a |
2015-11-25T20:00:00.000Z | 2025-10-21T23:55:56.897Z |
| cve-2015-6175 | N/A | The kernel in Microsoft Windows 10 Gold allows lo… |
n/a |
n/a |
2015-12-09T11:00:00.000Z | 2025-10-21T23:55:56.760Z |
| cve-2015-7755 | N/A | Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0… |
n/a |
n/a |
2015-12-19T11:00:00.000Z | 2025-10-21T23:55:56.610Z |
| cve-2015-7928 | N/A | eWON devices with firmware before 10.1s0 do not h… |
n/a |
n/a |
2015-12-23T11:00:00.000Z | 2025-11-04T16:09:06.301Z |
| cve-2015-8651 | N/A | Integer overflow in Adobe Flash Player before 18.… |
n/a |
n/a |
2015-12-28T23:00:00.000Z | 2025-10-21T23:55:56.425Z |
| cve-2015-7450 | N/A | Serialized-object interfaces in certain IBM analy… |
n/a |
n/a |
2016-01-02T21:00:00.000Z | 2025-10-21T23:55:56.246Z |
| cve-2016-0034 | N/A | Microsoft Silverlight 5 before 5.1.41212.0 mishan… |
n/a |
n/a |
2016-01-13T02:00:00.000Z | 2025-10-21T23:55:56.096Z |
| cve-2016-0040 | N/A | The kernel in Microsoft Windows Vista SP2, Window… |
n/a |
n/a |
2016-02-10T11:00:00.000Z | 2025-10-21T23:55:55.948Z |
| cve-2016-0984 | N/A | Use-after-free vulnerability in Adobe Flash Playe… |
n/a |
n/a |
2016-02-10T20:00:00.000Z | 2025-10-21T23:55:55.589Z |
| cve-2016-0752 | N/A | Directory traversal vulnerability in Action View … |
n/a |
n/a |
2016-02-16T02:00:00.000Z | 2025-10-21T23:55:55.440Z |
| cve-2016-2386 | N/A | SQL injection vulnerability in the UDDI server in… |
n/a |
n/a |
2016-02-16T15:00:00.000Z | 2025-10-21T23:55:55.277Z |
| cve-2016-2388 | N/A | The Universal Worklist Configuration in SAP NetWe… |
n/a |
n/a |
2016-02-16T15:00:00.000Z | 2025-10-21T23:55:55.132Z |
| cve-2016-0099 | N/A | The Secondary Logon Service in Microsoft Windows … |
n/a |
n/a |
2016-03-09T11:00:00.000Z | 2025-10-21T23:55:54.947Z |
| cve-2016-1010 | N/A | Integer overflow in Adobe Flash Player before 18.… |
n/a |
n/a |
2016-03-12T15:00:00.000Z | 2025-10-21T23:55:54.744Z |
| cve-2016-1762 | N/A | The xmlNextChar function in libxml2 before 2.9.4 … |
n/a |
n/a |
2016-03-24T01:00:00.000Z | 2025-12-17T22:04:31.761Z |
| cve-2016-1646 | N/A | The Array.prototype.concat implementation in buil… |
n/a |
n/a |
2016-03-29T10:00:00.000Z | 2025-10-21T23:55:54.355Z |
| cve-2016-1019 | N/A | Adobe Flash Player 21.0.0.197 and earlier allows … |
n/a |
n/a |
2016-04-07T10:00:00.000Z | 2025-11-17T19:47:42.867Z |
| cve-2016-3976 | N/A | Directory traversal vulnerability in SAP NetWeave… |
n/a |
n/a |
2016-04-07T23:00:00.000Z | 2025-10-21T23:55:54.035Z |
| cve-2016-0151 | N/A | The Client-Server Run-time Subsystem (CSRSS) in M… |
n/a |
n/a |
2016-04-12T23:00:00.000Z | 2025-10-21T23:55:53.897Z |
| cve-2016-0162 | N/A | Microsoft Internet Explorer 9 through 11 allows r… |
n/a |
n/a |
2016-04-12T23:00:00.000Z | 2025-10-21T23:55:53.729Z |
| cve-2016-0165 | N/A | The kernel-mode driver in Microsoft Windows Vista… |
n/a |
n/a |
2016-04-12T23:00:00.000Z | 2025-10-21T23:55:53.587Z |
| cve-2016-0167 | N/A | The kernel-mode driver in Microsoft Windows Vista… |
n/a |
n/a |
2016-04-12T23:00:00.000Z | 2025-10-21T23:55:53.432Z |
| cve-2016-3427 | N/A | Unspecified vulnerability in Oracle Java SE 6u113… |
n/a |
n/a |
2016-04-21T10:00:00.000Z | 2025-10-21T23:55:53.262Z |
| cve-2016-3714 | N/A | The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (… |
n/a |
n/a |
2016-05-05T18:00:00.000Z | 2025-10-21T23:55:53.098Z |
| cve-2016-3715 | N/A | The EPHEMERAL coder in ImageMagick before 6.9.3-1… |
n/a |
n/a |
2016-05-05T18:00:00.000Z | 2025-10-21T23:55:52.910Z |
| cve-2016-3718 | N/A | The (1) HTTP and (2) FTP coders in ImageMagick be… |
n/a |
n/a |
2016-05-05T18:00:00.000Z | 2025-10-21T23:55:52.756Z |
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| cve-2014-1555 | N/A | Use-after-free vulnerability in the nsDocLoader::… |
n/a |
n/a |
2014-07-23T10:00:00 | 2024-08-06T09:42:36.250Z |
| cve-2014-1556 | N/A | Mozilla Firefox before 31.0, Firefox ESR 24.x bef… |
n/a |
n/a |
2014-07-23T10:00:00 | 2024-08-06T09:42:36.467Z |
| cve-2014-1557 | N/A | The ConvolveHorizontally function in Skia, as use… |
n/a |
n/a |
2014-07-23T10:00:00 | 2024-08-06T09:42:36.307Z |
| cve-2014-3120 | N/A | The default configuration in Elasticsearch before… |
n/a |
n/a |
2014-07-28T19:00:00.000Z | 2025-10-22T00:05:37.084Z |
| cve-2014-0546 | N/A | Adobe Reader and Acrobat 10.x before 10.1.11 and … |
n/a |
n/a |
2014-08-12T21:00:00.000Z | 2025-11-21T15:46:42.425Z |
| cve-2014-2817 | N/A | Microsoft Internet Explorer 6 through 11 allows r… |
n/a |
n/a |
2014-08-12T21:00:00.000Z | 2025-10-22T00:05:36.812Z |
| cve-2014-2380 | 7.8 (v2.0) | Schneider Electric Wonderware Inadequate Encryption Strength |
Schneider Electric |
Wonderware Information Server Portal |
2014-08-28T01:00:00 | 2025-10-31T23:11:04.615Z |
| cve-2014-2381 | 2.1 (v2.0) | Schneider Electric Wonderware Inadequate Encryption Strength |
Schneider Electric |
Wonderware Information Server Portal |
2014-08-28T01:00:00 | 2025-10-31T23:19:54.894Z |
| cve-2014-5397 | 7.5 (v2.0) | Schneider Electric Wonderware Cross-site Scripting |
Schneider Electric |
Wonderware Information Server Portal |
2014-08-28T01:00:00 | 2025-10-31T23:14:04.849Z |
| cve-2014-5398 | 2.1 (v2.0) | Schneider Electric Wonderware Input Validation |
Schneider Electric |
Wonderware Information Server Portal |
2014-08-28T01:00:00 | 2025-10-31T23:16:04.348Z |
| cve-2014-5399 | 7.5 (v2.0) | Schneider Electric Wonderware SQL Injection |
Schneider Electric |
Wonderware Information Server Portal |
2014-08-28T01:00:00 | 2025-10-31T23:17:37.919Z |
| cve-2013-2597 | N/A | Stack-based buffer overflow in the acdb_ioctl fun… |
n/a |
n/a |
2014-08-31T10:00:00.000Z | 2025-10-22T00:05:36.666Z |
| cve-2014-1562 | N/A | Unspecified vulnerability in the browser engine i… |
n/a |
n/a |
2014-09-03T10:00:00 | 2024-08-06T09:42:36.635Z |
| cve-2014-1567 | N/A | Use-after-free vulnerability in DirectionalityUti… |
n/a |
n/a |
2014-09-03T10:00:00 | 2024-08-06T09:42:36.651Z |
| cve-2014-5407 | 4.1 (v2.0) | Schneider Electric VAMPSET Stack-based Buffer Overflow |
Schneider Electric |
VAMPSET |
2014-09-15T14:00:00 | 2025-11-03T18:52:21.206Z |
| cve-2014-4404 | N/A | Heap-based buffer overflow in IOHIDFamily in Appl… |
n/a |
n/a |
2014-09-18T10:00:00.000Z | 2025-10-22T00:05:36.521Z |
| cve-2014-5411 | 4.9 (v2.0) | Schneider Electric SCADA Expert ClearSCADA Cross-site … |
Schneider Electric |
ClearSCADA |
2014-09-18T10:00:00 | 2025-11-04T22:53:17.900Z |
| cve-2014-5412 | 6.4 (v2.0) | Schneider Electric SCADA Expert ClearSCADA Improper Au… |
Schneider Electric |
ClearSCADA |
2014-09-18T10:00:00 | 2025-11-04T22:56:12.970Z |
| cve-2014-5413 | 6.4 (v2.0) | Schneider Electric SCADA Expert ClearSCADA Cryptograph… |
Schneider Electric |
ClearSCADA |
2014-09-18T10:00:00 | 2025-11-04T22:59:00.297Z |
| cve-2014-6271 | N/A | GNU Bash through 4.3 processes trailing strings a… |
n/a |
n/a |
2014-09-24T18:00:00.000Z | 2025-10-22T00:05:36.342Z |
| cve-2014-7169 | N/A | GNU Bash through 4.3 bash43-025 processes trailin… |
n/a |
n/a |
2014-09-25T01:00:00.000Z | 2025-10-22T00:05:36.027Z |
| cve-2014-6278 | N/A | GNU Bash through 4.3 bash43-026 does not properly… |
n/a |
n/a |
2014-09-30T10:00:00.000Z | 2025-10-22T00:05:35.846Z |
| cve-2014-5410 | 7.1 (v2.0) | Rockwell Automation Micrologix 1400 Improper Input Val… |
Rockwell Automation |
Allen-Bradley MicroLogix 1400 |
2014-10-03T18:00:00 | 2025-11-04T22:30:19.113Z |
| cve-2014-6287 | N/A | The findMacroMarker function in parserLib.pas in … |
n/a |
n/a |
2014-10-07T10:00:00.000Z | 2025-10-22T00:05:35.677Z |
| cve-2014-4113 | N/A | win32k.sys in the kernel-mode drivers in Microsof… |
n/a |
n/a |
2014-10-15T10:00:00.000Z | 2025-10-22T00:05:35.545Z |
| cve-2014-4114 | N/A | Microsoft Windows Vista SP2, Windows Server 2008 … |
n/a |
n/a |
2014-10-15T10:00:00.000Z | 2025-10-22T00:05:35.412Z |
| cve-2014-4123 | N/A | Microsoft Internet Explorer 7 through 11 allows r… |
n/a |
n/a |
2014-10-15T10:00:00.000Z | 2025-10-22T00:05:35.270Z |
| cve-2014-4148 | N/A | win32k.sys in the kernel-mode drivers in Microsof… |
n/a |
n/a |
2014-10-15T10:00:00.000Z | 2025-10-22T00:05:35.135Z |
| cve-2014-6352 | N/A | Microsoft Windows Vista SP2, Windows Server 2008 … |
n/a |
n/a |
2014-10-22T14:00:00.000Z | 2025-10-22T00:05:34.995Z |
| cve-2014-5408 | 7.5 (v2.0) | Nordex NC2 Cross-site Scripting |
Nordex |
Nordex Control 2 (NC2) SCADA |
2014-11-05T11:00:00 | 2025-11-03T18:50:14.150Z |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| mal-0000-kam193-2c2e4d0ba11c8b8e | Malicious code in oepenwea (PyPI) | 2024-06-28T20:16:20Z | 2024-06-28T20:16:20Z |
| mal-0000-kam193-2c688b4430379980 | Malicious code in etheruemm (PyPI) | 2024-06-28T20:16:20Z | 2024-06-28T20:16:20Z |
| mal-0000-kam193-2cf87b3db91b7034 | Malicious code in openzea (PyPI) | 2024-06-28T20:16:20Z | 2024-06-28T20:16:20Z |
| mal-0000-kam193-2d06990ef547e95d | Malicious code in etheriun (PyPI) | 2024-06-28T20:16:20Z | 2024-06-28T20:16:20Z |
| mal-0000-kam193-2da6ae8981394341 | Malicious code in etheurm (PyPI) | 2024-06-28T20:16:20Z | 2024-06-28T20:16:20Z |
| mal-0000-kam193-2dcc631e598acf97 | Malicious code in etheirum (PyPI) | 2024-06-28T20:16:20Z | 2024-06-28T20:16:20Z |
| mal-0000-kam193-2dfc506229ff91be | Malicious code in oepnsea (PyPI) | 2024-06-28T20:16:20Z | 2024-06-28T20:16:20Z |
| mal-0000-kam193-2e3ed1472f7e9a51 | Malicious code in pytuon (PyPI) | 2024-06-28T20:16:20Z | 2024-06-28T20:16:20Z |
| mal-0000-kam193-2fbc2861e34a7b4c | Malicious code in openeasea (PyPI) | 2024-06-28T20:16:20Z | 2024-06-28T20:16:20Z |
| mal-0000-kam193-31c54d25ae4f9aa5 | Malicious code in we3-py (PyPI) | 2024-06-28T20:16:20Z | 2024-06-28T20:16:20Z |
| mal-0000-kam193-3299f5b495591d65 | Malicious code in opnesea (PyPI) | 2024-06-28T20:16:20Z | 2024-06-28T20:16:20Z |
| mal-0000-kam193-33522a92e685dbc7 | Malicious code in ethreum (PyPI) | 2024-06-28T20:16:20Z | 2024-06-28T20:16:20Z |
| mal-0000-kam193-3365f2d8a9ad021d | Malicious code in pytjon (PyPI) | 2024-06-28T20:16:20Z | 2024-06-28T20:16:20Z |
| mal-0000-kam193-34a556eaf3850f7f | Malicious code in pthon (PyPI) | 2024-06-28T20:16:20Z | 2024-06-28T20:16:20Z |
| mal-0000-kam193-352f4e97f398fbf5 | Malicious code in oenasea (PyPI) | 2024-06-28T20:16:20Z | 2024-06-28T20:16:20Z |
| mal-0000-kam193-3618f1fe08e0a6fa | Malicious code in etherium (PyPI) | 2024-06-28T20:16:20Z | 2024-06-28T20:16:20Z |
| mal-0000-kam193-37be9537e4fe1dbc | Malicious code in ethreeum (PyPI) | 2024-06-28T20:16:20Z | 2024-06-28T20:16:20Z |
| mal-0000-kam193-38ffa42756f9ee22 | Malicious code in web3-pu (PyPI) | 2024-06-28T20:16:20Z | 2024-06-28T20:16:20Z |
| mal-0000-kam193-39f276d3e7335efa | Malicious code in etehreum (PyPI) | 2024-06-28T20:16:20Z | 2024-06-28T20:16:20Z |
| mal-0000-kam193-3a75e3927a62be62 | Malicious code in web2 (PyPI) | 2024-06-28T20:16:20Z | 2024-06-28T20:16:20Z |
| mal-0000-kam193-3ae5bbdda0effc9e | Malicious code in pytojn (PyPI) | 2024-06-28T20:16:20Z | 2024-06-28T20:16:20Z |
| mal-0000-kam193-3b0ffb55c54f64ae | Malicious code in ethereuim (PyPI) | 2024-06-28T20:16:20Z | 2024-06-28T20:16:20Z |
| mal-0000-kam193-3b461b0e1b5a0d6c | Malicious code in openeasea (PyPI) | 2024-06-28T20:16:20Z | 2024-06-28T20:16:20Z |
| mal-0000-kam193-3bc9806936b2776f | Malicious code in werb3 (PyPI) | 2024-06-28T20:16:20Z | 2024-06-28T20:16:20Z |
| mal-0000-kam193-3c87e22f7813d9db | Malicious code in wbe3 (PyPI) | 2024-06-28T20:16:20Z | 2024-06-28T20:16:20Z |
| mal-0000-kam193-3ce1d85326ade617 | Malicious code in opensae (PyPI) | 2024-06-28T20:16:20Z | 2024-06-28T20:16:20Z |
| mal-0000-kam193-3e07b911a1fec6db | Malicious code in etherrium (PyPI) | 2024-06-28T20:16:20Z | 2024-06-28T20:16:20Z |
| mal-0000-kam193-3e5b38df8bc96ba2 | Malicious code in opensa (PyPI) | 2024-06-28T20:16:20Z | 2024-06-28T20:16:20Z |
| mal-0000-kam193-40becddeae204dc6 | Malicious code in weeb3-py (PyPI) | 2024-06-28T20:16:20Z | 2024-06-28T20:16:20Z |
| mal-0000-kam193-40c8cae0ed147f87 | Malicious code in wdb3 (PyPI) | 2024-06-28T20:16:20Z | 2024-06-28T20:16:20Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| wid-sec-w-2025-1914 | Linux Kernel: Schwachstelle ermöglicht Codeausführung | 2025-08-26T22:00:00.000+00:00 | 2025-12-16T23:00:00.000+00:00 |
| wid-sec-w-2025-1921 | Linux Kernel: Schwachstelle ermöglicht Denial of Service | 2025-08-27T22:00:00.000+00:00 | 2025-10-30T23:00:00.000+00:00 |
| wid-sec-w-2025-1925 | Hashicorp Vault: Schwachstelle ermöglicht Denial of Service | 2025-08-28T22:00:00.000+00:00 | 2025-10-23T22:00:00.000+00:00 |
| wid-sec-w-2025-1928 | Linux UDisks Daemon: Schwachstelle ermöglicht Privilegieneskalation | 2025-08-28T22:00:00.000+00:00 | 2025-11-24T23:00:00.000+00:00 |
| wid-sec-w-2025-1933 | Linux Kernel: Eine Schwachstelle ermöglicht einen Denial of Service | 2025-08-31T22:00:00.000+00:00 | 2025-12-16T23:00:00.000+00:00 |
| wid-sec-w-2025-1946 | Google Chrome/Microsoft Edge: Mehrere Schwachstellen | 2025-09-02T22:00:00.000+00:00 | 2025-11-16T23:00:00.000+00:00 |
| wid-sec-w-2025-1948 | libxml2 (exsltDynMapFunction): Schwachstelle ermöglicht Denial of Service | 2025-09-02T22:00:00.000+00:00 | 2025-12-16T23:00:00.000+00:00 |
| wid-sec-w-2025-1954 | Drupal: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen | 2025-09-03T22:00:00.000+00:00 | 2025-10-29T23:00:00.000+00:00 |
| wid-sec-w-2025-1962 | Google Cloud Platform Looker Studio: Mehrere Schwachstellen | 2025-09-03T22:00:00.000+00:00 | 2025-11-10T23:00:00.000+00:00 |
| wid-sec-w-2025-1965 | Linux Kernel: Schwachstelle ermöglicht Denial of Service | 2025-09-03T22:00:00.000+00:00 | 2025-12-16T23:00:00.000+00:00 |
| wid-sec-w-2025-1974 | Podman: Schwachstelle ermöglicht Manipulation von Dateien | 2025-09-04T22:00:00.000+00:00 | 2025-10-30T23:00:00.000+00:00 |
| wid-sec-w-2025-1976 | Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service | 2025-09-04T22:00:00.000+00:00 | 2025-12-22T23:00:00.000+00:00 |
| wid-sec-w-2025-1988 | Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service | 2025-09-07T22:00:00.000+00:00 | 2025-12-16T23:00:00.000+00:00 |
| wid-sec-w-2025-1998 | ffmpeg: Schwachstelle ermöglicht Codeausführung und potenziell Denial of Service | 2025-09-08T22:00:00.000+00:00 | 2025-10-21T22:00:00.000+00:00 |
| wid-sec-w-2025-1999 | Adobe Magento SessionReaper: Schwachstelle ermöglicht Umgehung von Sicherheitsmaßnahmen | 2025-09-08T22:00:00.000+00:00 | 2025-10-22T22:00:00.000+00:00 |
| wid-sec-w-2025-2002 | libssh: Schwachstelle ermöglicht Denial of Service | 2025-09-09T22:00:00.000+00:00 | 2025-10-30T23:00:00.000+00:00 |
| wid-sec-w-2025-2023 | cURL: Mehrere Schwachstellen ermöglichen Manipulation von Dateien | 2025-09-09T22:00:00.000+00:00 | 2025-11-27T23:00:00.000+00:00 |
| wid-sec-w-2025-2026 | ffmpeg: Schwachstelle ermöglicht Denial of Service | 2025-09-10T22:00:00.000+00:00 | 2025-10-21T22:00:00.000+00:00 |
| wid-sec-w-2025-2028 | Red Hat OpenShift Container Platform: Schwachstelle ermöglicht Codeausführung | 2025-09-10T22:00:00.000+00:00 | 2025-10-30T23:00:00.000+00:00 |
| wid-sec-w-2025-2034 | Erlang/OTP: Mehrere Schwachstellen | 2025-09-10T22:00:00.000+00:00 | 2025-11-24T23:00:00.000+00:00 |
| wid-sec-w-2025-2036 | IBM WebSphere Application Server: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen | 2025-09-10T22:00:00.000+00:00 | 2025-10-23T22:00:00.000+00:00 |
| wid-sec-w-2025-2039 | CUPS: Mehrere Schwachstellen | 2025-09-11T22:00:00.000+00:00 | 2025-10-30T23:00:00.000+00:00 |
| wid-sec-w-2025-2040 | Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service | 2025-09-11T22:00:00.000+00:00 | 2025-12-22T23:00:00.000+00:00 |
| wid-sec-w-2025-2045 | expat: Schwachstelle ermöglicht Denial of Service | 2025-09-14T22:00:00.000+00:00 | 2025-12-21T23:00:00.000+00:00 |
| wid-sec-w-2025-2051 | Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service | 2025-09-14T22:00:00.000+00:00 | 2025-12-16T23:00:00.000+00:00 |
| wid-sec-w-2025-2053 | Linux Kernel: Mehrere Schwachstellen | 2025-09-15T22:00:00.000+00:00 | 2025-12-22T23:00:00.000+00:00 |
| wid-sec-w-2025-2058 | Apple Safari: Mehrere Schwachstellen | 2025-09-15T22:00:00.000+00:00 | 2025-11-04T23:00:00.000+00:00 |
| wid-sec-w-2025-2060 | VMware Tanzu Spring Framework und Spring Security: Mehrere Schwachstellen ermöglichen Umgehen von Sicherheitsvorkehrungen | 2025-09-15T22:00:00.000+00:00 | 2025-12-07T23:00:00.000+00:00 |
| wid-sec-w-2025-2071 | WatchGuard Firebox: Schwachstelle ermöglicht Codeausführung | 2025-09-16T22:00:00.000+00:00 | 2025-11-12T23:00:00.000+00:00 |
| wid-sec-w-2025-2077 | Linux Kernel: Mehrere Schwachstellen | 2025-09-16T22:00:00.000+00:00 | 2025-12-22T23:00:00.000+00:00 |
| ID | Description | Published | Updated |
|---|---|---|---|
| ssa-501891 | SSA-501891: Cross-Site Scripting Vulnerability in SCALANCE X-200 and X-200IRT Families | 2022-10-11T00:00:00Z | 2022-11-08T00:00:00Z |
| ssa-568427 | SSA-568427: Weak Key Protection Vulnerability in SIMATIC S7-1200 and S7-1500 CPU Families | 2022-10-11T00:00:00Z | 2022-10-11T00:00:00Z |
| ssa-572005 | SSA-572005: Vulnerabilities in the Web Server of SICAM P850 and SICAM P855 Devices | 2022-10-11T00:00:00Z | 2023-06-13T00:00:00Z |
| ssa-697140 | SSA-697140: Denial of Service Vulnerability in the TCP Event Service of SCALANCE and RUGGEDCOM Products | 2022-10-11T00:00:00Z | 2025-02-11T00:00:00Z |
| ssa-935500 | SSA-935500: Denial of Service Vulnerability in FTP Server of Nucleus RTOS based APOGEE, TALON and Desigo PXC/PXM Products | 2022-10-11T00:00:00Z | 2025-05-13T00:00:00Z |
| ssa-640732 | SSA-640732: Authentication Bypass Vulnerability in Siveillance Video Mobile Server | 2022-10-21T00:00:00Z | 2022-10-21T00:00:00Z |
| ssa-120378 | SSA-120378: Multiple File Parsing Vulnerabilities in Teamcenter Visualization and JT2Go | 2022-11-08T00:00:00Z | 2023-06-13T00:00:00Z |
| ssa-371761 | SSA-371761: Arbitrary Code Execution Vulnerability in the Logback Component of SINEC NMS before V1.0.3 | 2022-11-08T00:00:00Z | 2022-11-08T00:00:00Z |
| ssa-478960 | SSA-478960: Missing CSRF Protection in the Web Server Login Page of Industrial Controllers | 2022-11-08T00:00:00Z | 2023-09-12T00:00:00Z |
| ssa-587547 | SSA-587547: Unencrypted Storage of User Credentials in QMS Automotive | 2022-11-08T00:00:00Z | 2023-09-12T00:00:00Z |
| ssa-853037 | SSA-853037: File Parsing Vulnerabilities in Parasolid | 2022-11-08T00:00:00Z | 2022-11-08T00:00:00Z |
| ssa-180579 | SSA-180579: Privilege Management Vulnerability and Multiple Nucleus RTOS Vulnerabilities in APOGEE/TALON Field Panels before V3.5.5/V2.8.20 | 2022-12-13T00:00:00Z | 2023-08-08T00:00:00Z |
| ssa-223771 | SSA-223771: SISCO Stack Vulnerability in SIPROTEC 5 Devices | 2022-12-13T00:00:00Z | 2023-08-08T00:00:00Z |
| ssa-224632 | SSA-224632: Improper Access Control Vulnerability in Mendix Email Connector Module | 2022-12-13T00:00:00Z | 2022-12-13T00:00:00Z |
| ssa-274282 | SSA-274282: Cross Site Scripting Vulnerability in PLM Help Server V4.2 | 2022-12-13T00:00:00Z | 2022-12-13T00:00:00Z |
| ssa-333517 | SSA-333517: Multiple Vulnerabilities in SCALANCE SC-600 Family before V3.0 | 2022-12-13T00:00:00Z | 2022-12-13T00:00:00Z |
| ssa-360681 | SSA-360681: Datalogics File Parsing Vulnerabilities in Teamcenter Visualization and JT2Go | 2022-12-13T00:00:00Z | 2022-12-13T00:00:00Z |
| ssa-363821 | SSA-363821: Multiple Vulnerabilities in SCALANCE X-200RNA Switch Devices before V3.2.7 | 2022-12-13T00:00:00Z | 2022-12-13T00:00:00Z |
| ssa-408105 | SSA-408105: Buffer Overflow Vulnerabilities in OpenSSL 3.0 Affecting Siemens Products | 2022-12-13T00:00:00Z | 2025-12-09T00:00:00Z |
| ssa-412672 | SSA-412672: Multiple OpenSSL and OpenSSH Vulnerabilities in SCALANCE X-200RNA Switch Devices before V3.2.7 | 2022-12-13T00:00:00Z | 2022-12-13T00:00:00Z |
| ssa-413565 | SSA-413565: Multiple Vulnerabilities in SCALANCE Products | 2022-12-13T00:00:00Z | 2025-01-14T00:00:00Z |
| ssa-436469 | SSA-436469: TCP Vulnerability in APOGEE/TALON Field Panels | 2022-12-13T00:00:00Z | 2022-12-13T00:00:00Z |
| ssa-547714 | SSA-547714: Argument Injection Vulnerability in SIMATIC WinCC OA Ultralight Client | 2022-12-13T00:00:00Z | 2023-01-10T00:00:00Z |
| ssa-552874 | SSA-552874: Denial of Service Vulnerability in SIPROTEC 5 Devices | 2022-12-13T00:00:00Z | 2025-11-11T00:00:00Z |
| ssa-700053 | SSA-700053: Multiple File Parsing Vulnerabilities in Teamcenter Visualization and JT2Go | 2022-12-13T00:00:00Z | 2023-04-11T00:00:00Z |
| ssa-792594 | SSA-792594: Host Header Injection Vulnerability in Polarion ALM | 2022-12-13T00:00:00Z | 2023-04-11T00:00:00Z |
| ssa-930100 | SSA-930100: Privilege Escalation Vulnerability in Simcenter STAR-CCM+ | 2022-12-13T00:00:00Z | 2023-07-11T00:00:00Z |
| ssa-482757 | SSA-482757: Missing Immutable Root of Trust in S7-1500 CPU devices | 2023-01-10T00:00:00Z | 2025-01-14T00:00:00Z |
| ssa-997779 | SSA-997779: File Parsing Vulnerability in Solid Edge before V2023 MP1 | 2023-01-10T00:00:00Z | 2023-01-10T00:00:00Z |
| ssa-450613 | SSA-450613: Insyde BIOS Vulnerabilities in RUGGEDCOM APE1808 Product Family | 2023-02-14T00:00:00Z | 2023-09-12T00:00:00Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| rhsa-2003:146 | Red Hat Security Advisory: kdebase security update | 2003-05-22T16:50:00+00:00 | 2025-11-21T17:25:59+00:00 |
| rhsa-2003:081 | Red Hat Security Advisory: zlib security update | 2003-05-22T17:13:00+00:00 | 2025-11-21T17:25:43+00:00 |
| rhsa-2003:161 | Red Hat Security Advisory: xinetd security update | 2003-05-22T17:29:00+00:00 | 2025-11-21T17:26:03+00:00 |
| rhsa-2003:150 | Red Hat Security Advisory: LPRng security update | 2003-05-22T17:32:00+00:00 | 2025-11-21T17:25:59+00:00 |
| rhsa-2003:180 | Red Hat Security Advisory: sharutils security update | 2003-05-23T14:48:00+00:00 | 2025-11-21T17:26:06+00:00 |
| rhsa-2003:145 | Red Hat Security Advisory: Updated kernel fixes security vulnerabilities and updates drivers | 2003-05-27T18:52:00+00:00 | 2025-11-21T17:26:02+00:00 |
| rhsa-2003:187 | Red Hat Security Advisory: : Updated 2.4 kernel fixes vulnerabilities and driver bugs | 2003-06-03T10:40:00+00:00 | 2025-11-21T17:26:07+00:00 |
| rhsa-2003:047 | Red Hat Security Advisory: : Updated kon2 packages fix buffer overflow | 2003-06-03T13:17:00+00:00 | 2025-11-21T17:25:33+00:00 |
| rhsa-2003:192 | Red Hat Security Advisory: : Updated KDE packages fix security issue | 2003-06-05T08:59:00+00:00 | 2025-11-21T17:26:08+00:00 |
| rhsa-2003:070 | Red Hat Security Advisory: : : : Updated hanterm packages provide security fixes | 2003-06-06T07:45:00+00:00 | 2025-11-21T17:25:40+00:00 |
| rhsa-2003:151 | Red Hat Security Advisory: tcpdump security update | 2003-06-09T13:44:00+00:00 | 2025-11-21T17:25:59+00:00 |
| rhsa-2003:050 | Red Hat Security Advisory: kon2 security update | 2003-06-09T13:46:00+00:00 | 2025-11-21T17:25:34+00:00 |
| rhsa-2003:167 | Red Hat Security Advisory: lv security update | 2003-06-13T13:39:00+00:00 | 2025-11-21T17:26:05+00:00 |
| rhsa-2003:193 | Red Hat Security Advisory: kdelibs security update | 2003-06-17T19:38:00+00:00 | 2025-11-21T17:26:08+00:00 |
| rhsa-2003:182 | Red Hat Security Advisory: ghostscript security update | 2003-06-17T19:47:00+00:00 | 2025-11-21T17:26:08+00:00 |
| rhsa-2003:083 | Red Hat Security Advisory: apache security update for Stronghold | 2003-06-18T10:49:00+00:00 | 2025-11-21T17:25:44+00:00 |
| rhsa-2003:197 | Red Hat Security Advisory: xpdf security update | 2003-06-18T17:27:00+00:00 | 2025-11-21T17:26:09+00:00 |
| rhsa-2003:196 | Red Hat Security Advisory: : Updated Xpdf packages fix security vulnerability. | 2003-06-18T17:32:00+00:00 | 2025-11-21T17:26:08+00:00 |
| rhsa-2003:154 | Red Hat Security Advisory: : : : Updated bind packages fix buffer overflow in resolver library | 2003-06-18T22:19:00+00:00 | 2025-11-21T17:26:01+00:00 |
| rhsa-2003:195 | Red Hat Security Advisory: kernel security update | 2003-06-19T13:55:00+00:00 | 2025-11-21T17:26:08+00:00 |
| rhsa-2003:026 | Red Hat Security Advisory: : Updated Netscape packages are now available | 2003-06-20T18:32:00+00:00 | 2025-11-21T17:25:26+00:00 |
| rhsa-2003:176 | Red Hat Security Advisory: gnupg security update | 2003-06-23T12:24:00+00:00 | 2025-11-21T17:26:06+00:00 |
| rhsa-2003:205 | Red Hat Security Advisory: : : : Updated OpenSSL packages fix vulnerabilities | 2003-06-23T17:37:00+00:00 | 2025-11-21T17:26:11+00:00 |
| rhsa-2003:156 | Red Hat Security Advisory: : : : Updated gaim client fixes vulnerabilities | 2003-06-23T22:10:00+00:00 | 2025-11-21T17:26:01+00:00 |
| rhsa-2003:209 | Red Hat Security Advisory: : : : updated ghostscript packages fix vulnerabilities | 2003-06-24T22:24:00+00:00 | 2025-11-21T17:26:12+00:00 |
| rhsa-2003:065 | Red Hat Security Advisory: XFree86 security update | 2003-06-25T12:23:00+00:00 | 2025-11-21T17:25:38+00:00 |
| rhsa-2003:173 | Red Hat Security Advisory: : Updated ypserv packages fix a denial of service vulnerability | 2003-06-25T12:32:00+00:00 | 2025-11-21T17:26:05+00:00 |
| rhsa-2003:067 | Red Hat Security Advisory: : Updated XFree86 packages provide security and bug fixes | 2003-06-25T12:49:00+00:00 | 2025-11-21T17:25:40+00:00 |
| rhsa-2003:201 | Red Hat Security Advisory: ypserv security update | 2003-06-25T15:45:00+00:00 | 2025-11-21T17:26:10+00:00 |
| rhsa-2003:064 | Red Hat Security Advisory: : Updated XFree86 4.1.0 packages are available | 2003-06-25T15:51:00+00:00 | 2025-11-21T17:25:38+00:00 |
| ID | Description | Published | Updated |
|---|---|---|---|
| msrc_cve-2017-12613 | When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an apr_time_exp_t value, potentially revealing the contents of a different static heap value or resulting in program termination, and may represent an information disclosure or denial of service vulnerability to applications which call these APR functions with unvalidated external input. | 2017-10-02T00:00:00.000Z | 2025-10-01T23:10:55.000Z |
| msrc_cve-2017-15042 | An unintended cleartext issue exists in Go before 1.8.4 and 1.9.x before 1.9.1. RFC 4954 requires that, during SMTP, the PLAIN auth scheme must only be used on network connections secured with TLS. The original implementation of smtp.PlainAuth in Go 1.0 enforced this requirement, and it was documented to do so. In 2013, upstream issue #5184, this was changed so that the server may decide whether PLAIN is acceptable. The result is that if you set up a man-in-the-middle SMTP server that doesn't advertise STARTTLS and does advertise that PLAIN auth is OK, the smtp.PlainAuth implementation sends the username and password. | 2017-10-02T00:00:00.000Z | 2025-09-03T22:44:27.000Z |
| msrc_cve-2017-15370 | There is a heap-based buffer overflow in the ImaExpandS function of ima_rw.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file. | 2017-10-02T00:00:00.000Z | 2024-09-11T00:00:00.000Z |
| msrc_cve-2017-15371 | There is a reachable assertion abort in the function sox_append_comment() in formats.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file. | 2017-10-02T00:00:00.000Z | 2024-09-11T00:00:00.000Z |
| msrc_cve-2017-1000232 | A double-free vulnerability in str2host.c in ldns 1.7.0 have unspecified impact and attack vectors. | 2017-11-02T00:00:00.000Z | 2022-08-04T00:00:00.000Z |
| msrc_cve-2017-14176 | Bazaar through 2.7.0, when Subprocess SSH is used, allows remote attackers to execute arbitrary commands | 2017-11-02T00:00:00.000Z | 2025-10-01T23:10:55.000Z |
| msrc_cve-2017-14992 | Lack of content verification in Docker-CE (Also known as Moby) versions 1.12.6-0 1.10.3 17.03.0 17.03.1 17.03.2 17.06.0 17.06.1 17.06.2 17.09.0 and earlier allows a remote attacker to cause a Denial of Service via a crafted image layer payload aka gzip bombing. | 2017-11-02T00:00:00.000Z | 2021-07-16T00:00:00.000Z |
| msrc_cve-2017-15275 | Samba before 4.7.3 might allow remote attackers to obtain sensitive information by leveraging failure of the server to clear allocated heap memory. | 2017-11-02T00:00:00.000Z | 2024-10-15T00:00:00.000Z |
| msrc_cve-2017-16754 | Bolt before 3.3.6 does not properly restrict access to _profiler routes | 2017-11-02T00:00:00.000Z | 2025-10-01T23:10:55.000Z |
| msrc_cve-2017-16844 | Heap-based buffer overflow in the loadbuf function in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted e-mail message because of a hardcoded realloc size a different vulnerability than CVE-2014-3618. | 2017-11-02T00:00:00.000Z | 2024-06-30T07:00:00.000Z |
| msrc_cve-2017-11697 | The __hash_open function in hash.c:229 in Mozilla Network Security Services (NSS) allows context-dependent attackers to cause a denial of service (floating point exception and crash) via a crafted cert8.db file. | 2017-12-02T00:00:00.000Z | 2025-09-03T22:48:37.000Z |
| msrc_cve-2017-17522 | Lib/webbrowser.py in Python through 3.6.3 does not validate strings before launching the program specified by the BROWSER environment variable which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that exploitation is impossible because the code relies on subprocess.Popen and the default shell=False setting | 2017-12-02T00:00:00.000Z | 2025-05-27T00:00:00.000Z |
| msrc_cve-2012-6708 | jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions jQuery only deems the input to be HTML if it explicitly starts with the '<' character limiting exploitability only to attackers who can control the beginning of a string which is far less common. | 2018-01-02T00:00:00.000Z | 2025-05-27T00:00:00.000Z |
| msrc_cve-2015-9251 | jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option causing text/javascript responses to be executed. | 2018-01-02T00:00:00.000Z | 2025-05-27T00:00:00.000Z |
| msrc_cve-2017-17969 | Heap-based buffer overflow in the NCompress::NShrink::CDecoder::CodeReal method in 7-Zip before 18.00 and p7zip allows remote attackers to cause a denial of service (out-of-bounds write) or potentially execute arbitrary code via a crafted ZIP archive. | 2018-01-02T00:00:00.000Z | 2024-06-30T07:00:00.000Z |
| msrc_cve-2018-5996 | Insufficient exception handling in the method NCompress::NRar3::CDecoder::Code of 7-Zip before 18.00 and p7zip can lead to multiple memory corruptions within the PPMd code allows remote attackers to cause a denial of service (segmentation fault) or execute arbitrary code via a crafted RAR archive. | 2018-01-02T00:00:00.000Z | 2024-06-30T07:00:00.000Z |
| msrc_cve-2004-2779 | id3_utf16_deserialize() in utf16.c in libid3tag through 0.15.1b misparses ID3v2 tags encoded in UTF-16 with an odd number of bytes, triggering an endless loop allocating memory until an OOM condition is reached, leading to denial-of-service (DoS). | 2018-02-02T00:00:00.000Z | 2025-03-14T00:00:00.000Z |
| msrc_cve-2014-5282 | Docker before 1.3 does not properly validate image IDs which allows remote attackers to redirect to another image through the loading of untrusted images via 'docker load'. | 2018-02-02T00:00:00.000Z | 2021-07-16T00:00:00.000Z |
| msrc_cve-2018-1000026 | Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line. This attack appear to be exploitable via An attacker on a must pass a very large, specially crafted packet to the bnx2x card. This can be done from an untrusted guest VM.. | 2018-02-02T00:00:00.000Z | 2021-12-16T00:00:00.000Z |
| msrc_cve-2018-1000035 | A heap-based buffer overflow exists in Info-Zip UnZip version <= 6.00 in the processing of password-protected archives that allows an attacker to perform a denial of service or to possibly achieve code execution. | 2018-02-02T00:00:00.000Z | 2024-06-30T07:00:00.000Z |
| msrc_cve-2018-6951 | An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault associated with a NULL pointer dereference leading to a denial of service in the intuit_diff_type function in pch.c aka a "mangled rename" issue. | 2018-02-02T00:00:00.000Z | 2024-06-30T07:00:00.000Z |
| msrc_cve-2018-6952 | A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6. | 2018-02-02T00:00:00.000Z | 2024-06-30T07:00:00.000Z |
| msrc_cve-2018-7263 | The mad_decoder_run() function in decoder.c in Underbit libmad through 0.15.1b allows remote attackers to cause a denial of service | 2018-02-02T00:00:00.000Z | 2025-03-14T00:00:00.000Z |
| msrc_cve-2017-18207 | The Wave_read._read_fmt_chunk function in Lib/wave.py in Python through 3.6.4 does not ensure a nonzero channel value which allows attackers to cause a denial of service (divide-by-zero and exception) via a crafted wav format audio file. NOTE: the vendor disputes this issue because Python applications "need to be prepared to handle a wide variety of exceptions. | 2018-03-02T00:00:00.000Z | 2025-05-27T00:00:00.000Z |
| msrc_cve-2017-18214 | The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string a different vulnerability than CVE-2016-4055. | 2018-03-02T00:00:00.000Z | 2024-09-11T00:00:00.000Z |
| msrc_cve-2018-1000097 | Sharutils sharutils (unshar command) version 4.15.2 contains a Buffer Overflow vulnerability in Affected component on the file unshar.c at line 75, function looks_like_c_code. Failure to perform checking of the buffer containing input line. that can result in Could lead to code execution. This attack appear to be exploitable via Victim have to run unshar command on a specially crafted file.. | 2018-03-02T00:00:00.000Z | 2024-06-30T07:00:00.000Z |
| msrc_cve-2018-1000110 | An improper authorization vulnerability exists in Jenkins Git Plugin version 3.7.0 and earlier in GitStatus.java that allows an attacker with network access to obtain a list of nodes and users. | 2018-03-02T00:00:00.000Z | 2020-09-25T00:00:00.000Z |
| msrc_cve-2018-1050 | All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. Missing input sanitization checks on some of the input parameters to spoolss RPC calls could cause the print spooler service to crash. | 2018-03-02T00:00:00.000Z | 2022-01-19T00:00:00.000Z |
| msrc_cve-2018-1057 | On a Samba 4 AD DC the LDAP server in all versions of Samba from 4.0.0 onwards incorrectly validates permissions to modify passwords over LDAP allowing authenticated users to change any other users' passwords including administrative users and privileged service accounts (eg Domain Controllers). | 2018-03-02T00:00:00.000Z | 2022-01-19T00:00:00.000Z |
| msrc_cve-2018-9057 | aws/resource_aws_iam_user_login_profile.go in the HashiCorp Terraform Amazon Web Services (AWS) provider through v1.12.0 has an inappropriate PRNG algorithm and seeding which makes it easier for remote attackers to obtain access by leveraging an IAM account that was provisioned with a weak password. | 2018-03-02T00:00:00.000Z | 2022-04-02T00:00:00.000Z |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| jvndb-2007-000260 | Shihonkanri Plus Ver2 GOOUT directory traversal vulnerability | 2008-05-21T00:00+09:00 | 2008-05-21T00:00+09:00 |
| jvndb-2007-000290 | InfoBarrier4 self-decrypted file vulnerability | 2008-05-21T00:00+09:00 | 2008-05-21T00:00+09:00 |
| jvndb-2007-000295 | APOP password recovery vulnerability | 2008-05-21T00:00+09:00 | 2009-08-06T11:39+09:00 |
| jvndb-2007-000297 | Apache Tomcat Accept-Language Header Cross-Site Scripting Vulnerability | 2008-05-21T00:00+09:00 | 2008-07-11T13:47+09:00 |
| jvndb-2007-000301 | Canon Network Camera Server VB100 Series vulnerable to cross-site scripting | 2008-05-21T00:00+09:00 | 2008-05-21T00:00+09:00 |
| jvndb-2007-000322 | Lunascape RSS reader arbitrary script execution vulnerability | 2008-05-21T00:00+09:00 | 2008-05-21T00:00+09:00 |
| jvndb-2007-000329 | Java Web Start vulnerable to execution of unauthorized system classes | 2008-05-21T00:00+09:00 | 2008-06-06T16:22+09:00 |
| jvndb-2007-000395 | Homepage Builder sample CGI programs vulnerable to OS command injection | 2008-05-21T00:00+09:00 | 2008-05-21T00:00+09:00 |
| jvndb-2007-000400 | Advance-Flow cross-site scripting vulnerability | 2008-05-21T00:00+09:00 | 2008-05-21T00:00+09:00 |
| jvndb-2007-000420 | HP System Management Homepage cross-site scripting vulnerability | 2008-05-21T00:00+09:00 | 2008-05-21T00:00+09:00 |
| jvndb-2007-000429 | Meneame cross-site scripting vulnerability | 2008-05-21T00:00+09:00 | 2008-05-21T00:00+09:00 |
| jvndb-2007-000434 | ADPLAN cross-site scripting vulnerability | 2008-05-21T00:00+09:00 | 2008-05-21T00:00+09:00 |
| jvndb-2007-000446 | Internet Explorer vulnerable in MHTML handling | 2008-05-21T00:00+09:00 | 2008-05-21T00:00+09:00 |
| jvndb-2007-000447 | Internet Explorer vulnerable in handling MHTML protocol | 2008-05-21T00:00+09:00 | 2008-05-21T00:00+09:00 |
| jvndb-2007-000454 | dotProject cross-site scripting vulnerability | 2008-05-21T00:00+09:00 | 2008-05-21T00:00+09:00 |
| jvndb-2007-000456 | Apache Tomcat sample web application cross-site scripting vulnerability | 2008-05-21T00:00+09:00 | 2008-07-11T13:48+09:00 |
| jvndb-2007-000457 | Apache Tomcat cross-site scripting vulnerability | 2008-05-21T00:00+09:00 | 2008-07-11T13:48+09:00 |
| jvndb-2007-000471 | RaidenHTTPD cross-site scripting vulnerability | 2008-05-21T00:00+09:00 | 2008-05-21T00:00+09:00 |
| jvndb-2007-000476 | Hiki arbitrary file deletion vulnerability | 2008-05-21T00:00+09:00 | 2008-05-21T00:00+09:00 |
| jvndb-2007-000486 | rktSNS cross-site scripting vulnerability | 2008-05-21T00:00+09:00 | 2008-05-21T00:00+09:00 |
| jvndb-2007-000487 | sHTTPd cross-site scripting vulnerability | 2008-05-21T00:00+09:00 | 2008-05-21T00:00+09:00 |
| jvndb-2007-000491 | Lhaca LHZ Archive Extended Header Size Processing Buffer Overflow Vulnerability | 2008-05-21T00:00+09:00 | 2008-05-21T00:00+09:00 |
| jvndb-2007-000494 | KDDI sample CGI download program directory traversal vulnerability | 2008-05-21T00:00+09:00 | 2008-05-21T00:00+09:00 |
| jvndb-2007-000507 | Flash Player allows to send arbitrary Referer headers | 2008-05-21T00:00+09:00 | 2008-05-21T00:00+09:00 |
| jvndb-2007-000548 | Nessus report function vulnerable to arbitrary script execution | 2008-05-21T00:00+09:00 | 2008-05-21T00:00+09:00 |
| jvndb-2007-000551 | Aruba Mobility Controller Series cross-site scripting vulnerability | 2008-05-21T00:00+09:00 | 2008-05-21T00:00+09:00 |
| jvndb-2007-000559 | Yayoi Kaikei improper handling of credential information | 2008-05-21T00:00+09:00 | 2008-05-21T00:00+09:00 |
| jvndb-2007-000560 | Safari URL spoofing vulnerability | 2008-05-21T00:00+09:00 | 2008-05-21T00:00+09:00 |
| jvndb-2007-000572 | WebCart cross-site scripting vulnerability | 2008-05-21T00:00+09:00 | 2008-05-21T00:00+09:00 |
| jvndb-2007-000598 | Apache Tomcat Host Manager cross-site scripting vulnerability | 2008-05-21T00:00+09:00 | 2008-05-21T00:00+09:00 |
| ID | Description | Updated |
|---|