Skip to main content

2840 docs tagged with "HIGH_Vulnerabilities"

View all tags

CVE-1999-0197

finger 0@host on some systems may print information on some user accounts.

CVE-1999-0198

finger .@host on some systems may print information on some user accounts.

CVE-1999-0601

A network intrusion detection system (IDS) does not properly handle data within TCP handshake packet

CVE-1999-0602

A network intrusion detection system (IDS) does not properly reassemble fragmented packets.

CVE-1999-0603

In Windows NT, an inappropriate user is a member of a group, e.g. Administrator, Backup Operators, D

CVE-1999-0611

A system-critical Windows NT registry key has an inappropriate value.

CVE-1999-0744

Buffer overflow in Netscape Enterprise Server and FastTrask Server allows remote attackers to gain p

CVE-1999-0876

Buffer overflow in Internet Explorer 4.0 via EMBED tag.

CVE-1999-0894

Red Hat Linux screen program does not use Unix98 ptys, allowing local users to write to other termin

CVE-1999-0964

Buffer overflow in FreeBSD setlocale in the libc module allows attackers to execute arbitrary code v

CVE-2000-0044

Macros in War FTP 1.70 and 1.67b2 allow local or remote attackers to read arbitrary files or execute

CVE-2000-0046

Buffer overflow in ICQ 99b 1.1.1.1 client allows remote attackers to execute commands via a malforme

CVE-2000-0048

get_it program in Corel Linux Update allows local users to gain root access by specifying an alterna

CVE-2000-0049

Buffer overflow in Winamp client allows remote attackers to execute commands via a long entry in a .

CVE-2000-0052

Red Hat userhelper program in the usermode package allows local users to gain root access via PAM an

CVE-2000-0053

Microsoft Commercial Internet System (MCIS) IMAP server allows remote attackers to cause a denial of

CVE-2000-0055

Buffer overflow in Solaris chkperm command allows local users to gain root access via a long -n opti

CVE-2000-0057

Cold Fusion CFCACHE tag places temporary cache files within the web document root, allowing remote a

CVE-2000-0059

PHP3 with safe_mode enabled does not properly filter shell metacharacters from commands that are exe

CVE-2000-0061

Internet Explorer 5 does not modify the security zone for a document that is being loaded into a win

CVE-2000-0062

The DTML implementation in the Z Object Publishing Environment (Zope) allows remote attackers to con

CVE-2000-0070

NtImpersonateClientOfPort local procedure call in Windows NT 4.0 allows local users to gain privileg

CVE-2000-0074

PowerScripts PlusMail CGI program allows remote attackers to execute commands via a password file wi

CVE-2000-0077

The October 1998 version of the HP-UX aserver program allows local users to gain privileges by speci

CVE-2000-0078

The June 1999 version of the HP-UX aserver program allows local users to gain privileges by specifyi

CVE-2000-0081

Hotmail does not properly filter JavaScript code from a user's mailbox, which allows a remote attack

CVE-2000-0085

Hotmail does not properly filter JavaScript code from a user's mailbox, which allows a remote attack

CVE-2000-0120

The Remote Access Service invoke.cfm template in Allaire Spectra 1.0 allows users to bypass authenti

CVE-2000-1089

Buffer overflow in Microsoft Phone Book Service allows local users to execute arbitrary commands, ak

CVE-2000-1093

Buffer overflow in AOL Instant Messenger before 4.3.2229 allows remote attackers to execute arbitrar

CVE-2000-1094

Buffer overflow in AOL Instant Messenger (AIM) before 4.3.2229 allows remote attackers to execute ar

CVE-2000-1095

modprobe in the modutils 2.3.x package on Linux systems allows a local user to execute arbitrary com

CVE-2000-1100

The default configuration for PostACI webmail system installs the /includes/global.inc configuration

CVE-2000-1103

rcvtty in BSD 3.0 and 4.0 does not properly drop privileges before executing a script, which allows

CVE-2000-1104

Variant of the 'IIS Cross-Site Scripting' vulnerability as originally discussed in MS:MS00-060 (CVE-

CVE-2000-1113

Buffer overflow in Microsoft Windows Media Player allows remote attackers to execute arbitrary comma

CVE-2000-1115

Buffer overflow in remote web administration component (webprox.dll) of 602Pro LAN SUITE before 2000

CVE-2000-1116

Buffer overflow in TransSoft Broker FTP Server before 4.3.0.1 allows remote attackers to cause a den

CVE-2000-1118

24Link 1.06 web server allows remote attackers to bypass access restrictions by prepending strings s

CVE-2000-1120

Buffer overflow in digest command in IBM AIX 4.3.x and earlier allows local users to execute arbitra

CVE-2000-1121

Buffer overflow in enq command in IBM AIX 4.3.x and earlier may allow local users to execute arbitra

CVE-2000-1122

Buffer overflow in setclock command in IBM AIX 4.3.x and earlier may allow local users to execute ar

CVE-2000-1123

Buffer overflow in pioout command in IBM AIX 4.3.x and earlier may allow local users to execute arbi

CVE-2000-1124

Buffer overflow in piobe command in IBM AIX 4.3.x allows local users to gain privileges via long env

CVE-2000-1125

restore 0.4b15 and earlier in Red Hat Linux 6.2 trusts the pathname specified by the RSH environment

CVE-2000-1126

Vulnerability in auto_parms and set_parms in HP-UX 11.00 and earlier allows remote attackers to exec

CVE-2000-1130

McAfee WebShield SMTP 4.5 allows remote attackers to bypass email content filtering rules by includi

CVE-2000-1131

Bill Kendrick web site guestbook (GBook) allows remote attackers to execute arbitrary commands via s

CVE-2000-1134

Multiple shell programs on various Unix systems, including (1) tcsh, (2) csh, (3) sh, and (4) bash,

CVE-2000-1138

Lotus Notes R5 client R5.0.5 and earlier does not properly warn users when an S/MIME email message h

CVE-2000-1139

The installation of Microsoft Exchange 2000 before Rev. A creates a user account with a known passwo

CVE-2000-1149

Buffer overflow in RegAPI.DLL used by Windows NT 4.0 Terminal Server allows remote attackers to exec

CVE-2000-1157

Buffer overflow in NAI Sniffer Agent allows remote attackers to execute arbitrary commands via a lon

CVE-2000-1158

NAI Sniffer Agent uses base64 encoding for authentication, which allows attackers to sniff the netwo

CVE-2000-1159

NAI Sniffer Agent allows remote attackers to gain privileges on the agent by sniffing the initial UD

CVE-2000-1161

The installation of AdCycle banner management system leaves the build.cgi program in a web-accessibl

CVE-2000-1164

WinVNC installs the WinVNC3 registry key with permissions that give Special Access (read and modify)

CVE-2000-1166

Twig webmail system does not properly set the 'vhosts' variable if it is not configured on the site,

CVE-2000-1167

ppp utility in FreeBSD 4.1.1 and earlier does not properly restrict access as specified by the 'nat

CVE-2000-1168

IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and pos

CVE-2000-1169

OpenSSH SSH client before 2.3.0 does not properly disable X11 or agent forwarding, which could allow

CVE-2000-1170

Buffer overflow in Netsnap webcam HTTP server before 1.2.9 allows remote attackers to execute arbitr

CVE-2000-1172

Buffer overflow in Gaim 0.10.3 and earlier using the OSCAR protocol allows remote attackers to condu

CVE-2000-1174

Multiple buffer overflows in AFS ACL parser for Ethereal 0.8.13 and earlier allows remote attackers

CVE-2000-1175

Buffer overflow in Koules 1.4 allows local users to execute arbitrary commands via a long command li

CVE-2000-1176

Directory traversal vulnerability in YaBB search.pl CGI script allows remote attackers to read arbit

CVE-2000-1183

Buffer overflow in socks5 server on Linux allows attackers to execute arbitrary commands via a long

CVE-2000-1186

Buffer overflow in phf CGI program allows remote attackers to execute arbitrary commands by specifyi

CVE-2000-1187

Buffer overflow in the HTML parser for Netscape 4.75 and earlier allows remote attackers to execute

CVE-2000-1189

Buffer overflow in pam_localuser PAM module in Red Hat Linux 7.x and 6.x allows attackers to gain pr

CVE-2000-1220

The line printer daemon (lpd) in the lpr package in multiple Linux operating systems allows local us

CVE-2000-1221

The line printer daemon (lpd) in the lpr package in multiple Linux operating systems authenticates b

CVE-2001-0162

WinCE 3.0.9348 generates predictable TCP Initial Sequence Numbers (ISNs), which allows remote attack

CVE-2001-1044

Basilix Webmail 0.9.7beta, and possibly other versions, stores *.class and *.inc files under the doc

CVE-2001-1464

Crystal Reports, when displaying data for a password protected database using HTML pages, embeds the

CVE-2002-0626

Polycom ViewStation before 7.2.4 has a default null password for the administrator account, which al

CVE-2002-0627

The Web server for Polycom ViewStation before 7.2.4 allows remote attackers to bypass authentication

CVE-2002-0628

The Telnet service for Polycom ViewStation before 7.2.4 does not restrict the number of failed login

CVE-2002-1378

Multiple buffer overflows in OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allow remote attackers to exec

CVE-2002-1379

OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allows remote or local attackers to execute arbitrary code

CVE-2002-1384

Integer overflow in pdftops, as used in Xpdf 2.01 and earlier, xpdf-i, and CUPS before 1.1.18, allow

CVE-2002-1594

Buffer overflow in (1) grpck and (2) pwck, if installed setuid on a system as recommended in some AI

CVE-2003-0061

Buffer overflow in passwd for HP UX B.10.20 allows local users to execute arbitrary commands with ro

CVE-2003-0963

Buffer overflows in (1) try_netscape_proxy and (2) try_squid_eplf for lftp 2.6.9 and earlier allow r

CVE-2003-0977

CVS server before 1.11.10 may allow attackers to cause the CVS server to create directories and file

CVE-2003-0978

Format string vulnerability in gpgkeys_hkp (experimental HKP interface) for the GnuPG (gpg) client 1

CVE-2003-0982

Buffer overflow in the authentication module for Cisco ACNS 4.x before 4.2.11, and 5.x before 5.0.5,

CVE-2003-0983

Cisco Unity on IBM servers is shipped with default settings that should have been disabled by the ma

CVE-2003-0995

Buffer overflow in the Microsoft Message Queue Manager (MSQM) allows remote attackers to cause a den

CVE-2003-0999

Unknown multiple vulnerabilities in (1) lpstat and (2) the libprint library in Solaris 2.6 through 9

CVE-2003-1000

xchat 2.0.6 allows remote attackers to cause a denial of service (crash) via a passive DCC request w

CVE-2003-1003

Cisco PIX firewall 5.x.x, and 6.3.1 and earlier, allows remote attackers to cause a denial of servic

CVE-2003-1013

The Q.931 dissector in Ethereal before 0.10.0, and Tethereal, allows remote attackers to cause a den

CVE-2004-0139

Unknown vulnerability in the bsd.a kernel networking for SGI IRIX 6.5.22 through 6.5.25, and possibl

CVE-2004-0568

HyperTerminal application for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does

CVE-2004-0571

Microsoft Word for Windows 6.0 Converter does not properly validate certain data lengths, which allo

CVE-2004-0893

The Local Procedure Call (LPC) interface of the Windows Kernel for Windows NT 4.0, Windows 2000, Win

CVE-2004-0894

LSASS (Local Security Authority Subsystem Service) of Windows 2000 Server and Windows Server 2003 do

CVE-2004-0897

The Indexing Service for Microsoft Windows XP and Server 2003 does not properly validate the length

CVE-2004-0900

The DHCP Server service for Microsoft Windows NT 4.0 Server and Terminal Server Edition does not pro

CVE-2004-0901

Microsoft Word for Windows 6.0 Converter (MSWRD632.WPC), as used in WordPad, does not properly valid

CVE-2004-0914

Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, inc

CVE-2004-0946

rquotad in nfs-utils (rquota_server.c) before 1.0.6-r6 on 64-bit architectures does not properly per

CVE-2004-0953

Buffer overflow in the C2S module in the open source Jabber 2.x server (Jabberd) allows remote attac

CVE-2004-0987

Buffer overflow in the process_menu function in yardradius 1.0.20 allows remote attackers to execute

CVE-2004-0991

Buffer overflow in mpg123 before 0.59s-r9 allows remote attackers to execute arbitrary code via fram

CVE-2004-0993

Buffer overflow in hpsockd before 0.6 allows remote attackers to cause a denial of service (applicat

CVE-2004-0994

Multiple integer overflows in xzgv 0.8 and earlier allow remote attackers to execute arbitrary code

CVE-2004-1008

Integer signedness error in the ssh2_rdpkt function in PuTTY before 0.56 allows remote attackers to

CVE-2004-1011

Stack-based buffer overflow in Cyrus IMAP Server 2.2.4 through 2.2.8, with the imapmagicplus option

CVE-2004-1012

The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6 and earlier allows remote auth

CVE-2004-1013

The argument parser of the FETCH command in Cyrus IMAP Server 2.2.x through 2.2.8 allows remote auth

CVE-2004-1015

Buffer overflow in proxyd for Cyrus IMAP Server 2.2.9 and earlier, with the imapmagicplus option ena

CVE-2004-1018

Multiple integer handling errors in PHP before 4.3.10 allow attackers to bypass safe mode restrictio

CVE-2004-1019

The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to cau

CVE-2004-1025

Multiple heap-based buffer overflows in imlib 1.9.14 and earlier, which is used by gkrellm and sever

CVE-2004-1026

Multiple integer overflows in the image handler for imlib 1.9.14 and earlier, which is used by gkrel

CVE-2004-1028

Untrusted execution path vulnerability in chcod on AIX IBM 5.1.0, 5.2.0, and 5.3.0 allows local user

CVE-2004-1054

Untrusted execution path vulnerability in invscout in IBM AIX 5.1.0, 5.2.0, and 5.3.0 allows local u

CVE-2004-1063

PHP 4.x to 4.3.9, and PHP 5.x to 5.0.2, when running in safe mode on a multithreaded Unix webserver,

CVE-2004-1064

The safe mode checks in PHP 4.x to 4.3.9 and PHP 5.x to 5.0.2 truncate the file path before passing

CVE-2004-1065

Buffer overflow in the exif_read_data function in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows r

CVE-2004-1067

Off-by-one error in the mysasl_canon_user function in Cyrus IMAP Server 2.2.9 and earlier leads to a

CVE-2004-1070

The load_elf_binary function in the binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4

CVE-2004-1071

The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does

CVE-2004-1072

The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, may

CVE-2004-1076

Multiple buffer overflows in the RtConfigLoad function in rt-config.c for Atari800 before 1.3.4 allo

CVE-2004-1079

Buffer overflow in (1) ncplogin and (2) ncpmap in nwclient.c for ncpfs 2.2.4, and possibly other ver

CVE-2004-1080

The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, Windows 2000 Server, and Windows Ser

CVE-2004-1094

Buffer overflow in InnerMedia DynaZip DUNZIP32.dll file version 5.00.03 and earlier allows remote at

CVE-2004-1095

Multiple integer overflows in (1) readbmp.c, (2) readgif.c, (3) readgif.c, (4) readmrf.c, (5) readpc

CVE-2004-1096

Archive::Zip Perl module before 1.14, when used by antivirus programs such as amavisd-new, allows re

CVE-2004-1097

Format string vulnerability in the cherokee_logger_ncsa_write_string function in Cherokee 0.4.17 and

CVE-2004-1098

MIMEDefang in MIME-tools 5.414 allows remote attackers to bypass virus scanning capabilities via an

CVE-2004-1099

Cisco Secure Access Control Server for Windows (ACS Windows) and Cisco Secure Access Control Server

CVE-2004-1113

SQL injection vulnerability in SQLgrey Postfix greylisting service before 1.2.0 allows remote attack

CVE-2004-1114

Buffer overflow in the handling of command line arguments in Skype 1.0.x.94 through 1.0.x.98 allows

CVE-2004-1115

The init scripts in Search for Extraterrestrial Intelligence (SETI) project 3.08-r3 and earlier exec

CVE-2004-1116

The init scripts in Great Internet Mersenne Prime Search (GIMPS) 23.9 and earlier execute user-owned

CVE-2004-1117

The init scripts in ChessBrain 20407 and earlier execute user-owned programs with root privileges, w

CVE-2004-1118

Buffer overflow in the WodFtpDLX.ocx (WeOnlyDo!) ActiveX component before 2.3.2.97, as used by Coffe

CVE-2004-1119

Stack-based buffer overflow in IN_CDDA.dll in Winamp 5.05, and possibly other versions including 5.0

CVE-2004-1120

Multiple buffer overflows in (1) http.c, (2) http-retr.c, (3) main.c and other code that handles net

CVE-2004-1122

Safari 1.x to 1.2.4, and possibly other versions, allows inactive windows to launch dialog boxes, wh

CVE-2004-1125

Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3.00, and other products that share

CVE-2004-1127

Buffer overflow in Open Dc Hub 0.7.14 allows remote attackers, with administrator privileges, to exe

CVE-2004-1128

Buffer overflow in CMailCOM.dll in CMailServer 5.2 allows remote attackers to execute arbitrary code

CVE-2004-1129

SQL injection vulnerability in (1) fdelmail.asp, (2) addressc.asp, and possibly (3) postmail.asp and

CVE-2004-1134

Buffer overflow in the Microsoft W3Who ISAPI (w3who.dll) allows remote attackers to cause a denial o

CVE-2004-1137

Multiple vulnerabilities in the IGMP functionality for Linux kernel 2.4.22 to 2.4.28, and 2.6.x to 2

CVE-2004-1138

VIM before 6.3 and gVim before 6.3 allow local users to execute arbitrary commands via a file contai

CVE-2004-1147

phpMyAdmin 2.6.0-pl2, and other versions before 2.6.1, with external transformations enabled, allows

CVE-2004-1149

Computer Associates eTrust EZ Antivirus 7.0.0 to 7.0.4, including 7.0.1.4, installs its files with i

CVE-2004-1151

Multiple buffer overflows in the (1) sys32_ni_syscall and (2) sys32_vm86_warning functions in sys_ia

CVE-2004-1152

Buffer overflow in the mailListIsPdf function in Adobe Acrobat Reader 5.09 for Unix allows remote at

CVE-2004-1153

Format string vulnerability in Adobe Acrobat Reader 6.0.0 through 6.0.2 allows remote attackers to c

CVE-2004-1154

Integer overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x through 3.0.9 allows remote authe

CVE-2004-1157

Opera 7.x up to 7.54, and possibly other versions, allows remote attackers to spoof arbitrary web si

CVE-2004-1158

Konqueror 3.x up to 3.2.2-6, and possibly other versions, allows remote attackers to spoof arbitrary

CVE-2004-1160

Netscape 7.x to 7.2, and possibly other versions, allows remote attackers to spoof arbitrary web sit

CVE-2004-1161

rssh 2.2.2 and earlier does not properly restrict programs that can be run, which could allow remote

CVE-2004-1162

The unison command in scponly before 4.0 does not properly restrict programs that can be run, which

CVE-2004-1165

Konqueror 3.3.1 allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that con

CVE-2004-1168

Stack-based buffer overflow in the WebDav handler in MaxDB WebTools 7.5.00.18 and earlier allows rem

CVE-2004-1170

a2ps 4.13 allows remote attackers to execute arbitrary commands via shell metacharacters in the file

CVE-2004-1172

Stack-based buffer overflow in the Agent Browser in Veritas Backup Exec 8.x before 8.60.3878 Hotfix

CVE-2004-1187

Heap-based buffer overflow in the pnm_get_chunk function for xine 0.99.2, and other packages such as

CVE-2004-1188

The pnm_get_chunk function in xine 0.99.2 and earlier, and other packages such as MPlayer that use t

CVE-2004-1192

Format string vulnerability in the lprintf function in Citadel/UX 6.27 and earlier allows remote att

CVE-2004-1208

Buffer overflow in Orbz 2.10 and earlier allows remote attackers to cause a denial of service (appli

CVE-2004-1211

Multiple buffer overflows in the IMAP service in Mercury/32 4.01a allow remote authenticated users t

CVE-2004-1214

Format string vulnerability in Kreed 1.05 and earlier allows remote attackers to execute arbitrary c

CVE-2004-1222

weblibs.pl in WebLibs 1.0 allows remote attackers to execute arbitrary commands via shell metacharac

CVE-2004-1225

SQL injection vulnerability in SugarCRM Sugar Sales before 2.0.1a allows remote attackers to execute

CVE-2004-1227

Directory traversal vulnerability in SugarCRM Sugar Sales 2.0.1c and earlier allows remote attackers

CVE-2004-1229

Cross-site scripting vulnerability in the parser for Gadu-Gadu allows remote attackers to inject arb

CVE-2004-1232

Stack-based buffer overflow in the code that sends images in Gadu-Gadu allows remote attackers to ex

CVE-2004-1254

WinRAR 3.40, and possibly earlier versions, allows remote attackers to execute arbitrary code via a

CVE-2004-1255

Buffer overflow in the expandtabs function in 2fax 3.04 allows remote attackers to execute arbitrary

CVE-2004-1256

Multiple buffer overflows in the (1) event_text and (2) event_specific functions in abc2midi 2004.12

CVE-2004-1257

Buffer overflow in the process_abc function in abc.c for abc2mtex 1.6.1 allows remote attackers to e

CVE-2004-1258

Buffer overflow in the put_words function in subs.c for abcm2ps 3.7.20 allows remote attackers to ex

CVE-2004-1259

Multiple buffer overflows in the handle_directive function in abcpp.c for abcpp 1.3.0 allow remote a

CVE-2004-1260

Multiple buffer overflows in the (1) write_heading function in subs.cpp or (2) trim_title function i

CVE-2004-1261

Multiple buffer overflows in the preparse function in asp2php 0.76.23 allow remote attackers to exec

CVE-2004-1262

Buffer overflow in the bsb_open_header function in libbsb for bsb2ppm 0.0.6 allows remote attackers

CVE-2004-1263

changepassword.cgi in ChangePassword 0.8, when installed setuid, allows local users to execute arbit

CVE-2004-1264

Buffer overflow in the simplify_path function in config.c for ChBg 1.5 allows remote attackers to ex

CVE-2004-1265

Buffer overflow in the readObjectChunk function in 3dsimp.cpp for the convex-tool program in Convex

CVE-2004-1266

Buffer overflow in the get_field_headers function in csv2xml.cpp for csv2xml 0.5.1 allows remote att

CVE-2004-1271

Buffer overflow in the dxfin function in d.c for dxfscope 0.2 allows remote attackers to execute arb

CVE-2004-1272

Buffer overflow in the save_embedded_address function in filter.c for elm/bolthole filter 2.6.1 allo

CVE-2004-1273

Buffer overflow in the DownloadLoop function in main.c for greed 0.81p allows remote attackers to ex

CVE-2004-1274

The DownloadLoop function in main.c for greed 0.81p allows remote attackers to execute arbitrary cod

CVE-2004-1275

Buffer overflow in the remove_quote function in convert.c for html2hdml 1.0.3 allows remote attacker

CVE-2004-1278

Buffer overflow in the switch_voice function in parse.c for jcabc2ps 20040902 allows remote attacker

CVE-2004-1279

Buffer overflow in the get_file_list_stdin function in jpegtoavi 1.5 allows remote attackers to exec

CVE-2004-1280

The gui_popup_view_fly function in gui_tview_popup.c for junkie 0.3.1 allows remote malicious FTP se

CVE-2004-1282

Buffer overflow in the strexpand function in string.c for LinPopUp 1.2.0 allows remote attackers to

CVE-2004-1283

Buffer overflow in the Mesh::type method in mesh.c for the mview program in Mesh Viewer 0.2.2 allows

CVE-2004-1284

Buffer overflow in the find_next_file function in playlist.c for mpg123 0.59r allows remote attacker

CVE-2004-1285

Buffer overflow in the get_header function in asf_mmst_streaming.c for MPlayer 1.0pre5 allows remote

CVE-2004-1286

Buffer overflow in the auto_filter_extern function in auto.c for NapShare 1.2, with the extern filte

CVE-2004-1287

Buffer overflow in the error function in preproc.c for NASM 0.98.38 1.2 allows attackers to execute

CVE-2004-1288

Buffer overflow in the parse_html function in o3read.c for o3read 0.0.3 allows remote attackers to e

CVE-2004-1289

Multiple buffer overflows in (1) the getline function in pcalutil.c and (2) the get_holiday function

CVE-2004-1290

Buffer overflow in the process_moves function in pgn2web.c for pgn2web 0.3 allows remote attackers t

CVE-2004-1291

Buffer overflow in qwik-smtpd allows remote attackers to use the server as an SMTP spam relay via a

CVE-2004-1292

Buffer overflow in the parse_emelody function in parse_emelody.c for ringtonetools 2.22 allows remot

CVE-2004-1293

Buffer overflow in the ReadFontTbl function in reader.c for rtf2latex2e 1.0fc2 allows remote attacke

CVE-2004-1297

Buffer overflow in the process_font_table function in convert.c for unrtf 0.19.3 allows remote attac

CVE-2004-1298

Buffer overflow in the parse function in vb2c.c for vb2c 0.02 allows remote attackers to execute arb

CVE-2004-1299

Buffer overflow in the get_attr function in html.c for vilistextum 2.6.6 allows remote attackers to

CVE-2004-1300

Buffer overflow in the open_aiff_file function in demux_aiff.c for xine-lib (libxine) 1-rc7 allows r

CVE-2004-1301

Buffer overflow in the book_format_sql function in format.c for xlreader 0.9.0 allows remote attacke

CVE-2004-1302

The id3tag_sort function in id3tag.c for YAMT 0.5 allows remote attackers to execute arbitrary comma

CVE-2004-1303

Buffer overflow in the get function in get.c for Yanf 0.4 allows remote malicious web servers to exe

CVE-2004-1304

Stack-based buffer overflow in the ELF header parsing code in file before 4.12 allows attackers to e

CVE-2004-1308

Integer overflow in (1) tif_dirread.c and (2) tif_fax3.c for libtiff 3.5.7 and 3.7.0 allows remote a

CVE-2004-1309

Heap-based buffer overflow in the demux_open_bmp function in demux_bmp.c for Unix MPlayer 1.0pre5 al

CVE-2004-1310

Stack-based buffer overflow in the asf_mmst_streaming.c functionality for MPlayer 1.0pre5 allows rem

CVE-2004-1311

Integer overflow in the real_setup_and_get_header function in real.c for Unix MPlayer 1.0pre5 allows

CVE-2004-1312

A bug in the HTML parser in a certain Microsoft HTML library, as used in various third party product

CVE-2004-1313

The Smc.exe process in My Firewall Plus 5.0 build 1117, and possibly other versions, does not drop p

CVE-2004-1314

Safari 1.x allows remote attackers to spoof arbitrary web sites by injecting content from one window

CVE-2004-1784

Buffer overflow in the web server of Webcam Watchdog 3.63 allows remote attackers to execute arbitra

CVE-2004-1785

SQL injection vulnerability in calendar.php for Invision Power Board 1.3 allows remote attackers to

CVE-2005-0268

Direct code injection vulnerability in FlatNuke 2.5.1 allows remote attackers to execute arbitrary P

CVE-2005-0271

Multiple SQL injection vulnerabilities in ReviewPost PHP Pro before 2.84 allow remote attackers to e

CVE-2005-0280

Format string vulnerability in Soldner Secret Wars 30830 and earlier allows remote attackers to caus

CVE-2005-0284

SQL injection vulnerability in addentry.php in Woltlab Burning Book 1.0 Gold, 1.1.1e, and possibly o

CVE-2005-0376

PHP remote file inclusion vulnerability in SGallery 1.01 allows local and possibly remote attackers

CVE-2006-0002

Unspecified vulnerability in Microsoft Outlook 2000 through 2003, Exchange 5.0 Server SP2 and 5.5 SP

CVE-2006-0010

Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server

CVE-2006-0020

An unspecified Microsoft WMF parsing application, as used in Internet Explorer 5.01 SP4 on Windows 2

CVE-2006-0064

PHP remote file include vulnerability in includes/orderSuccess.inc.php in CubeCart allows remote att

CVE-2006-0065

SQL injection vulnerability in (1) functions.php, (2) functions_update.php, and (3) functions_displa

CVE-2006-0066

SQL injection vulnerability in index.php in PHPjournaler 1.0 allows remote attackers to execute arbi

CVE-2006-0067

SQL injection vulnerability in login.php in VEGO Links Builder 2.00 and earlier allows remote attack

CVE-2006-0068

SQL injection vulnerability in Primo Cart 1.0 and earlier allows remote attackers to execute arbitra

CVE-2006-0072

Buffer overflow in termsh on SCO OpenServer 5.0.7 allows remote attackers to execute arbitrary code

CVE-2006-0074

SQL injection vulnerability in profile.php in PHPenpals allows remote attackers to execute arbitrary

CVE-2006-0075

Direct static code injection vulnerability in phpBook 1.3.2 and earlier allows remote attackers to e

CVE-2006-0076

PHP remote file include vulnerability in forum.php in oaBoard 1.0 allows remote attackers to execute

CVE-2006-0079

SQL injection vulnerability in auth.php in ScozNet ScozBook BETA 1.1 allows remote attackers to exec

CVE-2006-0081

ialmnt5.sys in the ialmrnt5 display driver in Intel Graphics Accelerator Driver 6.14.10.4308 allows

CVE-2006-0085

SQL injection vulnerability in Nkads 1.0 alfa 3 allows remote attackers to execute arbitrary SQL com

CVE-2006-0087

SQL injection vulnerability in (1) pages.php and (2) detail.php in Lizard Cart CMS 1.04 allows remot

CVE-2006-0088

SQL injection vulnerability in intouch.lib.php in inTouch 0.5.1 Alpha allows remote attackers to exe

CVE-2006-0094

PHP remote file include vulnerability in forum.php in oaBoard 1.0 allows remote attackers to execute

CVE-2006-0096

wan/sdla.c in Linux kernel 2.6.x before 2.6.11 and 2.4.x before 2.4.29 does not require the CAP_SYS_

CVE-2006-0097

Stack-based buffer overflow in the create_named_pipe function in libmysql.c in PHP 4.3.10 and 4.4.x

CVE-2006-0099

PHP remote file include vulnerability in (1) include/templates/categories/default.php and (2) certai

CVE-2006-0106

gdi/driver.c and gdi/printdrv.c in Wine 20050930, and other versions, implement the SETABORTPROC GDI

CVE-2006-0107

SQL injection vulnerability in Timecan CMS allows remote attackers to execute arbitrary SQL commands

CVE-2006-0108

SQL injection vulnerability in mcl_login.asp in Timecan CMS allows remote attackers to execute arbit

CVE-2006-0115

Multiple SQL injection vulnerabilities in OnePlug Solutions OnePlug CMS allow remote attackers to ex

CVE-2006-0119

Multiple unspecified vulnerabilities in IBM Lotus Notes and Domino Server before 6.5.5 have unknown

CVE-2006-0121

Multiple memory leaks in IBM Lotus Notes and Domino Server before 6.5.5 allow attackers to cause a d

CVE-2006-0123

Multiple SQL injection vulnerabilities in ADN Forum 1.0b allow remote attackers to execute arbitrary

CVE-2006-0128

Buffer overflow in the IMAP service of Rockliffe MailSite before 6.1.22.1 allows remote attackers to

CVE-2006-0130

Mail Management Agent (MAILMA) (aka Mail Management Server) in Rockliffe MailSite 7.0.3.1 and earlie

CVE-2006-0135

SQL injection vulnerability in login.php in TheWebForum (twf) 1.2.1 allows remote attackers to execu

CVE-2006-0137

SQL injection vulnerability in linkcategory.php in Phanatic Softwares Chimera Web Portal System 0.2

CVE-2006-0143

Microsoft Windows Graphics Rendering Engine (GRE) allows remote attackers to corrupt memory and caus

CVE-2006-0144

The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote at

CVE-2006-0146

The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1)

CVE-2006-0147

Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70,

CVE-2006-0150

Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.

CVE-2006-0151

sudo 1.6.8 and other versions does not clear the PYTHONINSPECT environment variable, which allows li

CVE-2006-0153

427BB 2.2 and 2.2.1 verifies authentication credentials based on the username, authenticated, and us

CVE-2006-0154

SQL injection vulnerability in showthread.php in 427BB 2.2 and 2.2.1 allows remote attackers to exec

CVE-2006-0158

SQL injection vulnerability in index.php in CyberDoc SiteSuite CMS allows remote attackers to execut

CVE-2006-0159

SQL injection vulnerability in escribir.php in Foro Domus 2.10 allows remote attackers to execute ar

CVE-2006-0160

SQL injection vulnerability in add_post.php3 in Venom Board 1.22 allows remote attackers to execute

CVE-2006-0162

Heap-based buffer overflow in libclamav/upx.c in Clam Antivirus (ClamAV) before 0.88 allows remote a

CVE-2006-0163

SQL injection vulnerability in the search module (modules/Search/index.php) of PHPNuke EV 7.7 -R1 al

CVE-2006-0164

phgstats.inc.php in phgstats before 0.5.1, if register_globals is enabled, allows remote attackers t

CVE-2006-0166

Symantec Norton SystemWorks and SystemWorks Premier 2005 and 2006 stores temporary copies of files i

CVE-2006-0167

SQL injection vulnerability in MyPhPim 01.05 allows remote attackers to execute arbitrary SQL comman

CVE-2006-0169

addresses.php3 in MyPhPim 01.05 does not restrict uploaded files, which allows remote attackers to e

CVE-2006-0171

PHP remote file include vulnerability in index.php in OrjinWeb E-commerce allows remote attackers to

CVE-2006-0176

Buffer overflow in certain functions in src/fileio.c and src/unix/fileio.c in xmame before 11 Januar

CVE-2006-0177

Multiple buffer overflows in Cray UNICOS 9.0.2.2 might allow local users to gain privileges by (1) i

CVE-2006-0178

Format string vulnerability in /bin/ftp in UNICOS 9.0.2.2 allows local users to have an unknown impa

CVE-2006-0181

Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.1.3 has an undocumented a

CVE-2006-0182

login.php in ACal Calendar Project 2.2.5 allows remote attackers to bypass authentication by setting

CVE-2006-0184

Multiple SQL injection vulnerabilities in AspTopSites allow remote attackers to execute arbitrary SQ

CVE-2006-6918

Unspecified vulnerability in the Admin login for Georgian discussion board (GeoBB) before 1.0 has un

CVE-2006-6922

SQL injection vulnerability in Deadlock User Management System (phpdeadlock) 0.64 and earlier allows

CVE-2006-6923

SQL injection vulnerability in newsletters/edition.php in bitweaver 1.3.1 and earlier allows remote

CVE-2006-6926

Buffer overflow in eXtremail 2.1 has unknown impact and attack vectors, as demonstrated by VulnDisco

CVE-2006-6927

Multiple SQL injection vulnerabilities in Rialto 1.6 allow remote attackers to execute arbitrary SQL

CVE-2006-6930

SQL injection vulnerability in viewad.asp in Rapid Classified 3.1 allows remote attackers to execute

CVE-2006-7236

The default configuration of xterm on Debian GNU/Linux sid and possibly Ubuntu enables the allowWind

CVE-2007-0016

Stack-based buffer overflow in MoviePlay 4.76 allows remote attackers to execute arbitrary code via

CVE-2007-0024

Integer overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet

CVE-2007-0027

Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows remote attackers

CVE-2007-0028

Microsoft Excel 2000, 2002, 2003, Viewer 2003, Office 2004 for Mac, and Office v.X for Mac does not

CVE-2007-0029

Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted rem

CVE-2007-0030

Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted rem

CVE-2007-0031

Heap-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X fo

CVE-2007-0033

Microsoft Outlook 2002 and 2003 allows user-assisted remote attackers to execute arbitrary code via

CVE-2007-0034

Buffer overflow in the Advanced Search (Finder.exe) feature of Microsoft Outlook 2000, 2002, and 200

CVE-2007-0046

Double free vulnerability in the Adobe Acrobat Reader Plugin before 8.0.0, as used in Mozilla Firefo

CVE-2007-0049

Geckovich TaskTracker Pro 1.5 and earlier allows remote attackers to add administrative or other acc

CVE-2007-0050

PHP remote file inclusion vulnerability in index.php in OpenPinboard 2.0 allows remote attackers to

CVE-2007-0052

SQL injection vulnerability in haberdetay.asp in Vizayn Haber allows remote attackers to execute arb

CVE-2007-0053

SQL injection vulnerability in detail.asp in ASP SiteWare autoDealer 2.0 and earlier allows remote a

CVE-2007-0057

Cisco Clean Access (CCA) 3.6.x through 3.6.4.2 and 4.0.x through 4.0.3.2 does not properly configure

CVE-2007-0058

Cisco Clean Access (CCA) 3.5.x through 3.5.9 and 3.6.x through 3.6.1.1 on the Clean Access Manager (

CVE-2007-0066

The kernel in Microsoft Windows 2000 SP4, XP SP2, and Server 2003, when ICMP Router Discovery Protoc

CVE-2007-0069

Unspecified vulnerability in the kernel in Microsoft Windows XP SP2, Server 2003, and Vista allows r

CVE-2007-0075

AspBB stores sensitive information under the web root with insufficient access control, which allows

CVE-2007-0076

Openforum stores sensitive information under the web root with insufficient access control, which al

CVE-2007-0079

rblog stores sensitive information under the web root with insufficient access control, which allows

CVE-2007-0086

The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remo

CVE-2007-0087

Microsoft Internet Information Services (IIS), when accessed through a TCP connection with a large w

CVE-2007-0089

jgbbs stores sensitive information under the web root with insufficient access control, which allows

CVE-2007-0090

WineGlass stores sensitive information under the web root with insufficient access control, which al

CVE-2007-0091

newsCMSlite stores sensitive information under the web root with insufficient access control, which

CVE-2007-0092

SQL injection vulnerability in productdetail.asp in E-SMARTCART 1.0 allows remote attackers to execu

CVE-2007-0093

SQL injection vulnerability in page.php in Simple Web Content Management System allows remote attack

CVE-2007-0094

Sven Moderow GuestBook 0.3a stores sensitive information under the web root with insufficient access

CVE-2007-0096

CarbonCommunities stores sensitive information under the web root with insufficient access control,

CVE-2007-0097

Multiple stack-based buffer overflows in the (1) LoadTree and (2) ReadHeader functions in PAISO.DLL

CVE-2007-0099

Race condition in the msxml3 module in Microsoft XML Core Services 3.0, as used in Internet Explorer

CVE-2007-0100

The Perforce client does not restrict the set of files that it overwrites upon receiving a request f

CVE-2007-0105

Stack-based buffer overflow in the CSAdmin service in Cisco Secure Access Control Server (ACS) for W

CVE-2007-0112

SQL injection vulnerability in cats.asp in createauction allows remote attackers to execute arbitrar

CVE-2007-0116

Digger Solutions Intranet Open Source (IOS) stores sensitive information under the web root with ins

CVE-2007-0117

DiskManagementTool in the DiskManagement.framework 92.29 on Mac OS X 10.4.8 does not properly valida

CVE-2007-0126

Heap-based buffer overflow in Opera 9.02 allows remote attackers to execute arbitrary code via a JPE

CVE-2007-0127

The Javascript SVG support in Opera before 9.10 does not properly validate object types in a createS

CVE-2007-0128

SQL injection vulnerability in info_book.asp in Digirez 3.4 and earlier allows remote attackers to e

CVE-2007-0129

SQL injection vulnerability in main.asp in LocazoList 2.01a beta5 and earlier allows remote attacker

CVE-2007-0130

SQL injection vulnerability in user.php in iGeneric iG Calendar 1.0 allows remote attackers to execu

CVE-2007-0131

JAMWiki before 0.5.0 does not properly check permissions during moves of 'read-only or admin-only to

CVE-2007-0132

SQL injection vulnerability in compare_product.php in iGeneric iG Shop 1.4 allows remote attackers t

CVE-2007-0133

Multiple SQL injection vulnerabilities in display_review.php in iGeneric iG Shop 1.4 and earlier all

CVE-2007-0134

Multiple eval injection vulnerabilities in iGeneric iG Shop 1.0 allow remote attackers to execute ar

CVE-2007-0139

Unspecified vulnerability in the DECnet-Plus 7.3-2 feature in DECnet/OSI 7.3-2 for OpenVMS ALPHA, an

CVE-2007-0140

SQL injection vulnerability in down.asp in Kolayindir Download (Yenionline) allows remote attackers

CVE-2007-0142

SQL injection vulnerability in orange.asp in ShopStoreNow E-commerce Shopping Cart allows remote att

CVE-2007-0145

PHP remote file inclusion vulnerability in bn_smrep1.php in BinGoPHP News (BP News) 3.01 allows remo

CVE-2007-0149

EMembersPro 1.0 stores sensitive information under the web root with insufficient access control, wh

CVE-2007-0150

Multiple PHP remote file inclusion vulnerabilities in index.php in Dayfox Blog allow remote attacker

CVE-2007-0151

MitiSoft stores sensitive information under the web root with insufficient access control, which all

CVE-2007-0152

OhhASP stores sensitive information under the web root with insufficient access control, which allow

CVE-2007-0153

AJLogin 3.5 stores sensitive information under the web root with insufficient access control, which

CVE-2007-0154

Webulas stores sensitive information under the web root with insufficient access control, which allo

CVE-2007-0155

HarikaOnline 2.0 stores sensitive information under the web root with insufficient access control, w

CVE-2007-0156

M-Core stores the database under the web document root, which allows remote attackers to obtain sens

CVE-2007-0157

Array index error in the uri_lookup function in the URI parser for neon 0.26.0 to 0.26.2, possibly o

CVE-2007-0160

Stack-based buffer overflow in the LiveJournal support (hooks/ljhook.cc) in CenterICQ 4.9.11 through

CVE-2007-0163

SecureKit Steganography 1.7.1 and 1.8 embeds password information in the carrier file, which allows

CVE-2007-0164

Camouflage 1.2.1 embeds password information in the carrier file, which allows remote attackers to b

CVE-2007-0165

Unspecified vulnerability in libnsl in Sun Solaris 8 and 9 allows remote attackers to cause a denial

CVE-2007-0167

Multiple PHP file inclusion vulnerabilities in WGS-PPC (aka PPC Search Engine), as distributed with

CVE-2007-0168

The Tape Engine service in Computer Associates (CA) BrightStor ARCserve Backup 9.01 through 11.5, En

CVE-2007-0169

Multiple buffer overflows in Computer Associates (CA) BrightStor ARCserve Backup 9.01 through 11.5,

CVE-2007-0170

PHP remote file inclusion vulnerability in index.php in AllMyVisitors 0.4.0 allows remote attackers

CVE-2007-0171

PHP remote file inclusion vulnerability in index.php in AllMyLinks 0.5.0 and earlier allows remote a

CVE-2007-0172

Multiple PHP remote file inclusion vulnerabilities in AllMyGuests 0.3.0 and earlier allow remote att

CVE-2007-0174

Multiple stack-based multiple buffer overflows in the BRWOSSRE2UC.dll ActiveX Control in Sina UC2006

CVE-2007-0178

PHP remote file inclusion vulnerability in info.php in Easy Banner Pro 2.8 allows remote attackers t

CVE-2007-0179

SQL injection vulnerability in comment.php in PHPKIT 1.6.1 R2 allows remote attackers to execute arb

CVE-2007-0180

Stack-based buffer overflow in EF Commander 5.75 allows user-assisted attackers to execute arbitrary

CVE-2007-0181

PHP remote file inclusion vulnerability in include/common_function.php in magic photo storage websit

CVE-2007-0182

Multiple PHP remote file inclusion vulnerabilities in magic photo storage website allow remote attac

CVE-2007-0184

Getahead Direct Web Remoting (DWR) before 1.1.4 allows attackers to obtain unauthorized access to pu

CVE-2007-0187

F5 FirePass 5.4 through 5.5.2 and 6.0 allows remote attackers to access restricted URLs via (1) a tr

CVE-2007-0189

PHP remote file inclusion vulnerability in index.php in GeoBB Georgian Bulletin Board allows remote

CVE-2007-0190

PHP remote file inclusion vulnerability in edit_address.php in edit-x ecommerce allows remote attack

CVE-2007-0192

Cross-site request forgery (CSRF) vulnerability in the save_main operation in the ad_perms section i

CVE-2007-0193

FON La Fonera routers do not properly limit DNS service access by unauthenticated clients, which all

CVE-2007-0194

admin.php in MKPortal M1.1 RC1 allows remote attackers to obtain sensitive information via a direct

CVE-2007-0196

SQL injection vulnerability in admin_check_user.asp in Motionborg Web Real Estate 2.1 and earlier al

CVE-2007-0200

PHP remote file inclusion vulnerability in template.php in Geoffrey Golliher Axiom Photo/News Galler

CVE-2007-0201

Buffer overflow in the cmd_usr function in ftp-gw in TIS Internet Firewall Toolkit (FWTK) allows rem

CVE-2007-0202

SQL injection vulnerability in index.php in @lex Guestbook 4.0.2 and earlier, when magic_quotes_gpc

CVE-2007-0203

Multiple unspecified vulnerabilities in phpMyAdmin before 2.9.2-rc1 have unknown impact and attack v

CVE-2007-0205

Directory traversal vulnerability in admin/skins.php for @lex Guestbook 4.0.2 and earlier allows rem

CVE-2007-0223

SQL injection vulnerability in shared/code/cp_functions_downloads.php in Nicola Asuni All In One Con

CVE-2007-0224

SQL injection vulnerability in shopgiftregsearch.asp in VP-ASP Shopping Cart 6.09 and earlier allows

CVE-2007-0226

SQL injection vulnerability in wbsearch.aspx in uniForum 4 and earlier allows remote attackers to ex

CVE-2007-0229

Integer overflow in the ffs_mountfs function in Mac OS X 10.4.8 and FreeBSD 6.1 allows local users t

CVE-2007-0230

PHP remote file inclusion vulnerability in install.php in CS-Cart 1.3.3 allows remote attackers to e

CVE-2007-0232

PHP remote file inclusion vulnerability in routines/fieldValidation.php in Jshop Server 1.3 allows r

CVE-2007-0233

wp-trackback.php in WordPress 2.0.6 and earlier does not properly unset variables when the input dat

CVE-2007-10001

A vulnerability classified as problematic has been found in web-cyradm. This affects an unknown part

CVE-2007-5352

Unspecified vulnerability in Local Security Authority Subsystem Service (LSASS) in Microsoft Windows

CVE-2007-5360

Buffer overflow in OpenPegasus Management server, when compiled to use PAM and with PEGASUS_USE_PAM_

CVE-2007-5616

ssh-signer in SSH Tectia Client and Server 5.x before 5.2.4, and 5.3.x before 5.3.6, on Unix and Lin

CVE-2007-5665

STEngine.exe 3.5.0.20 in Novell ZENworks Endpoint Security Management (ESM) 3.5, and other ESM versi

CVE-2007-5761

The NantSys device 5.0.0.115 in Motorola netOctopus 5.1.2 build 1011 has weak permissions for the \\

CVE-2007-5762

NICM.SYS driver 3.0.0.4, as used in Novell NetWare Client 4.91 SP4, allows local users to execute ar

CVE-2007-6250

Stack-based buffer overflow in AOL AOLMediaPlaybackControl (AOLMediaPlaybackControl.exe), as used by

CVE-2007-6423

Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when

CVE-2007-6532

Double free vulnerability in the Widget Library (libxfcegui4) in Xfce before 4.4.2 might allow remot

CVE-2007-6601

The DBLink module in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7

CVE-2007-6610

unp 1.0.12, and other versions before 1.0.14, does not properly escape file names, which might allow

CVE-2007-6619

The Setup Wizard in Atlassian JIRA Enterprise Edition before 3.12.1 does not properly restrict setup

CVE-2007-6622

SQL injection vulnerability in security.php in ZeusCMS 0.3 and earlier allows remote attackers to ex

CVE-2007-6626

Multiple buffer overflows in the RTSP_valid_response_msg function in RTSP_state_machine.c in LScube

CVE-2007-6627

Integer overflow in the RTSP_remove_msg function in RTSP_lowlevel.c in LScube Feng 0.1.15 and earlie

CVE-2007-6631

Multiple buffer overflows in LScube libnemesi 0.6.4-rc1 and earlier allow remote attackers to execut

CVE-2007-6638

March Networks DVR 3204 stores sensitive information under the web root with insufficient access con

CVE-2007-6639

SQL injection vulnerability in index.php in IPTBB 0.5.4 and earlier allows remote attackers to execu

CVE-2007-6645

Unspecified vulnerability in Joomla! before 1.5 RC4 allows remote authenticated users to gain privil

CVE-2007-6647

SQL injection vulnerability in index.php in w-Agora 4.2.1 and earlier allows remote attackers to exe

CVE-2007-6649

PHP remote file inclusion vulnerability in includes/tumbnail.php in MatPo Bilder Galerie 1.1 allows

CVE-2007-6650

Unrestricted file upload vulnerability in fisheye/upload.php in Bitweaver R2 CMS allows remote attac

CVE-2007-6652

cpie.php in XCMS 1.83 and earlier sends a redirect to the web browser but does not exit, which allow

CVE-2007-6654

Buffer overflow in a certain ActiveX control in Macrovision InstallShield Update Service Web Agent 5

CVE-2007-6655

PHP remote file inclusion vulnerability in includes/function.php in Kontakt Formular 1.4 allows remo

CVE-2007-6656

SQL injection vulnerability in content_css.php in the TinyMCE module for CMS Made Simple 1.2.2 and e

CVE-2007-6657

PHP remote file inclusion vulnerability in source/includes/load_forum.php in Mihalism Multi Forum Ho

CVE-2007-6658

SQL injection vulnerability in admin.php/vars.php in CustomCMS (CCMS) 3.1 Demo allows remote attacke

CVE-2007-6663

SQL injection vulnerability in (1) Puarcade.php and (2) PUarcade.html.php in Pragmatic Utopia PU Arc

CVE-2007-6664

SQL injection vulnerability in index.php in WebPortal CMS 0.6.0 and earlier allows remote attackers

CVE-2007-6665

SQL injection vulnerability in admin/login.asp in Netchemia oneSCHOOL allows remote attackers to exe

CVE-2007-6666

SQL injection vulnerability in rss.php in Zenphoto 1.1 through 1.1.3 allows remote attackers to exec

CVE-2007-6668

admin/uploadgames.php in MySpace Content Zone (MCZ) 3.x does not require administrative privileges,

CVE-2007-6670

SQL injection vulnerability in search.php in PHCDownload 1.1.0 allows remote attackers to execute ar

CVE-2007-6671

SQL injection vulnerability in login_form.asp in Instant Softwares Dating Site allows remote attacke

CVE-2007-6679

Unspecified vulnerability in the Administrative Console in IBM WebSphere Application Server 6.1 befo

CVE-2008-0003

Stack-based buffer overflow in the PAMBasicAuthenticator::PAMCallback function in OpenPegasus CIM ma

CVE-2008-0067

Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7

CVE-2008-0089

SQL injection vulnerability in uprofile.php in ClipShare allows remote attackers to execute arbitrar

CVE-2008-0096

Multiple buffer overflows in Georgia SoftWorks SSH2 Server (GSW_SSHD) 7.01.0003 and earlier allow re

CVE-2008-0097

Format string vulnerability in the log function in Georgia SoftWorks SSH2 Server (GSW_SSHD) 7.01.000

CVE-2008-0098

Buffer overflow in RealPlayer 11 build 6.0.14.748 allows remote attackers to execute arbitrary code

CVE-2008-0100

Stack-based buffer overflow in the Scene::errorf function in Scene.cpp in White_Dune 0.29 beta791 an

CVE-2008-0101

Format string vulnerability in the swDebugf function in DuneApp.cpp in White_Dune 0.29 beta791 and e

CVE-2008-0127

The administration interface in McAfee E-Business Server 8.5.2 and earlier allows remote attackers t

CVE-2008-0130

SQL injection vulnerability in login_form.asp in Instant Softwares Dating Site allows remote attacke

CVE-2008-0133

Multiple SQL injection vulnerabilities in Tribisur 2.1 and earlier allow remote attackers to execute

CVE-2008-0137

PHP remote file inclusion vulnerability in config.inc.php in SNETWORKS PHP CLASSIFIEDS 5.0 allows re

CVE-2008-0141

actions.php in WebPortal CMS 0.6-beta generates predictable passwords containing only the time of da

CVE-2008-0143

PHP remote file inclusion vulnerability in common/db.php in samPHPweb, possibly 4.2.2 and others, as

CVE-2008-0144

PHP remote file inclusion vulnerability in index.php in NetRisk 1.9.7 and earlier allows remote atta

CVE-2008-0145

Unspecified vulnerability in glob in PHP before 4.4.8, when open_basedir is enabled, has unknown imp

CVE-2008-0148

TUTOS 1.3 does not restrict access to php/admin/cmd.php, which allows remote attackers to execute ar

CVE-2008-0151

Heap-based buffer overflow in Foxit WAC Server 2.1.0.910, 2.0 Build 3503, and earlier allows remote

CVE-2008-0154

SQL injection vulnerability in index.php in EvilBoard 0.1a (Alpha) allows remote attackers to execut

CVE-2008-0157

SQL injection vulnerability in FlexBB 0.6.3 and earlier allows remote attackers to execute arbitrary

CVE-2008-0185

SQL injection vulnerability in index.php in NetRisk 1.9.7 and possibly earlier versions allows remot

CVE-2008-0187

SQL injection vulnerability in songinfo.php in SAM Broadcaster samPHPweb, possibly 4.2.2 and earlier

CVE-2008-0194

Directory traversal vulnerability in wp-db-backup.php in WordPress 2.0.3 and earlier allows remote a

CVE-2008-0219

SQL injection vulnerability in soporte_horizontal_w.php in PHP Webquest 2.6 allows remote attackers

CVE-2008-0220

Multiple stack-based buffer overflows in the WebLaunch.WeblaunchCtl.1 (aka CWebLaunchCtl) ActiveX co

CVE-2008-0221

Directory traversal vulnerability in the WebLaunch.WeblaunchCtl.1 (aka CWebLaunchCtl) ActiveX contro

CVE-2008-0222

Unrestricted file upload vulnerability in ajaxfilemanager.php in the Wp-FileManager 1.2 plugin for W

CVE-2008-0223

Buffer overflow in JustSystems JSFC.DLL, as used in multiple JustSystems products such as Ichitaro,

CVE-2008-0224

SQL injection vulnerability in index.php in the Newbb_plus 0.92 and earlier module in RunCMS 1.6.1 a

CVE-2008-0226

Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products,

CVE-2008-0227

yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allows remote attackers to ca

CVE-2008-0228

Cross-site request forgery (CSRF) vulnerability in apply.cgi in the Linksys WRT54GL Wireless-G Broad

CVE-2008-0229

The telnet service in LevelOne WBR-3460 4-Port ADSL 2/2+ Wireless Modem Router with firmware 1.00.11

CVE-2008-0230

PHP remote file inclusion vulnerability in php121db.php in osDate 2.0.8 and possibly earlier version

CVE-2008-0231

Multiple directory traversal vulnerabilities in index.php in Tuned Studios (1) Subwoofer, (2) Freeze

CVE-2008-0232

Multiple SQL injection vulnerabilities in Zero CMS 1.0 Alpha allow remote attackers to execute arbit

CVE-2008-0233

Unrestricted file upload vulnerability in Zero CMS 1.0 Alpha and earlier allows remote attackers to

CVE-2008-0234

Buffer overflow in Apple Quicktime Player 7.3.1.70 and other versions before 7.4.1, when RTSP tunnel

CVE-2008-0235

The Microsoft VFP_OLE_Server ActiveX control allows remote attackers to execute arbitrary code by in

CVE-2008-0238

Multiple heap-based buffer overflows in the rmff_dump_cont function in input/libreal/rmff.c in xine-

CVE-2008-0242

Unspecified vulnerability in libdevinfo in Sun Solaris 10 allows local users to access files and gai

CVE-2008-0243

Unspecified vulnerability in Lotus Domino 7.0.2 before Fix Pack 3 allows attackers to cause a denial

CVE-2008-0244

SAP MaxDB 7.6.03 build 007 and earlier allows remote attackers to execute arbitrary commands via '&&

CVE-2008-0245

admin.php in UploadImage 1.0 does not check for the original password before making a change to a ne

CVE-2008-0246

admin.php in UploadScript 1.0 does not check for the original password before making a change to a n

CVE-2008-0247

Heap-based buffer overflow in the Express Backup Server service (dsmsvc.exe) in IBM Tivoli Storage M

CVE-2008-0248

Buffer overflow in an ActiveX control in ccpm_0237.dll for StreamAudio ChainCast ProxyManager allows

CVE-2008-0250

Buffer overflow in Microsoft Visual InterDev 6.0 (SP6) allows user-assisted attackers to execute arb

CVE-2008-0251

Unrestricted file upload vulnerability in PhotoPost vBGallery before 2.4.2 allows remote attackers t

CVE-2008-0252

Directory traversal vulnerability in the _get_file_path function in (1) lib/sessions.py in CherryPy

CVE-2008-2381

SQL injection vulnerability in the create function in common/include/GroupJoinRequest.class in GForg

CVE-2008-2383

CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands v

CVE-2008-4827

Multiple heap-based buffer overflows in the AddTab method in the (1) Tab and (2) CTab ActiveX contro

CVE-2008-5810

WBPublish (aka WBPublish.exe) in Fujitsu-Siemens WebTransactions 7.0, 7.1, and possibly other versio

CVE-2008-5811

SQL injection vulnerability in the PaxGallery (com_paxgallery) component 0.1 for Joomla! allows remo

CVE-2008-5812

Multiple unspecified vulnerabilities in SPIP 1.8 before 1.8.3b, 1.9 before 1.9.2g, and 2.0 before 2.

CVE-2008-5813

SQL injection vulnerability in inc/rubriques.php in SPIP 1.8 before 1.8.3b, 1.9 before 1.9.2g, and 2

CVE-2008-5815

SQL injection vulnerability in Acomment.php in phpAlumni allows remote attackers to execute arbitrar

CVE-2008-5816

SQL injection vulnerability in repository.php in ILIAS 3.7.4 and earlier allows remote attackers to

CVE-2008-5820

SQL injection vulnerability in eDNews_view.php in eDreamers eDNews 2 allows remote attackers to exec

CVE-2008-5826

The Nokia 6131 Near Field Communication (NFC) phone with 05.12 firmware allows remote attackers to c

CVE-2008-5827

The Nokia 6131 Near Field Communication (NFC) phone with 05.12 firmware automatically installs softw

CVE-2008-5838

SQL injection vulnerability in search_results.php in E-Php Scripts E-Shop (aka E-Php Shopping Cart)

CVE-2008-5839

Buffer overflow in Foxmail 6.5 allows remote attackers to execute arbitrary code via a long mailto U

CVE-2008-5840

PHP iCalendar 2.24 and earlier allows remote attackers to bypass authentication by setting the phpic

CVE-2008-5841

Multiple SQL injection vulnerabilities in iGaming 1.5 and earlier allow remote attackers to execute

CVE-2008-5844

PHP 5.2.7 contains an incorrect change to the FILTER_UNSAFE_RAW functionality, and unintentionally d

CVE-2008-5848

The Advantech ADAM-6000 module has 00000000 as its default password, which makes it easier for remot

CVE-2008-5851

SQL injection vulnerability in index.php in My PHP Baseball Stats (MyPBS) allows remote attackers to

CVE-2008-5863

SQL injection vulnerability in locator.php in the Userlocator module 3.0 for Woltlab Burning Board (

CVE-2008-5864

SQL injection vulnerability in the Top Hotel (com_tophotelmodule) component 1.0 in the Hotel Booking

CVE-2008-5865

SQL injection vulnerability in the com_hbssearch component 1.0 in the Hotel Booking Reservation Syst

CVE-2008-5866

The Proxim Wireless Tsunami MP.11 2411 with firmware 3.0.3 has public as its default SNMP read/write

CVE-2008-5868

Stack-based buffer overflow in IntelliTamper 2.07 and 2.08 allows user-assisted attackers to execute

CVE-2008-5872

Multiple unspecified vulnerabilities in the UNIStim File Transfer Protocol (UFTP) processing in IP C

CVE-2008-5873

Yerba SACphp 6.3 and earlier allows remote attackers to bypass authentication and gain administrativ

CVE-2008-5874

Multiple SQL injection vulnerabilities in the Hotel Booking Reservation System (aka HBS) for Joomla!

CVE-2008-5875

SQL injection vulnerability in the com_lowcosthotels component in the Hotel Booking Reservation Syst

CVE-2008-5876

Buffer overflow in Irrlicht before 1.5 allows remote attackers to cause a denial of service (crash)

CVE-2008-5880

admin/auth.php in Gobbl CMS 1.0 allows remote attackers to bypass authentication and gain administra

CVE-2008-5881

Multiple directory traversal vulnerabilities in playSMS 0.9.3 allow remote attackers to include and

CVE-2008-5882

SQL injection vulnerability in login.asp in Citrix Application Gateway - Broadcast Server (BCS) befo

CVE-2008-5883

Absolute path traversal vulnerability in front-end/dir.php in mini-pub 0.3 and earlier allows remote

CVE-2008-5888

Multiple SQL injection vulnerabilities in Click&Rank allow remote attackers to execute arbitrary SQL

CVE-2008-5890

SQL injection vulnerability in feeds.php in Injader before 2.1.2 allows remote attackers to execute

CVE-2008-5892

Multiple SQL injection vulnerabilities in ClickAndEmail allow remote attackers to execute arbitrary

CVE-2008-5895

SQL injection vulnerability in connection.php in Mediatheka 4.2 and earlier allows remote attackers

CVE-2008-5896

CodeAvalanche RateMySite stores sensitive information under the web root with insufficient access co

CVE-2008-5897

CodeAvalanche FreeWallpaper stores sensitive information under the web root with insufficient access

CVE-2008-5898

CodeAvalanche Directory stores sensitive information under the web root with insufficient access con

CVE-2008-5899

CodeAvalanche FreeForAll stores sensitive information under the web root with insufficient access co

CVE-2008-5900

CodeAvalanche Articles stores sensitive information under the web root with insufficient access cont

CVE-2008-5901

iyzi Forum 1.0 beta 3 stores sensitive information under the web root with insufficient access contr

CVE-2009-0043

The smmsnmpd service in CA Service Metric Analysis r11.0 through r11.1 SP1 and Service Level Managem

CVE-2009-0065

Buffer overflow in net/sctp/sm_statefuns.c in the Stream Control Transmission Protocol (sctp) implem

CVE-2009-0066

Multiple unspecified vulnerabilities in Intel system software for Trusted Execution Technology (TXT)

CVE-2009-0070

Integer signedness error in Apple Safari allows remote attackers to read the contents of arbitrary m

CVE-2009-0103

Multiple PHP remote file inclusion vulnerabilities in playSMS 0.9.3 allow remote attackers to execut

CVE-2009-0104

SQL injection vulnerability in index.php in EZpack 4.2b2 allows remote attackers to execute arbitrar

CVE-2009-0106

SQL injection vulnerability in profile.php in PHPAuctions (aka PHPAuctionSystem) allows remote attac

CVE-2009-0108

PHPAuctions (aka PHPAuctionSystem) allows remote attackers to bypass authentication and gain adminis

CVE-2009-0109

SQL injection vulnerability in index.php in RiotPix 0.61 and earlier allows remote attackers to exec

CVE-2009-0110

SQL injection vulnerability in read.php in RiotPix 0.61 and earlier allows remote attackers to execu

CVE-2009-0111

SQL injection vulnerability in frontpage.php in Goople CMS 1.8.2 and earlier allows remote attackers

CVE-2009-3415

Unspecified vulnerability in the Oracle OLAP component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0

CVE-2009-3952

Buffer overflow in Adobe Illustrator CS3 13.0.3 and earlier and Illustrator CS4 14.0.0 allows attack

CVE-2009-4009

Buffer overflow in PowerDNS Recursor before 3.1.7.2 allows remote attackers to cause a denial of ser

CVE-2009-4010

Unspecified vulnerability in PowerDNS Recursor before 3.1.7.2 allows remote attackers to spoof DNS d

CVE-2009-4486

Stack-based buffer overflow in the eDirectory plugin in Novell iManager before 2.7.3 allows remote a

CVE-2009-4536

drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel 2.6.32.3 and earlier handles

CVE-2009-4537

drivers/net/r8169.c in the r8169 driver in the Linux kernel 2.6.32.3 and earlier does not properly c

CVE-2009-4538

drivers/net/e1000e/netdev.c in the e1000e driver in the Linux kernel 2.6.32.3 and earlier does not p

CVE-2009-4541

Multiple PHP remote file inclusion vulnerabilities in IsolSoft Support Center 2.5 allow remote attac

CVE-2009-4546

globepersonnel_login.asp in Logoshows BBS 2.0 allows remote attackers to bypass authentication and g

CVE-2009-4549

Stack-based buffer overflow in A2 Media Player Pro 2.51 allows remote attackers to execute arbitrary

CVE-2009-4550

SQL injection vulnerability in the Kunena Forum (com_kunena) component 1.5.3 and 1.5.4 for Joomla! a

CVE-2009-4551

SQL injection vulnerability in the Survey Pro module for Miniweb 2.0 allows remote attackers to exec

CVE-2009-4556

Quick Heal AntiVirus Plus 2009 10.00 SP1 and Quick Heal Total Security 2009 10.00 SP1 use weak permi

CVE-2009-4560

SQL injection vulnerability in profile.php in WebLeague 2.2.0 allows remote attackers to execute arb

CVE-2009-4565

sendmail before 8.14.4 does not properly handle a '\0' character in a Common Name (CN) field of an X

CVE-2009-4566

SQL injection vulnerability in index.php in Zenphoto 1.2.5 allows remote attackers to execute arbitr

CVE-2009-4569

SQL injection vulnerability in elkagroup Image Gallery allows remote attackers to execute arbitrary

CVE-2009-4571

Multiple SQL injection vulnerabilities in index.php in PhpShop 0.8.1 allow remote attackers to execu

CVE-2009-4574

SQL injection vulnerability in country_escorts.php in I-Escorts Directory Script allows remote attac

CVE-2009-4576

SQL injection vulnerability in the BeeHeard (com_beeheard) component 1.x for Joomla! allows remote a

CVE-2009-4577

SQL injection vulnerability in the MDForum module 2.x through 2.07 for MAXdev MDPro allows remote at

CVE-2009-4582

SQL injection vulnerability in detail.php in the Dictionary module for XOOPS 2.0.18 allows remote at

CVE-2009-4583

SQL injection vulnerability in the DhForum (com_dhforum) component for Joomla! allows remote attacke

CVE-2009-4584

admin.php in dB Masters Multimedia Links Directory 3.1.3 allows remote attackers to bypass authentic

CVE-2009-4588

Heap-based buffer overflow in the WindsPlayerIE.View.1 ActiveX control in WindsPly.ocx 3.5.0.0 Beta,

CVE-2009-4591

SQL injection vulnerability in Basic Analysis and Security Engine (BASE) before 1.4.4 allows remote

CVE-2009-4592

Unspecified vulnerability in base_local_rules.php in Basic Analysis and Security Engine (BASE) befor

CVE-2009-4594

Unspecified vulnerability in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.131 for Domi

CVE-2009-4597

Multiple SQL injection vulnerabilities in index.php in PHP Inventory 1.2 allow (1) remote authentica

CVE-2009-4598

SQL injection vulnerability in the JPhoto (com_jphoto) component 1.0 for Joomla! allows remote attac

CVE-2009-4599

Multiple SQL injection vulnerabilities in the JS Jobs (com_jsjobs) component 1.0.5.6 for Joomla! all

CVE-2009-4600

SQL injection vulnerability in realestate20/loginaction.php in NetArt Media Real Estate Portal 2.0 a

CVE-2009-4604

PHP remote file inclusion vulnerability in mamboleto.php in the Fernando Soares Mamboleto (com_mambo

CVE-2009-5038

Cisco IOS before 15.0(1)XA does not properly handle IRC traffic during a specific time period after

CVE-2009-5137

Stack-based buffer overflow in Mini-stream CastRipper 2.50.70 allows remote attackers to execute arb

CVE-2010-0012

Directory traversal vulnerability in libtransmission/metainfo.c in Transmission 1.22, 1.34, 1.75, an

CVE-2010-0013

Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 a

CVE-2010-0071

Unspecified vulnerability in the Listener component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5,

CVE-2010-0072

Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.3 all

CVE-2010-0079

Multiple vulnerabilities in the JRockit component in BEA Product Suite R27.6.5 using JRE/JDK 1.4.2,

CVE-2010-0157

Directory traversal vulnerability in the Bible Study (com_biblestudy) component 6.1 for Joomla! allo

CVE-2010-0158

SQL injection vulnerability in the JoomlaBamboo (JB) Simpla Admin template for Joomla! allows remote

CVE-2010-0272

Heap-based buffer overflow in Sun Java System Web Server 7.0 Update 6 on Linux allows remote attacke

CVE-2010-0273

Unspecified vulnerability in Sun Java System Web Server 7.0 Update 6 on Linux allows remote attacker

CVE-2010-0274

Unspecified vulnerability in the Edit Contact scene in Ultra-light Mode in IBM Lotus iNotes (aka Dom

CVE-2010-0275

Ultra-light Mode in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.241 for Domino 8.0.2

CVE-2010-0276

IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.241 for Domino 8.0.2 FP3 does not properl

CVE-2010-10011

A vulnerability, which was classified as problematic, was found in Acritum Femitter Server 1.04. Aff

CVE-2010-2604

Multiple buffer overflows in the PDF Distiller in the BlackBerry Attachment Service component in Res

CVE-2010-2640

Array index error in the PK font parser in the dvi-backend component in Evince 2.32 and earlier allo

CVE-2010-2641

Array index error in the VF font parser in the dvi-backend component in Evince 2.32 and earlier allo

CVE-2010-2642

Heap-based buffer overflow in the AFM font parser in the dvi-backend component in Evince 2.32 and ea

CVE-2010-2643

Integer overflow in the TFM font parser in the dvi-backend component in Evince 2.32 and earlier allo

CVE-2010-3311

Integer overflow in base/ftstream.c in libXft (aka the X FreeType library) in FreeType before 2.4 al

CVE-2010-3444

Buffer overflow in the log2vis_utf8 function in pyfribidi.c in GNU FriBidi 0.19.1, 0.19.2, and possi

CVE-2010-3782

obs-server before 1.7.7 allows logins by 'unconfirmed' accounts due to a bug in the REST api impleme

CVE-2010-3856

ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and 2.12.x before 2.12.2, does not pr

CVE-2010-3865

Integer overflow in the rds_rdma_pages function in net/rds/rdma.c in the Linux kernel allows local u

CVE-2010-3907

Multiple integer overflows in real.c in the Real demuxer plugin in VideoLAN VLC Media Player before

CVE-2010-3912

The supportconfig script in supportutils in SUSE Linux Enterprise 11 SP1 and 10 SP3 does not 'disgui

CVE-2010-3984

Buffer overflow in mng_core_com.dll in CA XOsoft Replication r12.0 SP1 and r12.5 SP2 rollup, CA XOso

CVE-2010-4164

Multiple integer underflows in the x25_parse_facilities function in net/x25/x25_facilities.c in the

CVE-2010-4496

Multiple SQL injection vulnerabilities in Collaborative Information Manager server, as used in TIBCO

CVE-2010-4498

Unspecified vulnerability in Collaborative Information Manager server, as used in TIBCO Collaborativ

CVE-2010-4523

Multiple stack-based buffer overflows in libopensc in OpenSC 0.11.13 and earlier allow physically pr

CVE-2010-4526

Race condition in the sctp_icmp_proto_unreachable function in net/sctp/input.c in Linux kernel 2.6.1

CVE-2010-4538

Buffer overflow in the sect_enttec_dmx_da function in epan/dissectors/packet-enttec.c in Wireshark 1

CVE-2010-4541

Stack-based buffer overflow in the loadit function in plug-ins/common/sphere-designer.c in the SPHER

CVE-2010-4543

Heap-based buffer overflow in the read_channel_data function in file-psp.c in the Paint Shop Pro (PS

CVE-2010-4669

The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Microsoft Windows XP, Windo

CVE-2010-4670

The Neighbor Discovery (ND) protocol implementation in the IPv6 stack on Cisco Adaptive Security App

CVE-2010-4671

The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS before 15.0(1)XA5

CVE-2010-4672

Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2(3) and earlier allow

CVE-2010-4673

Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2(4) and earlier allow

CVE-2010-4674

Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 series devices with softw

CVE-2010-4675

Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) do not prop

CVE-2010-4678

Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) permit pack

CVE-2010-4679

Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) do not prop

CVE-2010-4680

The WebVPN implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices with softw

CVE-2010-4681

Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 series devices with softw

CVE-2010-4682

Memory leak on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2

CVE-2010-4683

Memory leak in Cisco IOS before 15.0(1)XA5 might allow remote attackers to cause a denial of service

CVE-2010-4684

Cisco IOS before 15.0(1)XA1, when certain TFTP debugging is enabled, allows remote attackers to caus

CVE-2010-4686

CallManager Express (CME) on Cisco IOS before 15.0(1)XA1 does not properly handle SIP TRUNK traffic

CVE-2010-4688

Unspecified vulnerability in the SIP inspection feature on Cisco Adaptive Security Appliances (ASA)

CVE-2010-4689

Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.3(2) do not prop

CVE-2010-4691

Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 series devices with softw

CVE-2010-4692

Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 series devices with softw

CVE-2010-5317

Multiple SQL injection vulnerabilities in index.php in SweetRice CMS before 0.6.7.1 allow remote att

CVE-2011-0026

Integer signedness error in the SQLConnectW function in an ODBC API (odbc32.dll) in Microsoft Data A

CVE-2011-0027

Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6

CVE-2011-0346

Use-after-free vulnerability in the ReleaseInterface function in MSHTML.DLL in Microsoft Internet Ex

CVE-2011-0347

Microsoft Internet Explorer on Windows XP allows remote attackers to trigger an incorrect GUI displa

CVE-2011-0403

Untrusted search path vulnerability in ImgBurn.exe in ImgBurn 2.4.0.0, 2.5.4.0, and other versions a

CVE-2011-0404

Stack-based buffer overflow in NetSupport Manager Agent for Linux 11.00, for Solaris 9.50, and for M

CVE-2011-0406

Heap-based buffer overflow in HistorySvr.exe in WellinTech KingView 6.53 allows remote attackers to

CVE-2011-0407

SQL injection vulnerability in the store function in _phenotype/system/class/PhenoTypeDataObject.cla

CVE-2011-0423

The PolyVision RoomWizard with firmware 3.2.3 has a default password of roomwizard for the administr

CVE-2011-0444

Buffer overflow in the MAC-LTE dissector (epan/dissectors/packet-mac-lte.c) in Wireshark 1.2.0 throu

CVE-2011-1763

The get_free_port function in Xen allows local authenticated DomU users to cause a denial of service

CVE-2011-3919

Heap-based buffer overflow in libxml2, as used in Google Chrome before 16.0.912.75, allows remote at

CVE-2011-3921

Use-after-free vulnerability in Google Chrome before 16.0.912.75 allows remote attackers to cause a

CVE-2011-3922

Stack-based buffer overflow in Google Chrome before 16.0.912.75 allows remote attackers to cause a d

CVE-2011-3937

The H.263 codec (libavcodec/h263dec.c) in FFmpeg 0.7.x before 0.7.12, 0.8.x before 0.8.11, and unspe

CVE-2011-4055

Buffer overflow in the WebClient ActiveX control in Siemens Tecnomatix FactoryLink 6.6.1 (aka 6.6 SP

CVE-2011-4109

Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled,

CVE-2011-4197

etc/inc/certs.inc in the PKI implementation in pfSense before 2.0.1 creates each X.509 certificate w

CVE-2011-4370

Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers

CVE-2011-4371

Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers

CVE-2011-4529

Multiple buffer overflows in Siemens Automation License Manager (ALM) 4.0 through 5.1+SP1+Upd1 allow

CVE-2011-4644

Splunk 4.2.5 and earlier, when a Free license is selected, enables potentially undesirable functiona

CVE-2011-4785

Directory traversal vulnerability in the HP-ChaiSOE/1.0 web server on the HP LaserJet P3015 printer

CVE-2011-4786

A certain ActiveX control in HPTicketMgr.dll in HP Easy Printer Care Software 2.5 and earlier allows

CVE-2011-4787

A certain ActiveX control in HPTicketMgr.dll in HP Easy Printer Care Software 2.5 and earlier allows

CVE-2011-4788

Absolute path traversal vulnerability in the web interface on HP StorageWorks P2000 G3 MSA array sys

CVE-2011-4789

Stack-based buffer overflow in magentservice.exe in the server in HP LoadRunner 11.00 before patch 4

CVE-2011-5051

Multiple unrestricted file upload vulnerabilities in the WP Symposium plugin before 11.12.24 for Wor

CVE-2011-5059

Stack-based buffer overflow in Final Draft 8 before 8.02 allows remote attackers to execute arbitrar

CVE-2011-5247

Snare for Linux before 1.7.0 has password disclosure because the rendered page contains the field Re

CVE-2011-5254

Unspecified vulnerability in the Connections plugin before 0.7.1.6 for WordPress has unknown impact

CVE-2011-5295

Buffer overflow in the Download method in a certain ActiveX control in MDIEEx.dll in Gogago YouTube

CVE-2011-5308

Multiple SQL injection vulnerabilities in cdnvote-post.php in the cdnvote plugin before 0.4.2 for Wo

CVE-2011-5313

Multiple SQL injection vulnerabilities in includes/password.php in Redaxscript 0.3.2 allow remote at

CVE-2012-0001

The kernel in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2

CVE-2012-0003

Unspecified vulnerability in winmm.dll in Windows Multimedia Library in Windows Media Player (WMP) i

CVE-2012-0004

Unspecified vulnerability in DirectShow in DirectX in Microsoft Windows XP SP2 and SP3, Windows Serv

CVE-2012-0009

Untrusted search path vulnerability in the Windows Object Packager configuration in Microsoft Window

CVE-2012-0013

Incomplete blacklist vulnerability in the Windows Packager configuration in Microsoft Windows XP SP2

CVE-2012-0024

MaraDNS before 1.3.07.12 and 1.4.x before 1.4.08 computes hash values for DNS data without restricti

CVE-2012-0391

The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL

CVE-2012-0695

Multiple unspecified vulnerabilities in Google Chrome before 17.0.963.27 on the Acer AC700, Samsung

CVE-2012-0697

HP StorageWorks P2000 G3 MSA array systems have a default account, which makes it easier for remote

CVE-2012-0699

Multiple cross-site request forgery (CSRF) vulnerabilities in Family Connections CMS (aka FCMS) 2.9

CVE-2012-1530

Heap-based buffer overflow in the XSLT engine in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x bef

CVE-2012-2142

The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary

CVE-2012-2379

Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token s

CVE-2012-2931

PHP code injection in TinyWebGallery before 1.8.8 allows remote authenticated users with admin privi

CVE-2012-2950

Gateway Geomatics MapServer for Windows before 3.0.6 contains a Local File Include Vulnerability whi

CVE-2012-3353

The Apache Sling JCR ContentLoader 2.1.4 XmlReader used in the Sling JCR content loader module makes

CVE-2012-3490

The (1) my_popenv_impl and (2) my_spawnv functions in src/condor_utils/my_popen.cpp and the (3) syst

CVE-2012-3806

Samsung Kies before 2.5.0.12094_27_11 contains a NULL pointer dereference vulnerability which could

CVE-2012-3808

Samsung Kies before 2.5.0.12094_27_11 has arbitrary file modification.

CVE-2012-3809

Samsung Kies before 2.5.0.12094_27_11 has arbitrary directory modification.

CVE-2012-3810

Samsung Kies before 2.5.0.12094_27_11 has registry modification.

CVE-2012-3822

Arial Campaign Enterprise before 11.0.551 has unauthorized access to the User-Edit.asp page, which a

CVE-2012-3823

Arial Campaign Enterprise before 11.0.551 stores passwords in clear text and these may be retrieved.

CVE-2012-3824

In Arial Campaign Enterprise before 11.0.551, multiple pages are accessible without authentication o

CVE-2012-4030

Chamilo before 1.8.8.6 does not adequately handle user supplied input by the index.php script, which

CVE-2012-4434

fwknop before 2.0.3 allow remote authenticated users to cause a denial of service (server crash) or

CVE-2012-4603

Citrix XenApp Online Plug-in for Windows 12.1 and earlier, and Citrix Receiver for Windows 3.2 and e

CVE-2012-4820

Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and ear

CVE-2012-4821

Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1

CVE-2012-4822

Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1

CVE-2012-4823

Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and ear

CVE-2012-5693

Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 allows remote attackers to execute arb

CVE-2012-5874

Multiple SQL injection vulnerabilities in the (1) update_whosonline_reg and (2) update_whosonline_gu

CVE-2012-6089

Multiple stack-based buffer overflows in the canoniseFileName function in os/pl-os.c in SWI-Prolog b

CVE-2012-6090

Multiple stack-based buffer overflows in the expand function in os/pl-glob.c in SWI-Prolog before 6.

CVE-2012-6329

The _compile function in Maketext.pm in the Locale::Maketext implementation in Perl before 5.17.7 do

CVE-2012-6426

LemonLDAP::NG before 1.2.3 does not use the signature-verification capability of the Lasso library,

CVE-2012-6465

Opera before 12.10 allows remote attackers to execute arbitrary code or cause a denial of service (a

CVE-2012-6468

Heap-based buffer overflow in Opera before 12.11 allows remote attackers to execute arbitrary code o

CVE-2012-6470

Opera before 12.12 does not properly allocate memory for GIF images, which allows remote attackers t

CVE-2012-6496

SQL injection vulnerability in the Active Record component in Ruby on Rails before 3.0.18, 3.1.x bef

CVE-2013-0002

Buffer overflow in the Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1

CVE-2013-0003

Buffer overflow in a System.DirectoryServices.Protocols (S.DS.P) namespace method in Microsoft .NET

CVE-2013-0004

Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properl

CVE-2013-0005

The WCF Replace function in the Open Data (aka OData) protocol implementation in Microsoft .NET Fram

CVE-2013-0006

Microsoft XML Core Services (aka MSXML) 3.0, 5.0, and 6.0 does not properly parse XML content, which

CVE-2013-0007

Microsoft XML Core Services (aka MSXML) 4.0, 5.0, and 6.0 does not properly parse XML content, which

CVE-2013-0008

win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, a

CVE-2013-0011

The Print Spooler in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows r

CVE-2013-0422

Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitra

CVE-2013-0601

Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attacker

CVE-2013-0602

Use-after-free vulnerability in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 1

CVE-2013-0603

Heap-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.

CVE-2013-0604

Heap-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.

CVE-2013-0605

Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attacker

CVE-2013-0606

Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11

CVE-2013-0607

Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attacker

CVE-2013-0608

Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attacker

CVE-2013-0609

Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 1

CVE-2013-0610

Stack-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11

CVE-2013-0611

Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attacker

CVE-2013-0612

Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11

CVE-2013-0613

Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 1

CVE-2013-0614

Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attacker

CVE-2013-0615

Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11

CVE-2013-0616

Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attacker

CVE-2013-0617

Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11

CVE-2013-0618

Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attacker

CVE-2013-0619

Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attacker

CVE-2013-0620

Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attacker

CVE-2013-0621

Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11

CVE-2013-0622

Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attacker

CVE-2013-0623

Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attacker

CVE-2013-0624

Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attacker

CVE-2013-0626

Stack-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11

CVE-2013-0627

Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x

CVE-2013-0629

Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10, when a password is not configured, allows attackers to a

CVE-2013-0630

Buffer overflow in Adobe Flash Player before 10.3.183.50 and 11.x before 11.5.502.146 on Windows and

CVE-2013-0631

Adobe ColdFusion 9.0, 9.0.1, and 9.0.2 allows attackers to obtain sensitive information via unspecif

CVE-2013-10007

A vulnerability classified as problematic has been found in ethitter WP-Print-Friendly up to 0.5.2.

CVE-2013-2050

SQL injection vulnerability in the miq_policy controller in Red Hat CloudForms 2.0 Management Engine

CVE-2013-2344

Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbit

CVE-2013-2345

Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbit

CVE-2013-2346

Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbit

CVE-2013-2347

The Backup Client Service (OmniInet.exe) in HP Storage Data Protector 6.2X allows remote attackers t

CVE-2013-2348

Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbit

CVE-2013-2349

Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbit

CVE-2013-2350

Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbit

CVE-2013-2603

The RACInstaller.StateCtrl.1 ActiveX control in InstallerDlg.dll in RealNetworks GameHouse RealArcad

CVE-2013-2604

RealNetworks GameHouse RealArcade Installer (aka ActiveMARK Game Installer) 2.6.0.481 and 3.0.7 uses

CVE-2013-3246

Stack-based buffer overflow in xnview.exe in XnView before 2.03 allows remote attackers to execute a

CVE-2013-3247

Heap-based buffer overflow in xnview.exe in XnView before 2.03 allows remote attackers to execute ar

CVE-2013-3619

Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherbo

CVE-2013-3620

Hardcoded WSMan credentials in Intelligent Platform Management Interface (IPMI) with firmware for Su

CVE-2013-3932

SQL injection vulnerability in the Jomres (com_jomres) component before 7.3.1 for Joomla! allows rem

CVE-2013-3935

Cross-site request forgery (CSRF) vulnerability in Opsview before 4.4.1 and Opsview Core before 2013

CVE-2013-3937

Heap-based buffer overflow in xnview.exe in XnView before 2.13 allows remote attackers to execute ar

CVE-2013-3939

xnview.exe in XnView before 2.13 does not properly handle RLE strip lengths during processing of RGB

CVE-2013-3944

Stack-based buffer overflow in the MrSID plugin (MrSID.dll) before 4.37 for IrfanView allows remote

CVE-2013-3945

The MrSID plugin (MrSID.dll) before 4.37 for IrfanView allows remote attackers to execute arbitrary

CVE-2013-3946

Heap-based buffer overflow in the MrSID plugin (MrSID.dll) before 4.37 for IrfanView allows remote a

CVE-2013-4364

(1) oo-analytics-export and (2) oo-analytics-import in the openshift-origin-broker-util package in R

CVE-2013-4532

Qemu 1.1.2+dfsg to 2.1+dfsg suffers from a buffer overrun which could potentially result in arbitrar

CVE-2013-5009

The Management Console in Symantec Endpoint Protection (SEP) 11.x before 11.0.7.4 and 12.x before 12

CVE-2013-5011

Unquoted Windows search path vulnerability in the client in Symantec Endpoint Protection (SEP) 11.x

CVE-2013-5031

Unspecified vulnerability in Atmail before 6.6.4, and 7.x before 7.1.2, has unknown impact and attac

CVE-2013-5032

Unspecified vulnerability in Atmail before 6.6.4, and 7.x before 7.1.2, has unknown impact and attac

CVE-2013-5033

Unspecified vulnerability in Atmail before 6.6.4, and 7.x before 7.1.2, has unknown impact and attac

CVE-2013-5034

Unspecified vulnerability in Atmail before 6.6.4, and 7.x before 7.1.2, has unknown impact and attac

CVE-2013-5349

Integer underflow in Picasa3.exe in Google Picasa before 3.9.0 Build 137.69 allows remote attackers

CVE-2013-5357

Integer overflow in Picasa3.exe in Google Picasa before 3.9.0 Build 137.69 allows remote attackers t

CVE-2013-5358

Picasa3.exe in Google Picasa before 3.9.0 Build 137.69 allows remote attackers to trigger memory cor

CVE-2013-5359

Stack-based buffer overflow in Picasa3.exe in Google Picasa before 3.9.0 Build 137.69 might allow re

CVE-2013-5385

The OSPF implementation in IBM i 6.1 and 7.1, in z/OS on zSeries servers, and in Networking Operatin

CVE-2013-5656

FuzeZip 1.0.0.131625 has a Local Buffer Overflow vulnerability

CVE-2013-5657

AultWare pwStore 2010.8.30.0 has DoS via an empty HTTP request

CVE-2013-6194

Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbit

CVE-2013-6195

Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbit

CVE-2013-6231

SpagoBI before 4.1 has Privilege Escalation via an error in the AdapterHTTP script

CVE-2013-6321

SQL injection vulnerability in IBM Atlas eDiscovery Process Management 6.0.1.5 and earlier and 6.0.2

CVE-2013-6462

Stack-based buffer overflow in the bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont

CVE-2013-6881

CRU Ditto Forensic FieldStation with firmware before 2013Oct15a allows remote attackers to execute a

CVE-2013-6884

The write-blocker in CRU Ditto Forensic FieldStation with firmware before 2013Oct15a has a default '

CVE-2013-6888

Uscan in devscripts before 2.13.9 allows remote attackers to execute arbitrary code via a crafted ta

CVE-2013-6955

webman/imageSelector.cgi in Synology DiskStation Manager (DSM) 4.0 before 4.0-2259, 4.2 before 4.2-3

CVE-2013-7139

SQL injection vulnerability in download.php in Horizon Quick Content Management System (QCMS) 4.0 an

CVE-2013-7174

Absolute path traversal vulnerability in cgi-bin/jc.cgi in QNAP QTS before 4.1.0 allows remote attac

CVE-2013-7260

Multiple stack-based buffer overflows in RealNetworks RealPlayer before 17.0.4.61 on Windows, and Ma

CVE-2013-7278

SQL injection vulnerability in Naxtech CMS Afroditi 1.0 allows remote attackers to execute arbitrary

CVE-2013-7282

The management web interface on the Nisuta NS-WIR150NE router with firmware 5.07.41 and Nisuta NS-WI

CVE-2013-7283

Race condition in the libreswan.spec files for Red Hat Enterprise Linux (RHEL) and Fedora packages i

CVE-2013-7420

Buffer overflow in Hancom Office 2010 SE allows remote attackers to execute arbitrary via a long str

CVE-2014-0087

The check_privileges method in vmdb/app/controllers/application_controller.rb in ManageIQ, as used i

CVE-2014-0618

Juniper Junos before 10.4 before 10.4R16, 11.4 before 11.4R8, 12.1R before 12.1R7, 12.1X44 before 12

CVE-2014-0659

The Cisco WAP4410N access point with firmware through 2.0.6.1, WRVS4400N router with firmware 1.x th

CVE-2014-0978

Stack-based buffer overflow in the yyerror function in lib/cgraph/scan.l in Graphviz 2.34.0 allows r

CVE-2014-10069

Hitron CVE-30360 devices use a 578A958E3DD933FC DES key that is shared across different customers' i

CVE-2014-1236

Stack-based buffer overflow in the chkNum function in lib/cgraph/scan.l in Graphviz 2.34.0 allows re

CVE-2014-125033

A vulnerability was found in rails-cv-app. It has been rated as problematic. Affected by this issue

CVE-2014-125066

A vulnerability was found in emmflo yuko-bot. It has been declared as problematic. This vulnerabilit

CVE-2014-125072

A vulnerability classified as critical has been found in CherishSin klattr. This affects an unknown

CVE-2014-1408

The Conceptronic C54APM access point with runtime code 1.26 has a default password of admin for the

CVE-2014-2071

Aruba Networks ClearPass Policy Manager 6.1.x, 6.2.x before 6.2.5.61640 and 6.3.x before 6.3.0.61712

CVE-2014-2686

Ansible prior to 1.5.4 mishandles the evaluation of some strings.

CVE-2014-2839

SQL injection vulnerability in the GD Star Rating plugin 19.22 for WordPress allows remote administr

CVE-2014-3211

Publify before 8.0.1 is vulnerable to a Denial of Service attack

CVE-2014-3447

BSS Continuity CMS 4.2.22640.0 has a Remote Denial Of Service vulnerability

CVE-2014-4991

(1) lib/dataset/database/mysql.rb and (2) lib/dataset/database/postgresql.rb in the codders-dataset

CVE-2014-4992

lib/cap-strap/helpers.rb in the cap-strap gem 0.1.5 for Ruby places credentials on the useradd comma

CVE-2014-4993

(1) lib/backup/cli/utility.rb in the backup-agoddard gem 3.0.28 and (2) lib/backup/cli/utility.rb in

CVE-2014-4995

Race condition in lib/vlad/dba/mysql.rb in the VladTheEnterprising gem 0.2 for Ruby allows local use

CVE-2014-4997

lib/commands/setup.rb in the point-cli gem 0.0.1 for Ruby places credentials on the curl command lin

CVE-2014-4998

test/tc_database.rb in the lean-ruport gem 0.3.8 for Ruby places the mysql user password on the mysq

CVE-2014-4999

vendor/plugins/dataset/lib/dataset/database/mysql.rb in the kajam gem 1.0.3.rc2 for Ruby places the

CVE-2014-5000

The login function in lib/lawn.rb in the lawn-login gem 0.0.7 for Ruby places credentials on the cur

CVE-2014-5001

lib/ksymfony1.rb in the kcapifony gem 2.1.6 for Ruby places database user passwords on the (1) mysql

CVE-2014-5002

The lynx gem before 1.0.0 for Ruby places the configured password on command lines, which allows loc

CVE-2014-5004

lib/brbackup.rb in the brbackup gem 0.1.1 for Ruby places the database password on the mysql command

CVE-2014-5013

DOMPDF before 0.6.2 allows remote code execution, a related issue to CVE-2014-2383.

CVE-2014-5068

Directory traversal vulnerability in the web application in Symmetricom s350i 2.70.15 allows remote

CVE-2014-5070

Symmetricom s350i 2.70.15 allows remote authenticated users to gain privileges via vectors related t

CVE-2014-5092

Status2k allows Remote Command Execution in admin/options/editpl.php.

CVE-2014-5140

The bindReplace function in the query factory in includes/classes/database.php in Loaded Commerce 7

CVE-2014-5287

A Bash script injection vulnerability exists in Kemp Load Master 7.1-16 and earlier due to a failure

CVE-2014-6158

Multiple directory traversal vulnerabilities in the file-upload feature in IBM PureApplication Syste

CVE-2014-6435

cgi-bin/AZ_Retrain.cgi in Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices does not check

CVE-2014-7209

run-mailcap in the Debian mime-support package before 3.52-1+deb7u1 allows context-dependent attacke

CVE-2014-7952

The backup mechanism in the adb tool in Android might allow attackers to inject additional applicati

CVE-2014-8083

SQL injection vulnerability in the Search::setJsonAlert method in OSClass before 3.4.3 allows remote

CVE-2014-8084

Directory traversal vulnerability in oc-includes/osclass/controller/ajax.php in OSClass before 3.4.3

CVE-2014-8166

The browsing feature in the server in CUPS does not filter ANSI escape sequences from shared printer

CVE-2014-8182

An off-by-one error leading to a crash was discovered in openldap 2.4 when processing DNS SRV messag

CVE-2014-9190

Stack-based buffer overflow in Schneider Electric Wonderware InTouch Access Anywhere Server 10.6 and

CVE-2014-9277

The wfMangleFlashPolicy function in OutputHandler.php in MediaWiki before 1.19.22, 1.20.x through 1.

CVE-2014-9389

Directory traversal vulnerability in Sonatype Nexus OSS and Pro before 2.11.1-01 allows remote attac

CVE-2014-9427

sapi/cgi/cgi_main.c in the CGI component in PHP through 5.4.36, 5.5.x through 5.5.20, and 5.6.x thro

CVE-2014-9428

The batadv_frag_merge_packets function in net/batman-adv/fragmentation.c in the B.A.T.M.A.N. impleme

CVE-2014-9440

SQL injection vulnerability in browse.php in phpMyRecipes 1.2.2 allows remote attackers to execute a

CVE-2014-9445

SQL injection vulnerability in incl/create.inc.php in Installatron GQ File Manager 0.2.5 allows remo

CVE-2014-9448

Buffer overflow in Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 allows remote attackers to execut

CVE-2014-9450

Multiple SQL injection vulnerabilities in chart_bar.php in the frontend in Zabbix before 1.8.22, 2.0

CVE-2014-9451

Multiple stack-based buffer overflows in the DIVA web service API (/webservice) in VDG Security SENS

CVE-2014-9455

SQL injection vulnerability in showads.php in CTS Projects & Software ClassAd 3.0 allows remote atta

CVE-2014-9456

Buffer overflow in NotePad++ 6.6.9 allows remote attackers to have unspecified impact via a long Tim

CVE-2014-9458

Heap-based buffer overflow in the GDB debugger module in Hex-Rays IDA Pro before 6.6 cumulative fix

CVE-2014-9464

SQL injection vulnerability in Category.php in Microweber CMS 0.95 before 20141209 allows remote att

CVE-2014-9495

Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before

CVE-2014-9509

The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and

CVE-2014-9519

SQL injection vulnerability in login.php in InfiniteWP Admin Panel before 2.4.3 allows remote attack

CVE-2014-9520

SQL injection vulnerability in execute.php in InfiniteWP Admin Panel before 2.4.4 allows remote atta

CVE-2014-9521

Unrestricted file upload vulnerability in uploadScript.php in InfiniteWP Admin Panel before 2.4.4, w

CVE-2014-9528

SQL injection vulnerability in the actionIndex function in protected/modules_core/notification/contr

CVE-2015-10012

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in sumocoders FrameworkUserBundle up to 1.

CVE-2015-10025

A vulnerability has been found in luelista miniConf up to 1.7.6 and classified as problematic. Affec

CVE-2015-10038

A vulnerability was found in nym3r0s pplv2. It has been declared as critical. Affected by this vulne

CVE-2015-10039

A vulnerability was found in dobos domino. It has been rated as critical. Affected by this issue is

CVE-2015-1290

The Google V8 engine, as used in Google Chrome before 44.0.2403.89 and QtWebEngineCore in Qt before

CVE-2015-2298

node/utils/ExportEtherpad.js in Etherpad 1.5.x before 1.5.2 might allow remote attackers to obtain s

CVE-2015-2318

The TLS stack in Mono before 3.12.1 allows man-in-the-middle attackers to conduct message skipping a

CVE-2015-2319

The TLS stack in Mono before 3.12.1 makes it easier for remote attackers to conduct cipher-downgrade

CVE-2015-3888

Jolla Sailfish OS before 1.1.2.16 allows remote attackers to spoof phone numbers and trigger calls t

CVE-2015-4553

A file upload issue exists in DeDeCMS before 5.7-sp1, which allows malicious users getshell.

CVE-2015-9250

An issue was discovered in Skybox Platform before 7.5.201. Directory Traversal exists in /skyboxview

CVE-2016-0324

IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-

CVE-2016-0327

IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-

CVE-2016-0335

Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager (ISIM) Virtual Appl

CVE-2016-10096

SQL injection vulnerability in register.php in GeniXCMS before 1.0.0 allows remote attackers to exec

CVE-2016-10097

XML External Entity (XXE) Vulnerability in /SSOPOST/metaAlias/%realm%/idpv2 in OpenAM - Access Manag

CVE-2016-10403

Insufficient data validation on image data in PDFium in Google Chrome prior to 51.0.2704.63 allowed

CVE-2016-5311

A Privilege Escalation vulnerability exists in Symantec Norton Antivirus, Norton AntiVirus with Back

CVE-2016-6590

A privilege escalation vulnerability exists when loading DLLs during boot up and reboot in Symantec

CVE-2016-6591

A security bypass vulnerability exists in Symantec Norton App Lock 1.0.3.186 and earlier if applicat

CVE-2016-6593

A code-execution vulnerability exists during startup in jhi.dll and otpiha.dll in Symantec VIP Acces

CVE-2016-7576

In iOS before 9.3.3, a memory corruption issue existed in the kernel. This issue was addressed throu

CVE-2016-9651

A missing check for whether a property of a JS object is private in V8 in Google Chrome prior to 55.

CVE-2017-0846

An information disclosure vulnerability in the Android framework (clipboardservice). Product: Androi

CVE-2017-0855

In MPEG4Extractor.cpp, there are several places where functions return early without cleaning up int

CVE-2017-0869

NVIDIA driver contains an integer overflow vulnerability which could cause a use after free and poss

CVE-2017-1000412

Linaro's open source TEE solution called OP-TEE, version 2.4.0 (and older) is vulnerable to the bell

CVE-2017-1000418

The WildMidi_Open function in WildMIDI since commit d8a466829c67cacbb1700beded25c448d99514e5 allows

CVE-2017-1000419

phpBB version 3.2.0 is vulnerable to SSRF in the Remote Avatar function resulting allowing an attack

CVE-2017-1000420

Syncthing version 0.14.33 and older is vulnerable to symlink traversal resulting in arbitrary file o

CVE-2017-1000422

Gnome gdk-pixbuf 2.36.8 and older is vulnerable to several integer overflow in the gif_get_lzw funct

CVE-2017-1000432

Vanilla Forums below 2.1.5 are affected by CSRF leading to Deleting topics and comments from forums

CVE-2017-1000433

pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This

CVE-2017-1000438

In OMERO 5.3.3 or earlier a user could create an OriginalFile and adjust its path such that it now p

CVE-2017-1000448

Structured Data Linter versions 2.4.1 and older are vulnerable to a directory traversal attack in th

CVE-2017-1000450

In opencv/modules/imgcodecs/src/utils.cpp, functions FillUniColor and FillUniGray do not check the i

CVE-2017-1000451

fs-git is a file system like api for git repository. The fs-git version 1.0.1 module relies on child

CVE-2017-1000452

An XML Signature Wrapping vulnerability exists in Samlify 2.2.0 and earlier, and in predecessor Expr

CVE-2017-1000454

CMS Made Simple 2.1.6, 2.2, 2.2.1 are vulnerable to Smarty Template Injection in some core component

CVE-2017-1000456

freedesktop.org libpoppler 0.60.1 fails to validate boundaries in TextPool::addWord, leading to over

CVE-2017-1000470

EmbedThis GoAhead Webserver versions 4.0.0 and earlier is vulnerable to an integer overflow in the H

CVE-2017-1000473

Linux Dash up to version v2 is vulnerable to multiple command injection vulnerabilities in the way m

CVE-2017-1000477

XMLBundle version 0.1.7 is vulnerable to XXE attacks which can result in denial of service attacks.

CVE-2017-1000479

pfSense versions 2.4.1 and lower are vulnerable to clickjacking attacks in the CSRF error page resul

CVE-2017-1000485

Nylas Mail Lives 2.2.2 uses 0755 permissions for $HOME/.nylas-mail, which allows local users to obta

CVE-2017-1000494

Uninitialized stack variable vulnerability in NameValueParserEndElt (upnpreplyparse.c) in miniupnpd

CVE-2017-1000496

Commsy version 9.0.0 is vulnerable to XXE attacks in the configuration import functionality resultin

CVE-2017-1000498

AndroidSVG version 1.2.2 is vulnerable to XXE attacks in the SVG parsing component resulting in deni

CVE-2017-1000499

phpMyAdmin versions 4.7.x (prior to 4.7.6.1/4.7.7) are vulnerable to a CSRF weakness. By deceiving a

CVE-2017-11003

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Li

CVE-2017-11066

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Li

CVE-2017-11069

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Li

CVE-2017-11080

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Li

CVE-2017-11081

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Li

CVE-2017-12169

It was found that FreeIPA 4.2.0 and later could disclose password hashes to users having the 'System

CVE-2017-12189

It was discovered that the jboss init script as used in Red Hat JBoss Enterprise Application Platfor

CVE-2017-12622

When an Apache Geode cluster before v1.3.0 is operating in secure mode and an authenticated user con

CVE-2017-12695

An Improper Authentication issue was discovered in General Motors (GM) and Shanghai OnStar (SOS) SOS

CVE-2017-13176

In the parseURL function of URLStreamHandler, there is improper input validation of the host field.

CVE-2017-13180

In the onQueueFilled function of SoftAVCDec, there is a possible out-of-bounds write due to a use af

CVE-2017-13181

In the doGetThumb and getThumbnail functions of MtpServer, there is a possible double free due to no

CVE-2017-13182

In the sendFormatChange function of ACodec, there is a possible integer overflow which could lead to

CVE-2017-13183

In the OMXNodeInstance::useBuffer and IOMX::freeBuffer functions, there is a possible use after free

CVE-2017-13184

In the enableVSyncInjections function of SurfaceFlinger, there is a possible use after free of mVSyn

CVE-2017-13186

A vulnerability in the Android media framework (libavc) related to incorrect use of mmco parameters.

CVE-2017-13189

A vulnerability in the Android media framework (libavc) related to handling dec_hdl memory allocatio

CVE-2017-13190

A vulnerability in the Android media framework (libhevc) related to handling ps_codec_obj memory all

CVE-2017-13191

In the ihevcd_decode function of ihevcd_decode.c, there is an infinite loop due to an incomplete fra

CVE-2017-13192

In the ihevcd_parse_slice_header function of ihevcd_parse_slice_header.c a slice address of zero aft

CVE-2017-13193

In ihevcd_decode.c there is a possible infinite loop due to bytes for an sps of unsupported resoluti

CVE-2017-13194

A vulnerability in the Android media framework (libvpx) related to odd frame width. Product: Android

CVE-2017-13195

In the ihevcd_parse_sps function of ihevcd_parse_headers.c, several parameter values could be negati

CVE-2017-13196

In several places in ihevcd_decode.c, a dead loop could occur due to incomplete frames which could l

CVE-2017-13197

In the ihevcd_parse_slice.c function, slave threads are not joined if there is an error. This could

CVE-2017-13198

A vulnerability in the Android media framework (ex) related to composition of frames lacking a color

CVE-2017-13199

In Bitmap.ccp if Bitmap.nativeCreate fails an out of memory exception is not thrown leading to a jav

CVE-2017-13200

An information disclosure vulnerability in the Android media framework (av) related to id3 unsynchro

CVE-2017-13201

An information disclosure vulnerability in the Android media framework (mediadrm). Product: Android.

CVE-2017-13202

An information disclosure vulnerability in the Android media framework (libeffects). Product: Androi

CVE-2017-13206

An information disclosure vulnerability in the Android media framework (aacdec). Product: Android. V

CVE-2017-13207

An information disclosure vulnerability in the Android media framework (stagefright mpeg4writer). Pr

CVE-2017-13209

In the ServiceManager::add function in the hardware service manager, there is an insecure permission

CVE-2017-13210

In CameraDeviceClient::submitRequestList of CameraDeviceClient.cpp, there is an out-of-bounds write

CVE-2017-13211

In bta_scan_results_cb_impl of btif_ble_scanner.cc, there is possible resource exhaustion if a large

CVE-2017-13212

An elevation of privilege vulnerability in the Android system (systemui). Product: Android. Versions

CVE-2017-13213

An elevation of privilege vulnerability in the Broadcom bcmdhd driver. Product: Android. Versions: A

CVE-2017-13214

In the hardware HEVC decoder, some media files could cause a page fault. This could lead to a remote

CVE-2017-13215

A elevation of privilege vulnerability in the Upstream kernel skcipher. Product: Android. Versions:

CVE-2017-13216

In ashmem_ioctl of ashmem.c, there is an out-of-bounds write due to insufficient locking when access

CVE-2017-13217

In DisplayFtmItem in the bootloader, there is an out-of-bounds write due to reading a string without

CVE-2017-13219

A denial of service vulnerability in the Upstream kernel synaptics touchscreen controller. Product:

CVE-2017-13220

An elevation of privilege vulnerability in the Upstream kernel bluez. Product: Android. Versions: An

CVE-2017-13221

An elevation of privilege vulnerability in the Upstream kernel wifi driver. Product: Android. Versio

CVE-2017-13222

An information disclosure vulnerability in the Upstream kernel kernel. Product: Android. Versions: A

CVE-2017-13225

In libMtkOmxVdec.so there is a possible heap buffer overflow. This could lead to a remote elevation

CVE-2017-13226

An elevation of privilege vulnerability in the MediaTek mtk. Product: Android. Versions: Android ker

CVE-2017-13887

In macOS High Sierra before 10.13.2, a logic issue existed in APFS when deleting keys during hiberna

CVE-2017-13888

In iOS before 11.2, a type confusion issue was addressed with improved memory handling.

CVE-2017-14030

An issue was discovered in Moxa MXview v2.8 and prior. The unquoted service path escalation vulnerab

CVE-2017-14454

Multiple exploitable buffer overflow vulnerabilities exists in the PubNub message handler for the 'c

CVE-2017-14869

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Li

CVE-2017-14870

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Li

CVE-2017-14873

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Li

CVE-2017-14879

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Li

CVE-2017-14960

xDashboard in OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP

CVE-2017-15124

VNC server implementation in Quick Emulator (QEMU) 2.11.0 and older was found to be vulnerable to an

CVE-2017-15131

It was found that system umask policy is not being honored when creating XDG user directories, since

CVE-2017-15401

A memory corruption bug in WebAssembly could lead to out of bounds read and write through V8 in WebA

CVE-2017-15403

Insufficient data validation in crosh could lead to a command injection under chronos privileges in

CVE-2017-15404

An ability to process crash dumps under root privileges and inappropriate symlinks handling could le

CVE-2017-15405

Inappropriate symlink handling and a race condition in the stateful recovery feature implementation

CVE-2017-15428

Insufficient data validation in V8 builtins string generator could lead to out of bounds read and wr

CVE-2017-15613

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary comma

CVE-2017-15614

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary comma

CVE-2017-15615

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary comma

CVE-2017-15616

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary comma

CVE-2017-15617

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary comma

CVE-2017-15618

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary comma

CVE-2017-15619

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary comma

CVE-2017-15620

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary comma

CVE-2017-15621

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary comma

CVE-2017-15622

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary comma

CVE-2017-15623

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary comma

CVE-2017-15624

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary comma

CVE-2017-15625

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary comma

CVE-2017-15626

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary comma

CVE-2017-15627

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary comma

CVE-2017-15628

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary comma

CVE-2017-15629

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary comma

CVE-2017-15630

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary comma

CVE-2017-15631

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary comma

CVE-2017-15632

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary comma

CVE-2017-15633

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary comma

CVE-2017-15634

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary comma

CVE-2017-15635

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary comma

CVE-2017-15636

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary comma

CVE-2017-15637

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary comma

CVE-2017-15662

In Flexense VX Search Enterprise v10.1.12, the Control Protocol suffers from a denial of service vul

CVE-2017-15663

In Flexense Disk Pulse Enterprise v10.1.18, the Control Protocol suffers from a denial of service vu

CVE-2017-15664

In Flexense Sync Breeze Enterprise v10.1.16, the Control Protocol suffers from a denial of service v

CVE-2017-15665

In Flexense DiskBoss Enterprise 8.5.12, the Control Protocol suffers from a denial of service vulner

CVE-2017-15845

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Li

CVE-2017-15847

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Li

CVE-2017-15848

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Li

CVE-2017-15849

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Li

CVE-2017-15850

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Li

CVE-2017-1612

IBM WebSphere MQ 7.0, 7.1, 7.5, 8.0, and 9.0 service trace module could be used to execute untrusted

CVE-2017-16256

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc

CVE-2017-16257

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc

CVE-2017-16258

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc

CVE-2017-16259

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc

CVE-2017-16260

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc

CVE-2017-16261

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc

CVE-2017-16262

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc

CVE-2017-1666

IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 is vulnerable to a XML External Entity Injection

CVE-2017-1671

IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 could allow a remote attacker to traverse directo

CVE-2017-1672

IBM Tivoli Key Lifecycle Manager 2.6 and 2.7 is vulnerable to cross-site request forgery which could

CVE-2017-16736

An Unrestricted Upload Of File With Dangerous Type issue was discovered in Advantech WebAccess versi

CVE-2017-16737

An issue was discovered in WECON Technology LEVI Studio HMI Editor v1.8.29 and prior. A specially-cr

CVE-2017-16739

An issue was discovered in WECON Technology LEVI Studio HMI Editor v1.8.29 and prior. Specially-craf

CVE-2017-16886

The portal on FiberHome Mobile WIFI Device Model LM53Q1 VH519R05C01S38 uses SOAP based web services

CVE-2017-17662

Directory traversal in the HTTP server on Yawcam 0.2.6 through 0.6.0 devices allows attackers to rea

CVE-2017-17867

Inteno iopsys 2.0-3.14 and 4.0 devices allow remote authenticated users to execute arbitrary OS comm

CVE-2017-18009

In OpenCV 3.3.1, a heap-based buffer over-read exists in the function cv::HdrDecoder::checkSignature

CVE-2017-18019

In K7 Total Security before 15.1.0.305, user-controlled input to the K7Sentry device is not sufficie

CVE-2017-18020

On Samsung mobile devices with L(5.x), M(6.x), and N(7.x) software and Exynos chipsets, attackers ca

CVE-2017-18026

Redmine before 3.2.9, 3.3.x before 3.3.6, and 3.4.x before 3.4.4 does not block the --config and --d

CVE-2017-18141

When a 3rd party TEE has been loaded it is possible for the non-secure world to create a secure moni

CVE-2017-18320

QSEE unload attempt on a 3rd party TEE without previously loading results in a data abort in snapdra

CVE-2017-18328

Use after free in QSH client rule processing in snapdragon mobile and snapdragon wear in versions MD

CVE-2017-18329

Possible Buffer overflow when transmitting an RTP packet in snapdragon automobile and snapdragon wea

CVE-2017-18330

Buffer overflow in AES-CCM and AES-GCM encryption via initialization vector in snapdragon automobile

CVE-2017-20161

A vulnerability classified as problematic has been found in rofl0r MacGeiger. Affected is the functi

CVE-2017-20165

A vulnerability classified as problematic has been found in debug-js debug up to 3.0.x. This affects

CVE-2017-3765

In Enterprise Networking Operating System (ENOS) in Lenovo and IBM RackSwitch and BladeCenter produc

CVE-2017-4949

VMware Workstation and Fusion contain a use-after-free vulnerability in VMware NAT service when IPv6

CVE-2017-4950

VMware Workstation and Fusion contain an integer overflow vulnerability in VMware NAT service when I

CVE-2017-5242

Nexpose and InsightVM virtual appliances downloaded between April 5th, 2017 and May 3rd, 2017 contai

CVE-2017-7536

In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it was found that when the securi

CVE-2017-9663

An Cleartext Storage of Sensitive Information issue was discovered in General Motors (GM) and Shangh

CVE-2017-9689

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Li

CVE-2017-9705

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Li

CVE-2017-9712

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Li

CVE-2017-9795

When an Apache Geode cluster before v1.3.0 is operating in secure mode, a user with read access to s

CVE-2017-9966

A privilege escalation vulnerability exists in Schneider Electric's Pelco VideoXpert Enterprise vers

CVE-2018-0005

QFX and EX Series switches configured to drop traffic when the MAC move limit is exceeded will forwa

CVE-2018-0012

Junos Space is affected by a privilege escalation vulnerability that may allow a local authenticated

CVE-2018-0103

A Buffer Overflow vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Forma

CVE-2018-0114

A vulnerability in the Cisco node-jose open source library before 0.11.0 could allow an unauthentica

CVE-2018-0461

A vulnerability in the Cisco IP Phone 8800 Series Software could allow an unauthenticated, remote at

CVE-2018-0474

A vulnerability in the web-based management interface of Cisco Unified Communications Manager could

CVE-2018-0625

Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute a

CVE-2018-0626

Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute a

CVE-2018-0627

Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute a

CVE-2018-0628

Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute a

CVE-2018-0629

Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary OS

CVE-2018-0630

Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary OS

CVE-2018-0631

Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary OS

CVE-2018-0632

Buffer overflow in Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to ex

CVE-2018-0633

Buffer overflow in Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to ex

CVE-2018-0634

Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS

CVE-2018-0635

Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS

CVE-2018-0636

Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS

CVE-2018-0637

Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS

CVE-2018-0638

Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS

CVE-2018-0639

Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS

CVE-2018-0640

Buffer overflow in Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to e

CVE-2018-0641

Buffer overflow in Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to e

CVE-2018-0667

Untrusted search path vulnerability in Installer of INplc SDK Express 3.08 and earlier and Installer

CVE-2018-0676

BN-SDWBP3 firmware version 1.0.9 and earlier allows an attacker on the same network segment to bypas

CVE-2018-0689

HTTP header injection vulnerability in SEIKO EPSON printers and scanners (DS-570W firmware versions

CVE-2018-0702

Directory traversal vulnerability in Cybozu Mailwise 5.0.0 to 5.4.5 allows remote attackers to delet

CVE-2018-0703

Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.1 allows remote attackers to delet

CVE-2018-0704

Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.1 allows remote attackers to delet

CVE-2018-0743

Windows Subsystem for Linux in Windows 10 version 1703, Windows 10 version 1709, and Windows Server,

CVE-2018-0744

The Windows kernel in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 160

CVE-2018-0748

The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Win

CVE-2018-0749

The Microsoft Server Message Block (SMB) Server in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Se

CVE-2018-0751

The Windows Kernel API in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511,

CVE-2018-0752

The Windows Kernel API in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511,

CVE-2018-0758

Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacke

CVE-2018-0762

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Window

CVE-2018-0764

Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7

CVE-2018-0768

Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitrary code in the context of the

CVE-2018-0769

Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacke

CVE-2018-0770

Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacke

CVE-2018-0772

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Window

CVE-2018-0773

Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitrary code in the context of the

CVE-2018-0774

Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitrary code in the context of the

CVE-2018-0775

Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitrary code in the context of the

CVE-2018-0776

Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacke

CVE-2018-0777

Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacke

CVE-2018-0778

Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitrary code in the context of the

CVE-2018-0781

Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacke

CVE-2018-0784

ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to the ASP.NET Core

CVE-2018-0786

Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, .NET Co

CVE-2018-0788

The Windows Adobe Type Manager Font Driver (Atmfd.dll) in Windows 7 SP1, Windows 8.1 and RT 8.1, Win

CVE-2018-0789

Microsoft SharePoint Foundation 2010, Microsoft SharePoint Server 2013 and Microsoft SharePoint Serv

CVE-2018-0790

Microsoft SharePoint Foundation 2010, Microsoft SharePoint Server 2013 and Microsoft SharePoint Serv

CVE-2018-0791

Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, and Microsoft Outlook 2016 a

CVE-2018-0792

Microsoft Word 2016 in Microsoft Office 2016 allows a remote code execution vulnerability due to the

CVE-2018-0793

Microsoft Outlook 2007, Microsoft Outlook 2010 and Microsoft Outlook 2013 allow a remote code execut

CVE-2018-0794

Microsoft Word in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft

CVE-2018-0795

Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code executio

CVE-2018-0796

Microsoft Excel in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsof

CVE-2018-0797

Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code executio

CVE-2018-0798

Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsof

CVE-2018-0801

Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsof

CVE-2018-0802

Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsof

CVE-2018-0804

Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Of

CVE-2018-0805

Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Of

CVE-2018-0806

Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Of

CVE-2018-0807

Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Of

CVE-2018-0812

Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Of

CVE-2018-0818

Microsoft ChakraCore allows an attacker to bypass Control Flow Guard (CFG) in conjunction with anoth

CVE-2018-1000410

An information exposure vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier,

CVE-2018-1000412

An improper authorization vulnerability exists in Jenkins Jira Plugin 3.0.1 and earlier in JiraSite.

CVE-2018-1000414

A cross-site request forgery vulnerability exists in Jenkins Config File Provider Plugin 3.1 and ear

CVE-2018-1000417

A cross-site request forgery vulnerability exists in Jenkins Email Extension Template Plugin 1.0 and

CVE-2018-1000418

An improper authorization vulnerability exists in Jenkins HipChat Plugin 2.2.0 and earlier in HipCha

CVE-2018-1000423

An insufficiently protected credentials vulnerability exists in Jenkins Crowd 2 Integration Plugin 2

CVE-2018-1000424

An insufficiently protected credentials vulnerability exists in Jenkins Artifactory Plugin 2.16.1 an

CVE-2018-1000425

An insufficiently protected credentials vulnerability exists in Jenkins SonarQube Scanner Plugin 2.8

CVE-2018-10465

Jamf Pro 10.x before 10.3.0 has Incorrect Access Control. Jamf Pro user accounts and groups with acc

CVE-2018-11009

A Buffer Overflow issue was discovered in K7Computing K7AntiVirus Premium 15.01.00.53.

CVE-2018-11010

A Buffer Overflow issue was discovered in K7Computing K7AntiVirus Premium 15.01.00.53.

CVE-2018-11246

K7TSMngr.exe in K7Computing K7AntiVirus Premium 15.1.0.53 has a Memory Leak.

CVE-2018-12177

Improper directory permissions in the ZeroConfig service in Intel(R) PROSet/Wireless WiFi Software b

CVE-2018-1320

Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComple

CVE-2018-15453

A vulnerability in the Secure/Multipurpose Internet Mail Extensions (S/MIME) Decryption and Verifica

CVE-2018-15458

A vulnerability in the Shell Access Filter feature of Cisco Firepower Management Center (FMC), when

CVE-2018-15460

A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Sec

CVE-2018-15490

An issue was discovered in ExpressVPN on Windows. The Xvpnd.exe process (which runs as a service wit

CVE-2018-16065

A Javascript reentrancy issues that caused a use-after-free in V8 in Google Chrome prior to 69.0.349

CVE-2018-16071

A use after free in WebRTC in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to poten

CVE-2018-16076

Missing bounds check in PDFium in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to p

CVE-2018-16081

Allowing the chrome.debugger API to run on file:// URLs in DevTools in Google Chrome prior to 69.0.3

CVE-2018-16083

An out of bounds read in forward error correction code in WebRTC in Google Chrome prior to 69.0.3497

CVE-2018-16085

A use after free in ResourceCoordinator in Google Chrome prior to 69.0.3497.81 allowed a remote atta

CVE-2018-16166

LogonTracer 1.2.0 and earlier allows remote attackers to conduct XML External Entity (XXE) attacks v

CVE-2018-16169

Cybozu Remote Service 3.0.0 to 3.1.0 allows remote authenticated attackers to upload and execute Jav

CVE-2018-16170

Directory traversal vulnerability in Cybozu Remote Service 3.0.0 to 3.1.8 for Windows allows remote

CVE-2018-16171

Directory traversal vulnerability in Cybozu Remote Service 3.0.0 to 3.1.8 allows remote attackers to

CVE-2018-16175

SQL injection vulnerability in the LearnPress prior to version 3.1.0 allows attacker with administra

CVE-2018-16176

Untrusted search path vulnerability in Installer of Mapping Tool 2.0.1.6 and 2.0.1.7 allows remote a

CVE-2018-16177

Untrusted search path vulnerability in The installer of Windows 10 Fall Creators Update Modify modul

CVE-2018-16178

Cybozu Garoon 3.0.0 to 4.10.0 allows remote attackers to bypass access restriction to view informati

CVE-2018-16182

Untrusted search path vulnerability in the installer of MARKET SPEED Ver.16.4 and earlier allows an

CVE-2018-16183

An unquoted search path vulnerability in some pre-installed applications on Panasonic PC run on Wind

CVE-2018-16185

RICOH Interactive Whiteboard D2200 V1.1 to V2.2, D5500 V1.1 to V2.2, D5510 V1.1 to V2.2, the display

CVE-2018-16186

RICOH Interactive Whiteboard D2200 V1.1 to V2.2, D5500 V1.1 to V2.2, D5510 V1.1 to V2.2, the display

CVE-2018-16194

Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firm

CVE-2018-16195

Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firm

CVE-2018-16196

Multiple Yokogawa products that contain Vnet/IP Open Communication Driver (CENTUM CS 3000(R3.05.00 -

CVE-2018-16198

Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier m

CVE-2018-16200

Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier a

CVE-2018-16201

Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier u

CVE-2018-16202

Directory traversal vulnerability in cordova-plugin-ionic-webview versions prior to 2.2.0 (not inclu

CVE-2018-16864

An allocation of memory without limits, that could result in the stack clashing with another memory

CVE-2018-16865

An allocation of memory without limits, that could result in the stack clashing with another memory

CVE-2018-16882

A use-after-free issue was found in the way the Linux kernel's KVM hypervisor processed posted inter

CVE-2018-17188

Prior to CouchDB version 2.3.0, CouchDB allowed for runtime-configuration of key components of the d

CVE-2018-17457

An object lifecycle issue in Blink could lead to a use after free in WebAudio in Google Chrome prior

CVE-2018-17458

An improper update of the WebAssembly dispatch table in WebAssembly in Google Chrome prior to 69.0.3

CVE-2018-17461

An out of bounds read in PDFium in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to

CVE-2018-17470

A heap buffer overflow in GPU in Google Chrome prior to 70.0.3538.67 allowed a remote attacker who h

CVE-2018-18098

Improper file verification in install routine for Intel(R) SGX SDK and Platform Software for Windows

CVE-2018-18264

Kubernetes Dashboard before 1.10.1 allows attackers to bypass authentication and use Dashboard's Ser

CVE-2018-1888

An untrusted search path vulnerability in IBM i Access for Windows versions 7.1 and earlier on Windo

CVE-2018-19249

The Stripe API v1 allows remote attackers to bypass intended access restrictions by replaying api.st

CVE-2018-19418

Foxit PDF ActiveX before 5.5.1 allows remote code execution via command injection because of the lac

CVE-2018-19994

An error-based SQL injection vulnerability in product/card.php in Dolibarr version 8.0.2 allows remo

CVE-2018-19998

SQL injection vulnerability in user/card.php in Dolibarr version 8.0.2 allows remote authenticated u

CVE-2018-20065

Handling of URI action in PDFium in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to

CVE-2018-20066

Incorrect object lifecycle in Extensions in Google Chrome prior to 71.0.3578.80 allowed a remote att

CVE-2018-20131

The Code42 app before 6.8.4, as used in Code42 for Enterprise, on Linux installs with overly permiss

CVE-2018-20166

A file-upload vulnerability exists in Rukovoditel 2.3.1. index.php?module=configuration/save allows

CVE-2018-20211

ExifTool 8.32 allows local users to gain privileges by creating a %TEMP%\par-%username%\cache-exifto

CVE-2018-20309

Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyGetAppEdition r

CVE-2018-20310

Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyDoAction race c

CVE-2018-20311

Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyCPDFAction race

CVE-2018-20312

Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyDoAction race c

CVE-2018-20313

Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyPreviewAction r

CVE-2018-20314

Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyCheckLicence ra

CVE-2018-20315

Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a race condition that

CVE-2018-20316

Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyDoAction race c

CVE-2018-20657

The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.

CVE-2018-20658

The server in Core FTP 2.0 build 653 on 32-bit platforms allows remote attackers to cause a denial o

CVE-2018-20679

An issue was discovered in BusyBox before 1.30.0. An out of bounds read in udhcp components (consume

CVE-2018-20683

commands/rsync in Gitolite before 3.6.11, if .gitolite.rc enables rsync, mishandles the rsync comman

CVE-2018-20684

In WinSCP before 5.14 beta, due to missing validation, the scp implementation would accept arbitrary

CVE-2018-2360

SAP Startup Service, SAP KERNEL 7.45, 7.49, and 7.52, is missing an authentication check for functio

CVE-2018-2361

In SAP Solution Manager 7.20, the role SAP_BPO_CONFIG gives the Business Process Operations (BPO) co

CVE-2018-2363

SAP NetWeaver, SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52,

CVE-2018-25062

A vulnerability classified as problematic has been found in flar2 ElementalX up to 6.x on Nexus 9. A

CVE-2018-3703

Improper directory permissions in the installer for the Intel(R) SSD Data Center Tool for Windows be

CVE-2018-3814

Craft CMS 2.6.3000 allows remote attackers to execute arbitrary PHP code by using the 'Assets->Uploa

CVE-2018-4012

An exploitable buffer overflow vulnerability exists in the HTTP header-parsing function of the Webro

CVE-2018-4180

In macOS High Sierra before 10.13.5, an issue existed in CUPS. This issue was addressed with improve

CVE-2018-4182

In macOS High Sierra before 10.13.5, an access issue was addressed with additional sandbox restricti

CVE-2018-4183

In macOS High Sierra before 10.13.5, an access issue was addressed with additional sandbox restricti

CVE-2018-4185

In iOS before 11.3, tvOS before 11.3, watchOS before 4.3, and macOS before High Sierra 10.13.4, an i

CVE-2018-4186

In Safari before 11.1, an information leakage issue existed in the handling of downloads in Safari P

CVE-2018-4194

In iOS before 11.4, iCloud for Windows before 7.5, watchOS before 4.3.1, iTunes before 12.7.5 for Wi

CVE-2018-4207

In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS bef

CVE-2018-4208

In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS bef

CVE-2018-4209

In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS bef

CVE-2018-4210

In iOS before 11.3, Safari before 11.1, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 f

CVE-2018-4212

In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS bef

CVE-2018-4213

In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS bef

CVE-2018-4217

In macOS High Sierra before 10.13.5, a privacy issue in the handling of Open Directory records was a

CVE-2018-4262

In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iClo

CVE-2018-4277

In iOS before 11.4.1, watchOS before 4.3.2, tvOS before 11.4.1, Safari before 11.1.1, macOS High Sie

CVE-2018-4330

In iOS before 11.4, a memory corruption issue exists and was addressed with improved memory handling

CVE-2018-4404

In iOS before 11.4 and macOS High Sierra before 10.13.5, a memory corruption issue exists and was ad

CVE-2018-4862

In Octopus Deploy versions 3.2.11 - 4.1.5 (fixed in 4.1.6), an authenticated user with ProcessEdit p

CVE-2018-4871

An Out-of-bounds Read issue was discovered in Adobe Flash Player before 28.0.0.137. This vulnerabili

CVE-2018-5079

In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of se

CVE-2018-5080

In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of se

CVE-2018-5081

In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of se

CVE-2018-5082

In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of se

CVE-2018-5083

In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of se

CVE-2018-5084

In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of se

CVE-2018-5085

In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of se

CVE-2018-5086

In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of se

CVE-2018-5087

In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of se

CVE-2018-5088

In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of se

CVE-2018-5189

Race condition in Jungo Windriver 12.5.1 allows local users to cause a denial of service (buffer ove

CVE-2018-5197

A vulnerability in the ExtCommon.dll user extension module version 9.2, 9.2.1, 9.2.2 of Xplatform Ac

CVE-2018-5205

When using incomplete escape codes, Irssi before 1.0.6 may access data beyond the end of the string.

CVE-2018-5207

When using an incomplete variable argument, Irssi before 1.0.6 may access data beyond the end of the

CVE-2018-5210

On Samsung mobile devices with N(7.x) software and Exynos chipsets, attackers can conduct a Trustlet

CVE-2018-5217

In K7 Antivirus 15.1.0306, the driver file (K7Sentry.sys) allows local users to cause a denial of se

CVE-2018-5218

In K7 Antivirus 15.1.0306, the driver file (K7Sentry.sys) allows local users to cause a denial of se

CVE-2018-5219

In K7 Antivirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of se

CVE-2018-5220

In K7 Antivirus 15.1.0306, the driver file (K7Sentry.sys) allows local users to cause a denial of se

CVE-2018-5221

Multiple buffer overflows in BarCodeWiz BarCode before 6.7 ActiveX control (BarcodeWiz.DLL) allow re

CVE-2018-5253

The AP4_FtypAtom class in Core/Ap4FtypAtom.cpp in Bento4 1.5.1.0 has an Infinite loop via a crafted

CVE-2018-5259

Discuz! DiscuzX X3.4 allows remote authenticated users to bypass intended attachment-deletion restri

CVE-2018-5266

Cobham Sea Tel 121 build 222701 devices allow remote attackers to obtain potentially sensitive infor

CVE-2018-5270

In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denia

CVE-2018-5271

In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denia

CVE-2018-5272

In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denia

CVE-2018-5273

In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denia

CVE-2018-5274

In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denia

CVE-2018-5275

In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denia

CVE-2018-5276

In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denia

CVE-2018-5277

In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denia

CVE-2018-5279

In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denia

CVE-2018-5282

Kentico 9.0 through 11.0 has a stack-based buffer overflow via the SqlName, SqlPswd, Database, UserN

CVE-2018-5283

The Photos in Wifi application 1.0.1 for iOS has directory traversal via the ext parameter to assets

CVE-2018-5285

The ImageInject plugin 1.15 for WordPress has CSRF via wp-admin/options-general.php.

CVE-2018-5287

The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php pane

CVE-2018-5289

The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php pane

CVE-2018-5290

The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php pane

CVE-2018-5291

The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php pane

CVE-2018-5298

In the Procter & Gamble 'Oral-B App' (aka com.pg.oralb.oralbapp) application 5.0.0 for Android, AES

CVE-2018-5308

PoDoFo 0.9.5 does not properly validate memcpy arguments in the PdfMemoryOutputStream::Write functio

CVE-2018-5326

Cheetah Mobile CM Browser 5.22.06.0012, when installed on unspecified 'older' Android platforms, all

CVE-2018-5327

Cheetah Mobile Armorfly Browser & Downloader 1.1.05.0010, when installed on unspecified 'older' Andr

CVE-2018-5332

In the Linux kernel through 3.2, the rds_message_alloc_sgs() function does not validate a value that

CVE-2018-5336

In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the JSON, XML, NTP, XMPP, and GDB dissectors could

CVE-2018-5344

In the Linux kernel through 4.14.13, drivers/block/loop.c mishandles lo_release serialization, which

CVE-2018-5345

A stack-based buffer overflow within GNOME gcab through 0.7.4 can be exploited by malicious attacker

CVE-2018-5361

The WPGlobus plugin 1.9.6 for WordPress has CSRF via wp-admin/options.php.

CVE-2018-5368

The SrbTransLatin plugin 1.46 for WordPress has CSRF via an srbtranslatoptions action to wp-admin/op

CVE-2018-5371

diag_ping.cmd on D-Link DSL-2640U devices with firmware IM_1.00 and ME_1.00, and DSL-2540U devices w

CVE-2018-5372

The Testimonial Slider plugin through 1.2.4 for WordPress has SQL Injection via settings\sliders.php

CVE-2018-5373

The Smooth Slider plugin through 2.8.6 for WordPress has SQL Injection via smooth-slider.php (trid p

CVE-2018-5374

The Dbox 3D Slider Lite plugin through 1.2.2 for WordPress has SQL Injection via settings\sliders.ph

CVE-2018-5403

Imperva SecureSphere gateway (GW) running v13, for both pre-First Time Login or post-First Time Logi

CVE-2018-5410

Dokan, versions between 1.0.0.5000 and 1.2.0.1000, are vulnerable to a stack-based buffer overflow i

CVE-2018-5412

Imperva SecureSphere running v12.0.0.50 is vulnerable to local arbitrary code execution, escaping se

CVE-2018-5413

Imperva SecureSphere running v13.0, v12.0, or v11.5 allows low privileged users to add SSH login key

CVE-2018-5481

OnCommand Unified Manager for 7-Mode (core package) prior to 5.2.4 uses cookies that lack the secure

CVE-2018-5656

An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. CSRF exists via

CVE-2018-5658

An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. CSRF exists

CVE-2018-5669

An issue was discovered in the read-and-understood plugin 2.1 for WordPress. CSRF exists via wp-admi

CVE-2018-5673

An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. CSRF exists via wp-admin

CVE-2018-6056

Type confusion could lead to a heap out-of-bounds write in V8 in Google Chrome prior to 64.0.3282.16

CVE-2018-6084

Insufficiently sanitized distributed objects in Updater in Google Chrome on macOS prior to 66.0.3359

CVE-2018-6106

An asynchronous generator may return an incorrect state in V8 in Google Chrome prior to 66.0.3359.11

CVE-2018-6111

An object lifetime issue in the developer tools network handler in Google Chrome prior to 66.0.3359.

CVE-2018-6120

An integer overflow that could lead to an attacker-controlled heap out-of-bounds write in PDFium in

CVE-2018-6124

Type confusion in ReadableStreams in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote a

CVE-2018-6126

A precision error in Skia in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perfor

CVE-2018-6139

Insufficient target checks on the chrome.debugger API in DevTools in Google Chrome prior to 67.0.339

CVE-2018-6140

Allowing the chrome.debugger API to attach to Web UI pages in DevTools in Google Chrome prior to 67.

CVE-2018-6141

Insufficient validation of an image filter in Skia in Google Chrome prior to 67.0.3396.62 allowed a

CVE-2018-6144

Off-by-one error in PDFium in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perfo

CVE-2018-6151

Bad cast in DevTools in Google Chrome on Win, Linux, Mac, Chrome OS prior to 66.0.3359.117 allowed a

CVE-2018-6153

A precision error in Skia in Google Chrome prior to 68.0.3440.75 allowed a remote attacker who had c

CVE-2018-6158

A race condition in Oilpan in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to poten

CVE-2018-6162

Improper deserialization in WebGL in Google Chrome on Mac prior to 68.0.3440.75 allowed a remote att

CVE-2018-6170

A bad cast in PDFium in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially

CVE-2018-6174

Integer overflows in Swiftshader in Google Chrome prior to 68.0.3440.75 potentially allowed a remote

CVE-2018-7794

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580

CVE-2018-8044

K7Computing Pvt Ltd K7Antivirus Premium 15.1.0.53 is affected by: Incorrect Access Control. The impa

CVE-2018-8724

K7Computing Pvt Ltd K7AntiVirus Premium 15.1.0.53 is affected by: Incorrect Access Control. The impa

CVE-2018-8725

K7Computing Pvt Ltd K7AntiVirus Premium 15.01.00.53 is affected by: Buffer Overflow. The impact is:

CVE-2018-8726

K7Computing Pvt Ltd K7Antivirus Premium 15.1.0.53 is affected by: Buffer Overflow. The impact is: ex

CVE-2018-9332

K7Computing Pvt Ltd K7AntiVirus Premium 15.01.00.53 is affected by: Incorrect Access Control. The im

CVE-2018-9333

K7Computing Pvt Ltd K7AntiVirus Premium 15.1.0.53 is affected by: Buffer Overflow. The impact is: ex

CVE-2019-0088

Insufficient path checking in Intel(R) System Support Utility for Windows before 2.5.0.15 may allow

CVE-2019-0542

A remote code execution vulnerability exists in Xterm.js when the component mishandles special chara

CVE-2019-10775

ecstatic have a denial of service vulnerability. Successful exploitation could lead to crash of an a

CVE-2019-11745

When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than

CVE-2019-11756

Improper refcounting of soft token session objects could cause a use-after-free and crash (likely li

CVE-2019-11757

When following the value's prototype chain, it was possible to retain a reference to a locale, delet

CVE-2019-11758

Mozilla community member Philipp reported a memory safety bug present in Firefox 68 when 360 Total S

CVE-2019-11759

An attacker could have caused 4 bytes of HMAC output to be written past the end of a buffer stored o

CVE-2019-11760

A fixed-size stack buffer could overflow in nrappkit when doing WebRTC signaling. This resulted in a

CVE-2019-11764

Mozilla developers and community members reported memory safety bugs present in Firefox 69 and Firef

CVE-2019-11993

A security vulnerability has been identified in HPE SimpliVity 380 Gen 9, HPE SimpliVity 380 Gen 10,

CVE-2019-13767

Use after free in media picker in Google Chrome prior to 79.0.3945.88 allowed a remote attacker who

CVE-2019-13768

Use after free in FileAPI in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potent

CVE-2019-14301

Ricoh SP C250DN 1.06 devices have Incorrect Access Control (issue 1 of 2).

CVE-2019-14306

Ricoh SP C250DN 1.06 devices have Incorrect Access Control (issue 2 of 2).

CVE-2019-14819

A flaw was found during the upgrade of an existing OpenShift Container Platform 3.x cluster. Using C

CVE-2019-14843

A flaw was found in Wildfly Security Manager, running under JDK 11 or 8, that authorized requests fo

CVE-2019-14866

In all versions of cpio before 2.13 does not properly validate input files when generating TAR archi

CVE-2019-14919

An exposed Telnet Service on the Billion Smart Energy Router SG600R2 with firmware v3.02.rc6 allows

CVE-2019-14920

Billion Smart Energy Router SG600R2 Firmware v3.02.rc6 allows an authenticated attacker to gain root

CVE-2019-15977

Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM

CVE-2019-15978

Multiple vulnerabilities in the REST and SOAP API endpoints of Cisco Data Center Network Manager (DC

CVE-2019-15979

Multiple vulnerabilities in the REST and SOAP API endpoints of Cisco Data Center Network Manager (DC

CVE-2019-15980

Multiple vulnerabilities in the REST and SOAP API endpoints and the Application Framework feature of

CVE-2019-15981

Multiple vulnerabilities in the REST and SOAP API endpoints and the Application Framework feature of

CVE-2019-15982

Multiple vulnerabilities in the REST and SOAP API endpoints and the Application Framework feature of

CVE-2019-15984

Multiple vulnerabilities in the REST and SOAP API endpoints of Cisco Data Center Network Manager (DC

CVE-2019-15985

Multiple vulnerabilities in the REST and SOAP API endpoints of Cisco Data Center Network Manager (DC

CVE-2019-17005

The plain text serializer used a fixed-size array for the number of <ol> elements it could process;

CVE-2019-17008

When using nested workers, a use-after-free could occur during worker destruction. This resulted in

CVE-2019-17009

When running, the updater service wrote status and log files to an unrestricted location; potentiall

CVE-2019-17010

Under certain conditions, when checking the Resist Fingerprinting preference during device orientati

CVE-2019-17011

Under certain conditions, when retrieving a document from a DocShell in the antitracking code, a rac

CVE-2019-17012

Mozilla developers reported memory safety bugs present in Firefox 70 and Firefox ESR 68.2. Some of t

CVE-2019-17013

Mozilla developers reported memory safety bugs present in Firefox 70. Some of these bugs showed evid

CVE-2019-17014

If an image had not loaded correctly (such as when it is not actually an image), it could be dragged

CVE-2019-17015

During the initialization of a new content process, a pointer offset can be manipulated leading to m

CVE-2019-17017

Due to a missing case handling object types, a type confusion vulnerability could occur, resulting i

CVE-2019-17019

When Python was installed on Windows, a python file being served with the MIME type of text/plain co

CVE-2019-17024

Mozilla developers reported memory safety bugs present in Firefox 71 and Firefox ESR 68.3. Some of t

CVE-2019-17025

Mozilla developers reported memory safety bugs present in Firefox 71. Some of these bugs showed evid

CVE-2019-17147

This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP

CVE-2019-17148

This vulnerability allows local attackers to escalate privileges on affected installations of Parall

CVE-2019-18194

TotalAV 2020 4.14.31 has a quarantine flaw that allows privilege escalation. Exploitation uses an NT

CVE-2019-18386

Systems management on Unisys ClearPath Forward Libra and ClearPath MCP Software Series can fault and

CVE-2019-18625

An issue was discovered in Suricata 5.0.0. It was possible to bypass/evade any tcp based signature b

CVE-2019-19261

GitLab Enterprise Edition (EE) 6.7 and later through 12.5 allows SSRF.

CVE-2019-19313

GitLab EE 12.3 through 12.5, 12.4.3, and 12.3.6 allows Denial of Service. Certain characters were ma

CVE-2019-19314

GitLab EE 8.4 through 12.5, 12.4.3, and 12.3.6 stored several tokens in plaintext.

CVE-2019-19475

An issue was discovered in ManageEngine Applications Manager 14 with Build 14360. Integrated Postgre

CVE-2019-19494

Broadcom based cable modems across multiple vendors are vulnerable to a buffer overflow, which allow

CVE-2019-19509

An issue was discovered in rConfig 3.9.3. A remote authenticated user can directly execute system co

CVE-2019-19544

CA Automic Dollar Universe 5.3.3 contains a vulnerability, related to the uxdqmsrv binary being setu

CVE-2019-19585

An issue was discovered in rConfig 3.9.3. The install script updates the /etc/sudoers file for rconf

CVE-2019-19629

In GitLab EE 10.5 through 12.5.3, 12.4.5, and 12.3.8, when transferring a public project to a privat

CVE-2019-19820

An invalid pointer vulnerability in IOCTL Handling in the kyrld.sys driver in Kyrol Internet Securit

CVE-2019-19911

There is a DoS vulnerability in Pillow before 6.2.2 caused by FpxImagePlugin.py calling the range fu

CVE-2019-19959

ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving e

CVE-2019-20004

An issue was discovered on Intelbras IWR 3000N 1.8.7 devices. When the administrator password is cha

CVE-2019-20155

An issue was discovered in report_edit.jsp in Determine (formerly Selectica) Contract Lifecycle Mana

CVE-2019-20205

libsixel 1.8.4 has an integer overflow in sixel_frame_resize in frame.c.

CVE-2019-20213

D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUT

CVE-2019-20218

selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing

CVE-2019-20219

ngiflib 0.4 has a heap-based buffer over-read in GifIndexToTrueColor in ngiflib.c.

CVE-2019-20224

netflow_get_stats in functions_netflow.php in Pandora FMS 7.0NG allows remote authenticated users to

CVE-2019-20329

OpenLambda 2019-09-10 allows DNS rebinding attacks against the OL server for the REST API on TCP por

CVE-2019-20337

In PHP Scripts Mall advanced-real-estate-script 4.0.9, the news_edit.php news_id parameter is vulner

CVE-2019-20352

In Netwide Assembler (NASM) 2.15rc0, a heap-based buffer over-read occurs (via a crafted .asm file)

CVE-2019-20360

A flaw in Give before 2.5.5, a WordPress plugin, allowed unauthenticated users to bypass API authent

CVE-2019-20362

In Teradici PCoIP Agent before 19.08.1 and PCoIP Client before 19.08.3, an unquoted service path can

CVE-2019-20374

A mutation cross-site scripting (XSS) issue in Typora through 0.9.9.31.2 on macOS and through 0.9.81

CVE-2019-20484

An issue was discovered in Viki Vera 4.9.1.26180. A user without access to a project could download

CVE-2019-3494

Simply-Blog through 2019-01-01 has SQL Injection via the admin/deleteCategories.php delete parameter

CVE-2019-3500

aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Authentication username and pass

CVE-2019-3574

In libsixel v1.8.2, there is a heap-based buffer over-read in the function load_jpeg() in the file l

CVE-2019-3575

Sqla_yaml_fixtures 0.9.1 allows local users to execute arbitrary python code via the fixture_text ar

CVE-2019-3580

OpenRefine through 3.1 allows arbitrary file write because Directory Traversal can occur during the

CVE-2019-3581

Improper input validation in the proxy component of McAfee Web Gateway 7.8.2.0 and later allows remo

CVE-2019-3803

Pivotal Concourse, all versions prior to 4.2.2, puts the user access token in a url during the login

CVE-2019-4508

IBM QRadar SIEM 7.3.0 through 7.3.3 uses weak credential storage in some instances which could be de

CVE-2019-4728

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_2, 6.0.0.0 through 6.0.3.2, and

CVE-2019-5007

An issue was discovered in Foxit Reader and PhantomPDF before 9.4 on Windows. It is an Out-of-Bounds

CVE-2019-5009

Vtiger CRM 7.1.0 before Hotfix2 allows uploading files with the extension 'php3' in the logo upload

CVE-2019-5063

An exploitable heap buffer overflow vulnerability exists in the data structure persistence functiona

CVE-2019-5064

An exploitable heap buffer overflow vulnerability exists in the data structure persistence functiona

CVE-2019-5304

Some Huawei products have a buffer error vulnerability. An unauthenticated, remote attacker could se

CVE-2019-5488

EARCLINK ESPCMS-P8 has SQL injection in the install_pack/index.php?ac=Member&at=verifyAccount verify

CVE-2019-5747

An issue was discovered in BusyBox through 1.30.0. An out of bounds read in udhcp components (consum

CVE-2019-5887

An issue was discovered in ShopXO 1.2.0. In the UnlinkDir method of the FileUtil.php file, the input

CVE-2019-5987

Access analysis CGI An-Analyzer released in 2019 June 24 and earlier allows remote authenticated att

CVE-2019-5990

Access analysis CGI An-Analyzer released in 2019 June 24 and earlier allow remote attackers to obtai

CVE-2019-6126

The Admin Panel of PHP Scripts Mall Advance Peer to Peer MLM Script v1.7.0 allows remote attackers t

CVE-2019-6127

An issue was discovered in XiaoCms 20141229. It allows admin/index.php?c=database table SQL injectio

CVE-2019-6128

The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rg

CVE-2019-6132

An issue was discovered in Bento4 v1.5.1-627. There is a memory leak in AP4_DescriptorFactory::Creat

CVE-2019-6135

An issue has been found in libIEC61850 v1.3.1. Memory_malloc in hal/memory/lib_memory.c has a memory

CVE-2019-6136

An issue has been found in libIEC61850 v1.3.1. Ethernet_setProtocolFilter in hal/ethernet/linux/ethe

CVE-2019-6137

An issue was discovered in lib60870 2.1.1. LinkLayer_setAddress in link_layer/link_layer.c has a NUL

CVE-2019-6138

An issue has been found in libIEC61850 v1.3.1. Memory_malloc and Memory_calloc in hal/memory/lib_mem

CVE-2019-6244

An issue was discovered in UsualToolCMS 8.0. cmsadmin/a_sqlbackx.php?t=sql allows CSRF attacks that

CVE-2019-6245

An issue was discovered in Anti-Grain Geometry (AGG) 2.4 as used in SVG++ (aka svgpp) 1.2.3. In the

CVE-2019-6247

An issue was discovered in Anti-Grain Geometry (AGG) 2.4 as used in SVG++ (aka svgpp) 1.2.3. A heap-

CVE-2019-6319

HP DeskJet 3630 All-in-One Printers models F5S43A - F5S57A, K4T93A - K4T99C, K4U00B - K4U03B, and V3

CVE-2019-6320

Certain HP DeskJet 3630 All-in-One Printers models F5S43A - F5S57A, K4T93A - K4T99C, K4U00B - K4U03B

CVE-2019-6854

A CWE-287: Improper Authentication vulnerability exists in a folder within EcoStruxure Geo SCADA Exp

CVE-2019-6855

Incorrect Authorization vulnerability exists in EcoStruxure Control Expert (all versions prior to 14

CVE-2019-6856

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580

CVE-2019-6857

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580

CVE-2020-0001

In getProcessRecordLocked of ActivityManagerService.java isolated apps are not handled correctly. Th

CVE-2020-0002

In ih264d_init_decoder of ih264d_api.c, there is a possible out of bounds write due to a use after f

CVE-2020-10657

The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains a

CVE-2020-11263

An integer overflow due to improper check performed after the address and size passed are aligned in

CVE-2020-13449

A directory traversal vulnerability in the Markdown engine of Gotenberg through 6.2.1 allows an atta

CVE-2020-13539

An exploitable local privilege elevation vulnerability exists in the file system permissions of the

CVE-2020-13540

An exploitable local privilege elevation vulnerability exists in the file system permissions of the

CVE-2020-13541

An exploitable local privilege elevation vulnerability exists in the file system permissions of the

CVE-2020-13544

An exploitable sign extension vulnerability exists in the TextMaker document parsing functionality o

CVE-2020-13545

An exploitable signed conversion vulnerability exists in the TextMaker document parsing functionalit

CVE-2020-13559

A denial-of-service vulnerability exists in the traffic-logging functionality of FreyrSCADA IEC-6087

CVE-2020-13573

A denial-of-service vulnerability exists in the Ethernet/IP server functionality of Rockwell Automat

CVE-2020-14274

Information disclosure vulnerability in HCL Commerce 9.0.1.9 through 9.0.1.14 and 9.1 through 9.1.4

CVE-2020-16013

Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.198 allowed a remote attacker

CVE-2020-16015

Insufficient data validation in WASM in Google Chrome prior to 87.0.4280.66 allowed a remote attacke

CVE-2020-16019

Inappropriate implementation in filesystem in Google Chrome on ChromeOS prior to 87.0.4280.66 allowe

CVE-2020-16020

Inappropriate implementation in cryptohome in Google Chrome on ChromeOS prior to 87.0.4280.66 allowe

CVE-2020-16021

Race in image burner in Google Chrome on ChromeOS prior to 87.0.4280.66 allowed a remote attacker wh

CVE-2020-16022

Insufficient policy enforcement in networking in Google Chrome prior to 87.0.4280.66 allowed a remot

CVE-2020-16023

Use after free in WebCodecs in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to pote

CVE-2020-16026

Use after free in WebRTC in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to potenti

CVE-2020-16028

Heap buffer overflow in WebRTC in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to p

CVE-2020-16029

Inappropriate implementation in PDFium in Google Chrome prior to 87.0.4280.66 allowed a remote attac

CVE-2020-16035

Insufficient data validation in cros-disks in Google Chrome on ChromeOS prior to 87.0.4280.66 allowe

CVE-2020-16037

Use after free in clipboard in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to pote

CVE-2020-16038

Use after free in media in Google Chrome on OS X prior to 87.0.4280.88 allowed a remote attacker to

CVE-2020-16039

Use after free in extensions in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to pot

CVE-2020-16041

Out of bounds read in networking in Google Chrome prior to 87.0.4280.88 allowed a remote attacker wh

CVE-2020-16043

Insufficient data validation in networking in Google Chrome prior to 87.0.4280.141 allowed a remote

CVE-2020-16146

Espressif ESP-IDF 2.x, 3.0.x through 3.0.9, 3.1.x through 3.1.7, 3.2.x through 3.2.3, 3.3.x through

CVE-2020-17502

Barco TransForm N before 3.8 allows Command Injection (issue 2 of 4). The NDN-210 has a web administ

CVE-2020-17503

The NDN-210 has a web administration panel which is made available over https. There is a command in

CVE-2020-17504

The NDN-210 has a web administration panel which is made available over https. There is a command in

CVE-2020-17508

The ATS ESI plugin has a memory disclosure vulnerability. If you are running the plugin please upgra

CVE-2020-17509

ATS negative cache option is vulnerable to a cache poisoning attack. If you have this option enabled

CVE-2020-17518

Apache Flink 1.5.1 introduced a REST handler that allows you to write an uploaded file to an arbitra

CVE-2020-17519

A change introduced in Apache Flink 1.11.0 (and released in 1.11.1 and 1.11.2 as well) allows attack

CVE-2020-17534

There exists a race condition between the deletion of the temporary file and the creation of the tem

CVE-2020-1871

USG9500 with software of V500R001C30SPC100; V500R001C30SPC200; V500R001C30SPC600; V500R001C60SPC500;

CVE-2020-1925

Apache Olingo versions 4.0.0 to 4.7.0 provide the AsyncRequestWrapperImpl class which reads a URL fr

CVE-2020-22550

Veno File Manager 3.5.6 is affected by a directory traversal vulnerability. Using the traversal allo

CVE-2020-23026

A NULL pointer dereference in the main() function dhry_1.c of dhrystone 2.1 causes a denial of servi

CVE-2020-23630

A blind SQL injection vulnerability exists in zzcms ver201910 based on time (cookie injection).

CVE-2020-23960

Multiple cross-site request forgery (CSRF) vulnerabilities in the Admin Console in Fork before 5.8.3

CVE-2020-24577

An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. The

CVE-2020-2508

A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this

CVE-2020-25275

Dovecot before 2.3.13 has Improper Input Validation in lda, lmtp, and imap, leading to an applicatio

CVE-2020-26050

SaferVPN for Windows Ver 5.0.3.3 through 5.0.4.15 could allow local privilege escalation from low pr

CVE-2020-26118

In SmartBear Collaborator Server through 13.3.13302, use of the Google Web Toolkit (GWT) API introdu

CVE-2020-26181

Dell EMC Isilon OneFS versions 8.1 and later and Dell EMC PowerScale OneFS version 9.0.0 contain a p

CVE-2020-26664

A vulnerability in EbmlTypeDispatcher::send in VideoLAN VLC media player 3.0.11 allows attackers to

CVE-2020-26773

Restaurant Reservation System 1.0 suffers from an authenticated SQL injection vulnerability, which a

CVE-2020-26971

Certain blit values provided by the user were not properly constrained leading to a heap buffer over

CVE-2020-26973

Certain input to the CSS Sanitizer confused it, resulting in incorrect components being removed. Thi

CVE-2020-26974

When flex-basis was used on a table wrapper, a StyleGenericFlexBasis object could have been incorrec

CVE-2020-26980

A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All

CVE-2020-26982

A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All

CVE-2020-26983

A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All

CVE-2020-26984

A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All

CVE-2020-26985

A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All

CVE-2020-26986

A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All

CVE-2020-26987

A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All

CVE-2020-26988

A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All

CVE-2020-26989

A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Solid Edge SE2020 (All Vers

CVE-2020-26990

A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (A

CVE-2020-26991

A vulnerability has been identified in JT2Go (All versions < V13.1.0.2), Teamcenter Visualization (A

CVE-2020-26992

A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All

CVE-2020-26993

A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All

CVE-2020-26994

A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All

CVE-2020-26995

A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All

CVE-2020-26996

A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All

CVE-2020-27059

In onAuthenticated of AuthenticationClient.java, there is a possible tapjacking attack when requesti

CVE-2020-27148

The TIBCO EBX Add-on for Oracle Hyperion EPM, TIBCO EBX Data Exchange Add-on, and TIBCO EBX Insight

CVE-2020-27275

Delta Electronics DOPSoft Version 4.0.8.21 and prior is vulnerable to an out-of-bounds write while p

CVE-2020-27277

Delta Electronics DOPSoft Version 4.0.8.21 and prior has a null pointer dereference issue while proc

CVE-2020-27279

A NULL pointer deference vulnerability has been identified in the protocol converter. An attacker co

CVE-2020-27281

A stack-based buffer overflow may exist in Delta Electronics CNCSoft ScreenEditor versions 1.01.26 a

CVE-2020-27287

Delta Electronics CNCSoft-B Versions 1.0.0.2 and prior is vulnerable to an out-of-bounds write while

CVE-2020-27289

Delta Electronics CNCSoft-B Versions 1.0.0.2 and prior has a null pointer dereference issue while pr

CVE-2020-27291

Delta Electronics CNCSoft-B Versions 1.0.0.2 and prior is vulnerable to an out-of-bounds read while

CVE-2020-27293

Delta Electronics CNCSoft-B Versions 1.0.0.2 and prior has a type confusion issue while processing p

CVE-2020-27844

A flaw was found in openjpeg's src/lib/openjp2/t2.c in versions prior to 2.4.0. This flaw allows an

CVE-2020-28374

In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier che

CVE-2020-28381

A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP12), Solid Edge SE2

CVE-2020-28382

A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP12), Solid Edge SE2

CVE-2020-28383

A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Solid Edge SE2020 (All Vers

CVE-2020-28384

A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP12), Solid Edge SE2

CVE-2020-28386

A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP12), Solid Edge SE2

CVE-2020-28672

MonoCMS Blog 1.0 is affected by incorrect access control that can lead to remote arbitrary code exec

CVE-2020-28679

A vulnerability in the showReports module of Zoho ManageEngine Applications Manager before build 145

CVE-2020-28851

In x/text in Go 1.15.4, an 'index out of range' panic occurs in language.ParseAcceptLanguage while p

CVE-2020-28852

In x/text in Go before v0.3.5, a 'slice bounds out of range' panic occurs in language.ParseAcceptLan

CVE-2020-29050

SphinxSearch in Sphinx Technologies Sphinx through 3.1.1 allows directory traversal (in conjunction

CVE-2020-29478

CA Service Catalog 17.2 and 17.3 contain a vulnerability in the default configuration of the Setup U

CVE-2020-29491

Dell Wyse ThinOS 8.6 and prior versions contain an insecure default configuration vulnerability. A r

CVE-2020-35112

If a user downloaded a file lacking an extension on Windows, and then 'Open'-ed it from the download

CVE-2020-35113

Mozilla developers reported memory safety bugs present in Firefox 83 and Firefox ESR 78.5. Some of t

CVE-2020-35114

Mozilla developers reported memory safety bugs present in Firefox 83. Some of these bugs showed evid

CVE-2020-35459

An issue was discovered in ClusterLabs crmsh through 4.2.1. Local attackers able to call 'crm histor

CVE-2020-35483

AnyDesk before 6.1.0 on Windows, when run in portable mode on a system where the attacker has write

CVE-2020-35488

The fileop module of the NXLog service in NXLog Community Edition 2.10.2150 allows remote attackers

CVE-2020-35653

In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because th

CVE-2020-35654

In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr file

CVE-2020-35701

An issue was discovered in Cacti 1.2.x through 1.2.16. A SQL injection vulnerability in data_debug.p

CVE-2020-35745

PHPGURUKUL Hospital Management System V 4.0 does not properly restrict access to admin/dashboard.php

CVE-2020-35962

The sellTokenForLRC function in the vault protocol in the smart contract implementation for Loopring

CVE-2020-35963

flb_gzip_compress in flb_gzip.c in Fluent Bit before 1.6.4 has an out-of-bounds write because it doe

CVE-2020-35965

decode_frame in libavcodec/exr.c in FFmpeg 4.3.1 has an out-of-bounds write because of errors in cal

CVE-2020-36048

Engine.IO before 4.0.0 allows attackers to cause a denial of service (resource consumption) via a PO

CVE-2020-36049

socket.io-parser before 3.4.1 allows attackers to cause a denial of service (memory consumption) via

CVE-2020-36051

Directory traversal vulnerability in page_edit.php in MiniCMS V1.10 allows remote attackers to read

CVE-2020-36066

GJSON <1.6.5 allows attackers to cause a denial of service (remote) via crafted JSON.

CVE-2020-36067

GJSON <=v1.6.5 allows attackers to cause a denial of service (panic: runtime error: slice bounds out

CVE-2020-36154

The Application Wrapper in Pearson VUE VTS Installer 2.3.1911 has Full Control permissions for Every

CVE-2020-36156

An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Authenticated

CVE-2020-36160

An issue was discovered in Veritas System Recovery before 21.2. On start-up, it loads the OpenSSL li

CVE-2020-36161

An issue was discovered in Veritas APTARE 10.4 before 10.4P9 and 10.5 before 10.5P3. By default, on

CVE-2020-36162

An issue was discovered in Veritas CloudPoint before 8.3.0.1+hotfix. The CloudPoint Windows Agent le

CVE-2020-36163

An issue was discovered in Veritas NetBackup and OpsCenter through 8.3.0.1. NetBackup processes usin

CVE-2020-36164

An issue was discovered in Veritas Enterprise Vault through 14.0. On start-up, it loads the OpenSSL

CVE-2020-36165

An issue was discovered in Veritas Desktop and Laptop Option (DLO) before 9.4. On start-up, it loads

CVE-2020-36166

An issue was discovered in Veritas InfoScale 7.x through 7.4.2 on Windows, Storage Foundation throug

CVE-2020-36167

An issue was discovered in the server in Veritas Backup Exec through 16.2, 20.6 before hotfix 298543

CVE-2020-36168

An issue was discovered in Veritas Resiliency Platform 3.4 and 3.5. It leverages OpenSSL on Windows

CVE-2020-36169

An issue was discovered in Veritas NetBackup through 8.3.0.1 and OpsCenter through 8.3.0.1. Processe

CVE-2020-36176

The iThemes Security (formerly Better WP Security) plugin before 7.7.0 for WordPress does not enforc

CVE-2020-36179

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadg

CVE-2020-36180

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadg

CVE-2020-36181

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadg

CVE-2020-36182

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadg

CVE-2020-36183

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadg

CVE-2020-36184

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadg

CVE-2020-36185

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadg

CVE-2020-36186

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadg

CVE-2020-36187

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadg

CVE-2020-36188

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadg

CVE-2020-36189

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadg

CVE-2020-4079

Combodo iTop is a web based IT Service Management tool. In iTop before versions 2.7.2 and 2.8.0, whe

CVE-2020-4762

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_2, 6.0.0.0 through 6.0.3.2, and

CVE-2020-4898

IBM Emptoris Strategic Supply Management 10.1.3 uses weaker than expected cryptographic algorithms t

CVE-2020-4912

IBM Cloud Pak System 2.3 Self Service Console could allow a privilege escalation by capturing the us

CVE-2020-4917

IBM Cloud Pak System 2.3 is vulnerable to cross-site request forgery which could allow an attacker t

CVE-2020-4942

IBM Curam Social Program Management 7.0.9 and 7.0.11 is vulnerable to cross-site request forgery whi

CVE-2020-5018

IBM Spectrum Protect Plus 10.1.0 through 10.1.6 may include sensitive information in its URLs increa

CVE-2020-5146

A vulnerability in SonicWall SMA100 appliance allow an authenticated management-user to perform OS c

CVE-2020-5179

Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated administrators to execute arbitrar

CVE-2020-5183

FTPGetter Professional 5.97.0.223 is vulnerable to a memory corruption bug when a user sends a speci

CVE-2020-5192

PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple SQL injection vulnerabilitie

CVE-2020-5204

In uftpd before 2.11, there is a buffer overflow vulnerability in handle_PORT in ftpcmd.c that is ca

CVE-2020-5310

libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding integer overflow, related to real

CVE-2020-5313

libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow.

CVE-2020-5361

Select Dell Client Commercial and Consumer platforms support a BIOS password reset capability that i

CVE-2020-5395

FontForge 20190801 has a use-after-free in SFD_GetFontMetaData in sfd.c.

CVE-2020-5496

FontForge 20190801 has a heap-based buffer overflow in the Type2NotDefSplines() function in splinesa

CVE-2020-5511

PHPGurukul Small CRM v2.0 was found vulnerable to authentication bypass via SQL injection when loggi

CVE-2020-5804

Marvell QConvergeConsole GUI <= 5.5.0.74 is affected by a path traversal vulnerability. The deleteEv

CVE-2020-5805

In Marvell QConvergeConsole GUI <= 5.5.0.74, credentials are stored in cleartext in tomcat-users.xml

CVE-2020-5846

An insecure file upload and code execution issue was discovered in Ahsay Cloud Backup Suite 8.3.0.30

CVE-2020-5956

An issue was discovered in SdLegacySmm in Insyde InsydeH2O with kernel 5.1 before 05.15.11, 5.2 befo

CVE-2020-6167

A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance Mode through 2.10, allows a CSRF a

CVE-2020-6168

A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance Mode through 2.10, allows authenti

CVE-2020-6377

Use after free in audio in Google Chrome prior to 79.0.3945.117 allowed a remote attacker to potenti

CVE-2020-6609

GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in read_pages_map in decode_r2007.c.

CVE-2020-6612

GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in copy_compressed_bytes in decode_r2007.c

CVE-2020-6613

GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bit_search_sentinel in bits.c.

CVE-2020-6614

GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bfr_read in decode.c.

CVE-2020-6617

stb stb_truetype.h through 1.22 has an assertion failure in stbtt__cff_int.

CVE-2020-6618

stb stb_truetype.h through 1.22 has a heap-based buffer over-read in stbtt__find_table.

CVE-2020-6619

stb stb_truetype.h through 1.22 has an assertion failure in stbtt__buf_seek.

CVE-2020-6620

stb stb_truetype.h through 1.22 has a heap-based buffer over-read in stbtt__buf_get8.

CVE-2020-6621

stb stb_truetype.h through 1.22 has a heap-based buffer over-read in ttUSHORT.

CVE-2020-6622

stb stb_truetype.h through 1.22 has a heap-based buffer over-read in stbtt__buf_peek8.

CVE-2020-6623

stb stb_truetype.h through 1.22 has an assertion failure in stbtt__cff_get_index.

CVE-2020-6624

jhead through 3.04 has a heap-based buffer over-read in process_DQT in jpgqguess.c.

CVE-2020-6625

jhead through 3.04 has a heap-based buffer over-read in Get32s when called from ProcessGpsInfo in gp

CVE-2020-6628

Ming (aka libming) 0.4.8 has a heap-based buffer over-read in the function decompile_SWITCH() in dec

CVE-2020-6655

The Eaton's easySoft software v7.xx prior to v7.22 are susceptible to Out-of-bounds remote code exec

CVE-2020-6656

Eaton's easySoft software v7.xx prior to v7.22 are susceptible to file parsing type confusion remote

CVE-2020-6757

contentHostProperties.php in Rasilient PixelStor 5000 K:4.0.1580-20150629 (KDI Version) allows authe

CVE-2020-8884

rcdsvc in the Proofpoint Insider Threat Management Windows Agent (formerly ObserveIT Windows Agent)

CVE-2020-9057

Z-Wave devices based on Silicon Labs 100, 200, and 300 series chipsets do not support encryption, al

CVE-2020-9058

Z-Wave devices based on Silicon Labs 500 series chipsets using CRC-16 encapsulation, including but l

CVE-2021-0303

In dispatchGraphTerminationMessage() of packages/services/Car/computepipe/runner/graph/StreamSetObse

CVE-2021-0306

In addAllPermissions of PermissionManagerService.java, there is a possible permissions bypass when u

CVE-2021-0307

In updatePermissionSourcePackage of PermissionManagerService.java, there is a possible automatic run

CVE-2021-0310

In LazyServiceRegistrar of LazyServiceRegistrar.cpp, there is a possible memory corruption due to a

CVE-2021-0313

In isWordBreakAfter of LayoutUtils.cpp, there is a possible way to slow or crash a TextView due to i

CVE-2021-0315

In onCreate of GrantCredentialsPermissionActivity.java, there is a possible way to convince the user

CVE-2021-0317

In createOrUpdate of Permission.java and related code, there is possible permission escalation due t

CVE-2021-0318

In appendEventsToCacheLocked of SensorEventConnection.cpp, there is a possible out of bounds write d

CVE-2021-0319

In checkCallerIsSystemOr of CompanionDeviceManagerService.java, there is a possible way to get a nea

CVE-2021-1051

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sy

CVE-2021-1052

NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kerne

CVE-2021-1056

NVIDIA GPU Display Driver for Linux, all versions, contains a vulnerability in the kernel mode layer

CVE-2021-1057

NVIDIA Virtual GPU Manager NVIDIA vGPU manager contains a vulnerability in the vGPU plugin in which

CVE-2021-1058

NVIDIA vGPU software contains a vulnerability in the guest kernel mode driver and vGPU plugin, in wh

CVE-2021-1059

NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which an input index is not vali

CVE-2021-1060

NVIDIA vGPU software contains a vulnerability in the guest kernel mode driver and vGPU plugin, in wh

CVE-2021-1062

NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which an input data length is no

CVE-2021-1063

NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which an input offset is not val

CVE-2021-1064

NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which it obtains a value from an

CVE-2021-1065

NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which input data is not validate

CVE-2021-1573

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software an

CVE-2021-1638

Microsoft is aware of the &quot;Impersonation in the Passkey Entry Protocol&quot; vulnerability. For

CVE-2021-1642

Windows AppX Deployment Extensions Elevation of Privilege Vulnerability

CVE-2021-1643

HEVC Video Extensions Remote Code Execution Vulnerability

CVE-2021-1644

HEVC Video Extensions Remote Code Execution Vulnerability

CVE-2021-1647

Microsoft Defender Remote Code Execution Vulnerability

CVE-2021-1648

Microsoft splwow64 Elevation of Privilege Vulnerability

CVE-2021-1649

Active Template Library Elevation of Privilege Vulnerability

CVE-2021-1650

Windows Runtime C++ Template Library Elevation of Privilege Vulnerability

CVE-2021-1651

Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability

CVE-2021-1652

Windows CSC Service Elevation of Privilege Vulnerability

CVE-2021-1653

Windows CSC Service Elevation of Privilege Vulnerability

CVE-2021-1654

Windows CSC Service Elevation of Privilege Vulnerability

CVE-2021-1655

Windows CSC Service Elevation of Privilege Vulnerability

CVE-2021-1657

Windows Fax Compose Form Remote Code Execution Vulnerability

CVE-2021-1658

Remote Procedure Call Runtime Remote Code Execution Vulnerability

CVE-2021-1659

Windows CSC Service Elevation of Privilege Vulnerability

CVE-2021-1660

Remote Procedure Call Runtime Remote Code Execution Vulnerability

CVE-2021-1661

Windows Installer Elevation of Privilege Vulnerability

CVE-2021-1662

Windows Event Tracing Elevation of Privilege Vulnerability

CVE-2021-1664

Remote Procedure Call Runtime Remote Code Execution Vulnerability

CVE-2021-1666

Remote Procedure Call Runtime Remote Code Execution Vulnerability

CVE-2021-1667

Remote Procedure Call Runtime Remote Code Execution Vulnerability

CVE-2021-1668

Microsoft DTV-DVD Video Decoder Remote Code Execution Vulnerability

CVE-2021-1669

Windows Remote Desktop Security Feature Bypass Vulnerability

CVE-2021-1671

Remote Procedure Call Runtime Remote Code Execution Vulnerability

CVE-2021-1673

Remote Procedure Call Runtime Remote Code Execution Vulnerability

CVE-2021-1674

Windows Remote Desktop Protocol Core Security Feature Bypass Vulnerability

CVE-2021-1680

Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability

CVE-2021-1681

Windows WalletService Elevation of Privilege Vulnerability

CVE-2021-1685

Windows AppX Deployment Extensions Elevation of Privilege Vulnerability

CVE-2021-1686

Windows WalletService Elevation of Privilege Vulnerability

CVE-2021-1687

Windows WalletService Elevation of Privilege Vulnerability

CVE-2021-1688

Windows CSC Service Elevation of Privilege Vulnerability

CVE-2021-1689

Windows Multipoint Management Elevation of Privilege Vulnerability

CVE-2021-1690

Windows WalletService Elevation of Privilege Vulnerability

CVE-2021-1693

Windows CSC Service Elevation of Privilege Vulnerability

CVE-2021-1694

Windows Update Stack Elevation of Privilege Vulnerability

CVE-2021-1695

Windows Print Spooler Elevation of Privilege Vulnerability

CVE-2021-1697

Windows InstallService Elevation of Privilege Vulnerability

CVE-2021-1700

Remote Procedure Call Runtime Remote Code Execution Vulnerability

CVE-2021-1701

Remote Procedure Call Runtime Remote Code Execution Vulnerability

CVE-2021-1702

Windows Remote Procedure Call Runtime Elevation of Privilege Vulnerability

CVE-2021-1703

Windows Event Logging Service Elevation of Privilege Vulnerability

CVE-2021-1704

Windows Hyper-V Elevation of Privilege Vulnerability

CVE-2021-1707

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVE-2021-1710

Microsoft Windows Media Foundation Remote Code Execution Vulnerability

CVE-2021-1711

Microsoft Office Remote Code Execution Vulnerability

CVE-2021-1712

Microsoft SharePoint Elevation of Privilege Vulnerability

CVE-2021-1719

Microsoft SharePoint Elevation of Privilege Vulnerability

CVE-2021-1723

ASP.NET Core and Visual Studio Denial of Service Vulnerability

CVE-2021-1894

Improper access control in TrustZone due to improper error handling while handling the signing key i

CVE-2021-20046

A Stack-based buffer overflow in the SonicOS HTTP Content-Length response header allows a remote aut

CVE-2021-20048

A Stack-based buffer overflow in the SonicOS SessionID HTTP response header allows a remote authenti

CVE-2021-21112

Use after free in Blink in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potenti

CVE-2021-21113

Heap buffer overflow in Skia in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to po

CVE-2021-21114

Use after free in audio in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potenti

CVE-2021-21116

Heap buffer overflow in audio in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to p

CVE-2021-21234

spring-boot-actuator-logview in a library that adds a simple logfile viewer as spring boot actuator

CVE-2021-21241

The Python 'Flask-Security-Too' package is used for adding security features to your Flask applicati

CVE-2021-21408

Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from app

CVE-2021-21446

SAP NetWeaver AS ABAP, versions 740, 750, 751, 752, 753, 754, 755, allows an unauthenticated attacke

CVE-2021-21449

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated IFF file received fr

CVE-2021-21450

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PSD file received fr

CVE-2021-21451

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated SGI file received fr

CVE-2021-21452

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated GIF file received fr

CVE-2021-21453

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated RLE file received fr

CVE-2021-21454

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated RLE file received fr

CVE-2021-21455

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated DIB file received fr

CVE-2021-21456

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated DIB file received fr

CVE-2021-21457

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated IFF file received fr

CVE-2021-21458

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated IFF file received fr

CVE-2021-21459

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated IFF file received fr

CVE-2021-21460

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated DIB file received fr

CVE-2021-21461

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated BMP file received fr

CVE-2021-21462

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PCX file received fr

CVE-2021-21463

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PCX file received fr

CVE-2021-21466

SAP Business Warehouse, versions 700, 701, 702, 711, 730, 731, 740, 750, 782 and SAP BW/4HANA, versi

CVE-2021-21469

When security guidelines for SAP NetWeaver Master Data Management running on windows have not been t

CVE-2021-21495

MK-AUTH through 19.01 K4.9 allows CSRF for password changes via the central/executar_central.php?aca

CVE-2021-22045

VMware ESXi (7.0, 6.7 before ESXi670-202111101-SG and 6.5 before ESXi650-202110101-SG), VMware Works

CVE-2021-23154

In Lens prior to 5.3.4, custom helm chart configuration creates helm commands from string concatenat

CVE-2021-23218

When running with FIPS mode enabled, Mirantis Container Runtime 20.10.8 leaks memory during TLS Hand

CVE-2021-23240

selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain f

CVE-2021-24786

The Download Monitor WordPress plugin before 4.4.5 does not properly validate and escape the 'orderb

CVE-2021-24831

All AJAX actions of the Tab WordPress plugin before 1.3.2 are available to both unauthenticated and

CVE-2021-24862

The RegistrationMagic WordPress plugin before 5.0.1.6 does not escape user input in its rm_chronos_a

CVE-2021-24893

The Stars Rating WordPress plugin before 3.5.1 does not validate the submitted rating, allowing subm

CVE-2021-24948

The Plus Addons for Elementor - Pro WordPress plugin before 5.0.7 does not validate the qvquery para

CVE-2021-25023

The Speed Booster Pack ⚡ PageSpeed Optimization Suite WordPress plugin before 4.3.3.1 does not escap

CVE-2021-25030

The Events Made Easy WordPress plugin before 2.2.36 does not sanitise and escape the search_text par

CVE-2021-25051

The Modal Window WordPress plugin before 5.2.2 within the wow-company admin menu page allows to incl

CVE-2021-25052

The Button Generator WordPress plugin before 2.3.3 within the wow-company admin menu page allows to

CVE-2021-25053

The WP Coder WordPress plugin before 2.5.2 within the wow-company admin menu page allows to include(

CVE-2021-25054

The WPcalc WordPress plugin through 2.1 does not sanitize user input into the 'did' parameter and us

CVE-2021-25994

In Userfrosting, versions v0.3.1 to v4.6.2 are vulnerable to Host Header Injection. By luring a vict

CVE-2021-26316

Failure to validate the communication buffer and communication service in the BIOS may allow an atta

CVE-2021-26398

Insufficient input validation in SYS_KEY_DERIVE system call in a compromised user application or ABL

CVE-2021-26402

Insufficient bounds checking in ASP (AMD Secure Processor) firmware while handling BIOS mailbox comm

CVE-2021-26409

Insufficient bounds checking in SEV-ES may allow an attacker to corrupt Reverse Map table (RMP) memo

CVE-2021-27738

All request mappings in `StreamingCoordinatorController.java` handling `/kylin/api/streaming_coordin

CVE-2021-29454

Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from app

CVE-2021-3004

The _deposit function in the smart contract implementation for Stable Yield Credit (yCREDIT), an Eth

CVE-2021-3006

The breed function in the smart contract implementation for Farm in Seal Finance (Seal), an Ethereum

CVE-2021-3019

ffay lanproxy 0.1 allows Directory Traversal to read /../conf/config.properties to obtain credential

CVE-2021-3025

Invision Community IPS Community Suite before 4.5.4.2 allows SQL Injection via the Downloads REST AP

CVE-2021-30262

Improper validation of a socket state when socket events are being sent to clients can lead to inval

CVE-2021-30267

Possible integer overflow to buffer overflow due to improper input validation in FTM ARA commands in

CVE-2021-30268

Possible heap Memory Corruption Issue due to lack of input validation when sending HWTC IQ Capture c

CVE-2021-30269

Possible null pointer dereference due to lack of TLB validation for user provided address in Snapdra

CVE-2021-30270

Possible null pointer dereference in thread profile trap handler due to lack of thread ID validation

CVE-2021-30271

Possible null pointer dereference in trap handler due to lack of thread ID validation before derefer

CVE-2021-30272

Possible null pointer dereference in thread cache operation handler due to lack of validation of use

CVE-2021-30273

Possible assertion due to improper handling of IPV6 packet with invalid length in destination option

CVE-2021-30274

Possible integer overflow in access control initialization interface due to lack and size and addres

CVE-2021-30275

Possible integer overflow in page alignment interface due to lack of address and size validation bef

CVE-2021-30276

Improper access control while doing XPU re-configuration dynamically can lead to unauthorized access

CVE-2021-30279

Possible access control violation while setting current permission for VMIDs due to improper permiss

CVE-2021-30282

Possible out of bound write in RAM partition table due to improper validation on number of partition

CVE-2021-30289

Possible buffer overflow due to lack of range check while processing a DIAG command for COEX managem

CVE-2021-30293

Possible assertion due to lack of input validation in PUSCH configuration in Snapdragon Auto, Snapdr

CVE-2021-30298

Possible out of bound access due to improper validation of item size and DIAG memory pools data whil

CVE-2021-30303

Possible buffer overflow due to lack of buffer length check when segmented WMI command is received i

CVE-2021-30335

Possible assertion in QOS request due to improper validation when multiple add or update request are

CVE-2021-30336

Possible out of bound read due to lack of domain input validation while processing APK close session

CVE-2021-30337

Possible use after free when process shell memory is freed using IOCTL call and process initializati

CVE-2021-30360

Users have access to the directory where the installation repair occurs. Since the MS Installer allo

CVE-2021-30558

Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 al

CVE-2021-3116

before_upstream_connection in AuthPlugin in http/proxy/auth.py in proxy.py before 2.3.1 accepts inco

CVE-2021-3121

An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unmarshal/unmarshal.go lacks certain i

CVE-2021-3134

Mubu 2.2.1 allows local users to gain privileges to execute commands, aka CNVD-2020-68878.

CVE-2021-31833

Potential product security bypass vulnerability in McAfee Application and Change Control (MACC) prio

CVE-2021-32821

MooTools is a collection of JavaScript utilities for JavaScript developers. All known versions inclu

CVE-2021-32996

The FANUC R-30iA and R-30iB series controllers are vulnerable to integer coercion errors, which caus

CVE-2021-32998

The FANUC R-30iA and R-30iB series controllers are vulnerable to an out-of-bounds write, which may a

CVE-2021-34086

In Ultimaker S3 3D printer, Ultimaker S5 3D printer, Ultimaker 3 3D printer S-line through 6.3 and U

CVE-2021-34087

In Ultimaker S3 3D printer, Ultimaker S5 3D printer, Ultimaker 3 3D printer S-line through 6.3 and U

CVE-2021-34704

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software an

CVE-2021-34797

Apache Geode versions up to 1.12.4 and 1.13.4 are vulnerable to a log file redaction of sensitive in

CVE-2021-3600

It was discovered that the eBPF implementation in the Linux kernel did not properly track bounds inf

CVE-2021-36409

There is an Assertion `scaling_list_pred_matrix_id_delta==1' failed at sps.cc:925 in libde265 v1.0.8

CVE-2021-36412

A heap-based buffer overflow vulnerability exists in MP4Box in GPAC 1.0.1 via the gp_rtp_builder_do_

CVE-2021-36414

A heab-based buffer overflow vulnerability exists in MP4Box in GPAC 1.0.1 via media.c, which allows

CVE-2021-36417

A heap-based buffer overflow vulnerability exists in GPAC v1.0.1 in the gf_isom_dovi_config_get func

CVE-2021-37098

Hilinksvc service exists a Data Processing Errors vulnerability .Successful exploitation of this vul

CVE-2021-37110

There is a Timing design defects in Smartphone.Successful exploitation of this vulnerability may aff

CVE-2021-37111

There is a Memory leakage vulnerability in Smartphone.Successful exploitation of this vulnerability

CVE-2021-37113

There is a Privilege escalation vulnerability with the file system component in Smartphone.Successfu

CVE-2021-37117

There is a Service logic vulnerability in Smartphone.Successful exploitation of this vulnerability m

CVE-2021-37119

There is a Service logic vulnerability in Smartphone.Successful exploitation of this vulnerability m

CVE-2021-37125

Arbitrary file has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability .Succe

CVE-2021-37126

Arbitrary file has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability .Succe

CVE-2021-37133

There is an Unauthorized file access vulnerability in Smartphones.Successful exploitation of this vu

CVE-2021-37134

Location-related APIs exists a Race Condition vulnerability.Successful exploitation of this vulnerab

CVE-2021-37197

A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), C

CVE-2021-37198

A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), C

CVE-2021-3842

nltk is vulnerable to Inefficient Regular Expression Complexity

CVE-2021-3845

ws-scrcpy is vulnerable to External Control of File Name or Path

CVE-2021-3852

growi is vulnerable to Authorization Bypass Through User-Controlled Key

CVE-2021-38576

A BIOS bug in firmware for a particular PC model leaves the Platform authorization value empty. This

CVE-2021-38918

IBM PowerVM Hypervisor FW860, FW940, FW950, and FW1010, through a specific sequence of VM management

CVE-2021-38921

IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 uses weaker than expected cryptographic algorithm

CVE-2021-38957

IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could disclose sensitive information due to hazar

CVE-2021-38990

IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in

CVE-2021-38991

IBM AIX 7.0, 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerabili

CVE-2021-39143

Spinnaker is an open source, multi-cloud continuous delivery platform. A path traversal vulnerabilit

CVE-2021-39966

There is an Uninitialized AOD driver structure in Smartphones.Successful exploitation of this vulner

CVE-2021-39967

There is a Vulnerability of obtaining broadcast information improperly due to improper broadcast per

CVE-2021-39968

Changlian Blocklist has a Business Logic Errors vulnerability .Successful exploitation of this vulne

CVE-2021-39969

There is an Unauthorized file access vulnerability in Smartphones.Successful exploitation of this vu

CVE-2021-39970

HwPCAssistant has a Improper Input Validation vulnerability.Successful exploitation of this vulnerab

CVE-2021-39971

Password vault has a External Control of System or Configuration Setting vulnerability.Successful ex

CVE-2021-39972

MyHuawei-App has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability.Successf

CVE-2021-39973

There is a Null pointer dereference in Smartphones.Successful exploitation of this vulnerability may

CVE-2021-39974

There is an Out-of-bounds read in Smartphones.Successful exploitation of this vulnerability may affe

CVE-2021-39975

Hilinksvc has a Data Processing Errors vulnerability.Successful exploitation of this vulnerability m

CVE-2021-39977

The HwNearbyMain module has a NULL Pointer Dereference vulnerability.Successful exploitation of this

CVE-2021-39978

Telephony application has a SQL Injection vulnerability.Successful exploitation of this vulnerabilit

CVE-2021-39983

The HwNearbyMain module has a Data Processing Errors vulnerability.Successful exploitation of this v

CVE-2021-39984

Huawei idap module has a Out-of-bounds Read vulnerability.Successful exploitation of this vulnerabil

CVE-2021-39985

The HwNearbyMain module has a Improper Validation of Array Index vulnerability.Successful exploitati

CVE-2021-39987

The HwNearbyMain module has a Data Processing Errors vulnerability.Successful exploitation of this v

CVE-2021-39988

The HwNearbyMain module has a NULL Pointer Dereference vulnerability.Successful exploitation of this

CVE-2021-39989

The HwNearbyMain module has a Exposure of Sensitive Information to an Unauthorized Actor vulnerabili

CVE-2021-39998

There is Vulnerability of APIs being concurrently called for multiple times in HwConnectivityExServi

CVE-2021-40000

The Bluetooth module has an out-of-bounds write vulnerability. Successful exploitation of this vulne

CVE-2021-40002

The Bluetooth module has an out-of-bounds write vulnerability. Successful exploitation of this vulne

CVE-2021-40004

The cellular module has a vulnerability in permission management. Successful exploitation of this vu

CVE-2021-40005

The distributed data service component has a vulnerability in data access control. Successful exploi

CVE-2021-40011

There is an uncontrolled resource consumption vulnerability in the display module. Successful exploi

CVE-2021-40014

The bone voice ID trusted application (TA) has a heap overflow vulnerability. Successful exploitatio

CVE-2021-40018

The eID module has a null pointer reference vulnerability. Successful exploitation of this vulnerabi

CVE-2021-40020

There is an Out-of-bounds array read vulnerability in the security storage module in smartphones. Su

CVE-2021-40021

The eID module has an out-of-bounds memory write vulnerability,Successful exploitation of this vulne

CVE-2021-40022

The weaver module has a vulnerability in parameter type verification,Successful exploitation of this

CVE-2021-40025

The eID module has a vulnerability that causes the memory to be used without being initialized,Succe

CVE-2021-40026

There is a Heap-based buffer overflow vulnerability in the AOD module in smartphones. Successful exp

CVE-2021-40027

The bone voice ID TA has a vulnerability in calculating the buffer length,Successful exploitation of

CVE-2021-40028

The eID module has an out-of-bounds memory write vulnerability,Successful exploitation of this vulne

CVE-2021-40029

There is a Buffer overflow vulnerability due to a boundary error with the Samba server in the file m

CVE-2021-40031

There is a Null pointer dereference vulnerability in the camera module in smartphones. Successful ex

CVE-2021-40032

The bone voice ID TA has a vulnerability in information management,Successful exploitation of this v

CVE-2021-40035

There is a Buffer overflow vulnerability due to a boundary error with the Samba server in the file m

CVE-2021-40038

There is a Double free vulnerability in the AOD module in smartphones. Successful exploitation of th

CVE-2021-40039

There is a Null pointer dereference vulnerability in the camera module in smartphones. Successful ex

CVE-2021-40110

In Apache James, using Jazzer fuzzer, we identified that an IMAP user can craft IMAP LIST commands t

CVE-2021-40148

In Modem EMM, there is a possible information disclosure due to a missing data encryption. This coul

CVE-2021-40341

DES cipher, which has inadequate encryption strength, is used Hitachi Energy FOXMAN-UN to encrypt us

CVE-2021-40342

In the DES implementation, the affected product versions use a default key for encryption. Successf

CVE-2021-40367

A vulnerability has been identified in syngo fastView (All versions). The affected application lacks

CVE-2021-4080

crater is vulnerable to Unrestricted Upload of File with Dangerous Type

CVE-2021-41141

PJSIP is a free and open source multimedia communication library written in the C language implement

CVE-2021-41388

Netskope client prior to 89.x on macOS is impacted by a local privilege escalation vulnerability. Th

CVE-2021-41597

SuiteCRM through 7.11.21 is vulnerable to CSRF, with resultant remote code execution, via the Upgrad

CVE-2021-41769

A vulnerability has been identified in SIPROTEC 5 6MD85 devices (CPU variant CP300) (All versions <

CVE-2021-41817

Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service

CVE-2021-41819

CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affe

CVE-2021-42028

A vulnerability has been identified in syngo fastView (All versions). The affected application lacks

CVE-2021-42559

An issue was discovered in CALDERA 2.8.1. It contains multiple startup 'requirements' that execute c

CVE-2021-42560

An issue was discovered in CALDERA 2.9.0. The Debrief plugin receives base64 encoded 'SVG' parameter

CVE-2021-42561

An issue was discovered in CALDERA 2.8.1. When activated, the Human plugin passes the unsanitized na

CVE-2021-42562

An issue was discovered in CALDERA 2.8.1. It does not properly segregate user privileges, resulting

CVE-2021-4299

A vulnerability classified as problematic was found in cronvel string-kit up to 0.12.7. This vulnera

CVE-2021-43045

A vulnerability in the .NET SDK of Apache Avro allows an attacker to allocate excessive resources, p

CVE-2021-4305

A vulnerability was found in Woorank robots-txt-guard. It has been rated as problematic. Affected by

CVE-2021-43052

The Realm Server component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Devel

CVE-2021-43053

The Realm Server component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Devel

CVE-2021-43054

The eFTL Server component of TIBCO Software Inc.'s TIBCO eFTL - Community Edition, TIBCO eFTL - Deve

CVE-2021-43055

The eFTL Server component of TIBCO Software Inc.'s TIBCO eFTL - Community Edition, TIBCO eFTL - Deve

CVE-2021-4306

A vulnerability classified as problematic has been found in cronvel terminal-kit up to 2.1.7. Affect

CVE-2021-43579

A stack-based buffer overflow in image_load_bmp() in HTMLDOC <= 1.9.13 results in remote code execut

CVE-2021-43852

OroPlatform is a PHP Business Application Platform. In affected versions by sending a specially craf

CVE-2021-43860

Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.12.3 and 1

CVE-2021-43947

Affected versions of Atlassian Jira Server and Data Center allow remote attackers with administrator

CVE-2021-43971

A SQL injection vulnerability in /mobile/SelectUsers.jsp in SysAid ITIL 20.4.74 b10 allows a remote

CVE-2021-43973

An unrestricted file upload vulnerability in /UploadPsIcon.jsp in SysAid ITIL 20.4.74 b10 allows a r

CVE-2021-43999

Apache Guacamole 1.2.0 and 1.3.0 do not properly validate responses received from a SAML identity pr

CVE-2021-44024

A link following denial-of-service vulnerability in Trend Micro Apex One (on-prem and SaaS) and Tren

CVE-2021-44158

ASUS RT-AX56U Wi-Fi Router is vulnerable to stack-based buffer overflow due to improper validation f

CVE-2021-44168

A download of code without integrity check vulnerability in the 'execute restore src-vis' command of

CVE-2021-44351

An arbitrary file read vulnerability exists in NavigateCMS 2.9 via /navigate/navigate_download.php i

CVE-2021-44564

A security vulnerability originally reported in the SYNC2101 product, and applicable to specific sub

CVE-2021-44586

An issue was discovered in dst-admin v1.3.0. The product has an unauthorized arbitrary file download

CVE-2021-44648

GNOME gdk-pixbuf 2.42.6 is vulnerable to a heap-buffer overflow vulnerability when decoding the lzw

CVE-2021-44650

Zoho ManageEngine M365 Manager Plus before Build 4419 allows remote command execution when updating

CVE-2021-44651

Zoho ManageEngine CloudSecurityPlus before Build 4117 allows remote code execution through the updat

CVE-2021-44652

Zoho ManageEngine O365 Manager Plus before Build 4416 allows remote code execution via BCP file over

CVE-2021-44716

net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the

CVE-2021-44852

An issue was discovered in BS_RCIO64.sys in Biostar RACING GT Evo 2.1.1905.1700. A low-integrity pro

CVE-2021-44878

If an OpenID Connect provider supports the 'none' algorithm (i.e., tokens with no signature), pac4j

CVE-2021-45033

A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C (All versions < V16.

CVE-2021-45034

A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C (All versions < V16.

CVE-2021-45115

An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. UserAt

CVE-2021-45116

An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. Due to

CVE-2021-45231

A link following privilege escalation vulnerability in Trend Micro Apex One (on-prem and SaaS) and T

CVE-2021-45440

A unnecessary privilege vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business Se

CVE-2021-45441

A origin validation error vulnerability in Trend Micro Apex One (on-prem and SaaS) could allow a loc

CVE-2021-45442

A link following denial-of-service vulnerability in Trend Micro Worry-Free Business Security (on pre

CVE-2021-45445

Unisys ClearPath MCP TCP/IP Networking Services 59.1, 60.0, and 62.0 has an Infinite Loop.

CVE-2021-45457

In Apache Kylin, Cross-origin requests with credentials are allowed to be sent from any origin. This

CVE-2021-45458

Apache Kylin provides encryption classes PasswordPlaceholderConfigurer to help users encrypt their p

CVE-2021-45460

A vulnerability has been identified in SICAM PQ Analyzer (All versions < V3.18). A service is starte

CVE-2021-45465

A vulnerability has been identified in syngo fastView (All versions). The affected application lacks

CVE-2021-45856

Accu-Time Systems MAXIMUS 1.0 telnet service suffers from a remote buffer overflow which causes the

CVE-2021-45912

An unauthenticated Named Pipe channel in Controlup Real-Time Agent (cuAgent.exe) before 8.5 potentia

CVE-2021-45913

A hardcoded key in ControlUp Real-Time Agent (cuAgent.exe) before 8.2.5 may allow a potential attack

CVE-2021-45960

In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function

CVE-2021-45969

An issue was discovered in AhciBusDxe in Insyde InsydeH2O with kernel 5.1 before 05.16.25, 5.2 befor

CVE-2021-45970

An issue was discovered in IdeBusDxe in Insyde InsydeH2O with kernel 5.1 before 05.16.25, 5.2 before

CVE-2021-45971

An issue was discovered in SdHostDriver in Insyde InsydeH2O with kernel 5.1 before 05.16.25, 5.2 bef

CVE-2021-45972

The giftrans function in giftrans 1.12.2 contains a stack-based buffer overflow because a value insi

CVE-2021-45978

Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote attackers to execute arbitrary cod

CVE-2021-45979

Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote attackers to execute arbitrary cod

CVE-2021-45980

Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote attackers to execute arbitrary cod

CVE-2021-46075

A Privilege Escalation vulnerability exists in Sourcecodester Vehicle Service Management System 1.0.

CVE-2021-46076

Sourcecodester Vehicle Service Management System 1.0 is vulnerable to File upload. An attacker can u

CVE-2021-46079

An Unrestricted File Upload vulnerability exists in Sourcecodester Vehicle Service Management System

CVE-2021-46143

In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_gro

CVE-2021-46147

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1.

CVE-2021-46149

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1.

CVE-2021-46164

Zoho ManageEngine Desktop Central before 10.0.662 allows remote code execution by an authenticated u

CVE-2021-46165

Zoho ManageEngine Desktop Central before 10.0.662, during startup, launches an executable file from

CVE-2022-0015

A local privilege escalation (PE) vulnerability exists in the Palo Alto Networks Cortex XDR agent th

CVE-2022-0121

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2022-0132

peertube is vulnerable to Server-Side Request Forgery (SSRF)

CVE-2022-0144

shelljs is vulnerable to Improper Privilege Management

CVE-2022-0196

phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF)

CVE-2022-0197

phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF)

CVE-2022-20012

In mdp driver, there is a possible memory corruption due to an integer overflow. This could lead to

CVE-2022-20617

Jenkins Docker Commons Plugin 1.17 and earlier does not sanitize the name of an image or a tag, resu

CVE-2022-20619

A cross-site request forgery (CSRF) vulnerability in Jenkins Bitbucket Branch Source Plugin 737.vdf9

CVE-2022-2081

A vulnerability exists in the HCI Modbus TCP function included in the product versions listed above.

CVE-2022-2155

A vulnerability exists in the affected versions of Lumada APM’s User Asset Group featuredue to a f

CVE-2022-21644

USOC is an open source CMS with a focus on simplicity. In affected versions USOC allows for SQL inje

CVE-2022-21646

SpiceDB is a database system for managing security-critical application permissions. Any user making

CVE-2022-21652

Shopware is an open source e-commerce software platform. In affected versions shopware would not inv

CVE-2022-21653

Jawn is an open source JSON parser. Extenders of the `org.typelevel.jawn.SimpleFacade` and `org.type

CVE-2022-21661

WordPress is a free and open-source content management system written in PHP and paired with a Maria

CVE-2022-21663

WordPress is a free and open-source content management system written in PHP and paired with a Maria

CVE-2022-21664

WordPress is a free and open-source content management system written in PHP and paired with a Maria

CVE-2022-21666

Useful Simple Open-Source CMS (USOC) is a content management system (CMS) for programmers. Versions

CVE-2022-21667

soketi is an open-source WebSockets server. There is an unhandled case when reading POST requests wh

CVE-2022-21668

pipenv is a Python development workflow tool. Starting with version 2018.10.9 and prior to version 2

CVE-2022-21669

PuddingBot is a group management bot. In version 0.0.6-b933652 and prior, the bot token is publicly

CVE-2022-21675

Bytecode Viewer (BCV) is a Java/Android reverse engineering suite. Versions of the package prior to

CVE-2022-21676

Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communi

CVE-2022-21833

Virtual Machine IDE Drive Elevation of Privilege Vulnerability

CVE-2022-21834

Windows User-mode Driver Framework Reflector Driver Elevation of Privilege Vulnerability

CVE-2022-21835

Microsoft Cryptographic Services Elevation of Privilege Vulnerability

CVE-2022-21837

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVE-2022-21838

Windows Cleanup Manager Elevation of Privilege Vulnerability

CVE-2022-21843

Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability

CVE-2022-21848

Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability

CVE-2022-21850

Remote Desktop Client Remote Code Execution Vulnerability

CVE-2022-21851

Remote Desktop Client Remote Code Execution Vulnerability

CVE-2022-21852

Windows DWM Core Library Elevation of Privilege Vulnerability

CVE-2022-21857

Active Directory Domain Services Elevation of Privilege Vulnerability

CVE-2022-21858

Windows Bind Filter Driver Elevation of Privilege Vulnerability

CVE-2022-21859

Windows Accounts Control Elevation of Privilege Vulnerability

CVE-2022-21860

Windows AppContracts API Server Elevation of Privilege Vulnerability

CVE-2022-21861

Task Flow Data Engine Elevation of Privilege Vulnerability

CVE-2022-21862

Windows Application Model Core API Elevation of Privilege Vulnerability

CVE-2022-21863

Windows StateRepository API Server file Elevation of Privilege Vulnerability

CVE-2022-21864

Windows UI Immersive Server API Elevation of Privilege Vulnerability

CVE-2022-21865

Connected Devices Platform Service Elevation of Privilege Vulnerability

CVE-2022-21866

Windows System Launcher Elevation of Privilege Vulnerability

CVE-2022-21867

Windows Push Notifications Apps Elevation of Privilege Vulnerability

CVE-2022-21868

Windows Devices Human Interface Elevation of Privilege Vulnerability

CVE-2022-21869

Clipboard User Service Elevation of Privilege Vulnerability

CVE-2022-21870

Tablet Windows User Interface Application Core Elevation of Privilege Vulnerability

CVE-2022-21871

Microsoft Diagnostics Hub Standard Collector Runtime Elevation of Privilege Vulnerability

CVE-2022-21872

Windows Event Tracing Elevation of Privilege Vulnerability

CVE-2022-21873

Tile Data Repository Elevation of Privilege Vulnerability

CVE-2022-21878

Windows Geolocation Service Remote Code Execution Vulnerability

CVE-2022-21883

Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability

CVE-2022-21884

Local Security Authority Subsystem Service Elevation of Privilege Vulnerability

CVE-2022-21885

Windows Remote Access Connection Manager Elevation of Privilege Vulnerability

CVE-2022-21888

Windows Modern Execution Server Remote Code Execution Vulnerability

CVE-2022-21889

Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability

CVE-2022-21890

Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability

CVE-2022-21893

Remote Desktop Protocol Remote Code Execution Vulnerability

CVE-2022-21895

Windows User Profile Service Elevation of Privilege Vulnerability

CVE-2022-21896

Windows DWM Core Library Elevation of Privilege Vulnerability

CVE-2022-21897

Windows Common Log File System Driver Elevation of Privilege Vulnerability

CVE-2022-21902

Windows DWM Core Library Elevation of Privilege Vulnerability

CVE-2022-21910

Microsoft Cluster Port Driver Elevation of Privilege Vulnerability

CVE-2022-21912

DirectX Graphics Kernel Remote Code Execution Vulnerability

CVE-2022-21913

Local Security Authority (Domain Policy) Remote Protocol Security Feature Bypass

CVE-2022-21914

Windows Remote Access Connection Manager Elevation of Privilege Vulnerability

CVE-2022-21916

Windows Common Log File System Driver Elevation of Privilege Vulnerability

CVE-2022-21917

HEVC Video Extensions Remote Code Execution Vulnerability

CVE-2022-21919

Windows User Profile Service Elevation of Privilege Vulnerability

CVE-2022-21922

Remote Procedure Call Runtime Remote Code Execution Vulnerability

CVE-2022-2196

A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution atta

CVE-2022-22088

Memory corruption in Bluetooth HOST due to buffer overflow while parsing the command response receiv

CVE-2022-22110

In Daybyday CRM, versions 1.1 through 2.2.0 enforce weak password requirements in the user update fu

CVE-2022-22111

In DayByDay CRM, version 2.2.0 is vulnerable to missing authorization. Any application user in the a

CVE-2022-22121

In NocoDB, versions 0.81.0 through 0.83.8 are affected by CSV Injection vulnerability (Formula Injec

CVE-2022-22264

Improper sanitization of incoming intent in Dressroom prior to SMR Jan-2022 Release 1 allows local a

CVE-2022-22265

An improper check or handling of exceptional conditions in NPU driver prior to SMR Jan-2022 Release

CVE-2022-22285

A vulnerability using PendingIntent in Reminder prior to version 12.2.05.0 in Android R(11.0) and 12

CVE-2022-22286

A vulnerability using PendingIntent in Bixby Routines prior to version 3.1.21.8 in Android R(11.0) a

CVE-2022-22288

Improper authorization vulnerability in Galaxy Store prior to 4.5.36.5 allows remote app installatio

CVE-2022-22825

lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

CVE-2022-22826

nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

CVE-2022-22827

storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

CVE-2022-23107

Jenkins Warnings Next Generation Plugin 9.10.2 and earlier does not restrict the name of a file when

CVE-2022-23116

Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able

CVE-2022-23117

Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able

CVE-2022-23118

Jenkins Debian Package Builder Plugin 1.6.11 and earlier implements functionality that allows agents

CVE-2022-23506

Spinnaker is an open source, multi-cloud continuous delivery platform for releasing software changes

CVE-2022-23506

Spinnaker is an open source, multi-cloud continuous delivery platform for releasing software changes

CVE-2022-23508

Weave GitOps is a simple open source developer platform for people who want cloud native application

CVE-2022-2482

A vulnerability exists in Nokia’s ASIK AirScale system module (versions 474021A.101 and 474021A.102

CVE-2022-2483

The bootloader in the Nokia ASIK AirScale system module (versions 474021A.101 and 474021A.102) load

CVE-2022-2484

The signature check in the Nokia ASIK AirScale system module version 474021A.101 can be bypassed

CVE-2022-25026

A Server-Side Request Forgery (SSRF) in Rocket TRUfusion Portal v7.9.2.1 allows remote attackers to

CVE-2022-25027

The Forgotten Password functionality of Rocket TRUfusion Portal v7.9.2.1 allows remote attackers to

CVE-2022-25715

Memory corruption in display driver due to incorrect type casting while accessing the fence structur

CVE-2022-25716

Memory corruption in Multimedia Framework due to unsafe access to the data members

CVE-2022-25717

Memory corruption in display due to double free while allocating frame buffer memory

CVE-2022-25721

Memory corruption in video driver due to type confusion error during video playback

CVE-2022-25746

Memory corruption in kernel due to missing checks when updating the access rights of a memextent map

CVE-2022-2585

It was discovered that when exec'ing from a non-leader thread, armed POSIX CPU timers would be left

CVE-2022-2586

It was discovered that a nft object or expression could reference a nft set on a different nft table

CVE-2022-2588

It was discovered that the cls_route filter implementation in the Linux kernel would not remove an o

CVE-2022-25923

Versions of the package exec-local-bin before 1.2.0 are vulnerable to Command Injection via the theP

CVE-2022-25926

Versions of the package window-control before 1.4.5 are vulnerable to Command Injection via the send

CVE-2022-2742

Use after free in Exosphere in Google Chrome on Chrome OS and Lacros prior to 104.0.5112.79 allowed

CVE-2022-2743

Integer overflow in Window Manager in Google Chrome on Chrome OS and Lacros prior to 104.0.5112.79 a

CVE-2022-2967

Prosys OPC UA Simulation Server version prior to v5.3.0-64 and UA Modbus Server versions 1.4.18-5 an

CVE-2022-3010

The Priva TopControl Suite contains predictable credentials for the SSH service, based on the Serial

CVE-2022-3159

The APDFL.dll contains a stack-based buffer overflow vulnerability that could be triggered while pa

CVE-2022-3160

The APDFL.dll contains an out-of-bounds write past the fixed-length heap-based buffer while parsin

CVE-2022-3161

The APDFL.dll contains a memory corruption vulnerability while parsing specially crafted PDF file

CVE-2022-32635

In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to lo

CVE-2022-32664

In Config Manager, there is a possible command injection due to improper input validation. This coul

CVE-2022-33218

Memory corruption in Automotive due to improper input validation.

CVE-2022-33219

Memory corruption in Automotive due to integer overflow to buffer overflow while registering a new l

CVE-2022-33266

Memory corruption in Audio due to integer overflow to buffer overflow while music playback of clips

CVE-2022-33274

Memory corruption in android core due to improper validation of array index while returning feature

CVE-2022-33276

Memory corruption due to buffer copy without checking size of input in modem while receiving WMI_REQ

CVE-2022-3328

Race condition in snap-confine's must_mkdir_and_open_with_perms()

CVE-2022-33290

Transient DOS in Bluetooth HOST due to null pointer dereference when a mismatched argument is passed

CVE-2022-33299

Transient DOS due to null pointer dereference in Bluetooth HOST while receiving an attribute protoco

CVE-2022-33300

Memory corruption in Automotive Android OS due to improper input validation.

CVE-2022-3416

The WPtouch WordPress plugin before 4.3.45 does not properly validate images to be uploaded, allowin

CVE-2022-3417

The WPtouch WordPress plugin before 4.3.45 unserialises the content of an imported settings file, wh

CVE-2022-34324

Multiple SQL injections in Sage XRT Business Exchange 12.4.302 allow an authenticated attacker to in

CVE-2022-34344

Missing Authorization vulnerability in Rymera Web Co Wholesale Suite – WooCommerce Wholesale Prices,

CVE-2022-34440

Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptogra

CVE-2022-34441

Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptogr

CVE-2022-3460

In affected versions of Octopus Deploy it is possible for certain types of sensitive variables to in

CVE-2022-35281

IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, 7.6.1.3 and the IBM Maximo Manage 8.3, 8.4 application

CVE-2022-35401

An authentication bypass vulnerability exists in the get_IFTTTTtoken.cgi functionality of Asus RT-AX

CVE-2022-35845

Multiple improper neutralization of special elements used in an OS Command ('OS Command Injection')

CVE-2022-3613

An issue has been discovered in GitLab CE/EE affecting all versions before 15.5.7, all versions star

CVE-2022-36352

Missing Authorization vulnerability in Profilegrid ProfileGrid – User Profiles, Memberships, Groups

CVE-2022-36441

An issue was discovered in Zebra Enterprise Home Screen 4.1.19. The Gboard used by different applica

CVE-2022-36443

An issue was discovered in Zebra Enterprise Home Screen 4.1.19. The device allows the administrator

CVE-2022-36763

EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable() function, allowing a user to tr

CVE-2022-36764

EDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage() function, allowing a user to tri

CVE-2022-36765

EDK2 is susceptible to a vulnerability in the CreateHob() function, allowing a user to trigger a in

CVE-2022-3679

The Starter Templates by Kadence WP WordPress plugin before 1.2.17 unserialises the content of an im

CVE-2022-36925

Zoom Rooms for macOS clients before version 5.11.4 contain an insecure key generation mechanism. The

CVE-2022-36926

Zoom Rooms for macOS clients before version 5.11.3 contain a local privilege escalation vulnerabilit

CVE-2022-36927

Zoom Rooms for macOS clients before version 5.11.3 contain a local privilege escalation vulnerabilit

CVE-2022-36928

Zoom for Android clients before version 5.13.0 contain a path traversal vulnerability. A third party

CVE-2022-36929

The Zoom Rooms Installer for Windows prior to 5.12.6 contains a local privilege escalation vulnerabi

CVE-2022-36930

Zoom Rooms for Windows installers before version 5.13.0 contain a local privilege escalation vulnera

CVE-2022-36943

SSZipArchive versions 2.5.3 and older contain an arbitrary file write vulnerability due to lack of s

CVE-2022-3715

A flaw was found in the bash package, where a heap-buffer overflow can occur in valid parameter_tran

CVE-2022-37785

An issue was discovered in WeCube Platform 3.2.2. Cleartext passwords are displayed in the configura

CVE-2022-37933

A potential security vulnerability has been identified in HPE Superdome Flex and Superdome Flex 280

CVE-2022-38105

An information disclosure vulnerability exists in the cm_processREQ_NC opcode of Asus RT-AX82U 3.0.0

CVE-2022-38393

A denial of service vulnerability exists in the cfg_server cm_processConnDiagPktList opcode of Asus

CVE-2022-3842

Use after free in Passwords in Google Chrome prior to 105.0.5195.125 allowed a remote attacker who h

CVE-2022-38490

An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03. Some parameters allow SQL inj

CVE-2022-38491

An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03. Part of the application does

CVE-2022-38492

An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03. One parameter allows SQL inje

CVE-2022-3860

The Visual Email Designer for WooCommerce WordPress plugin before 1.7.2 does not properly sanitise a

CVE-2022-38723

Gravitee API Management before 3.15.13 allows path traversal through HTML injection.

CVE-2022-38766

The remote keyless system on Renault ZOE 2021 vehicles sends 433.92 MHz RF signals from the same Rol

CVE-2022-39040

aEnrich a+HRD log read function has a path traversal vulnerability. An unauthenticated remote attack

CVE-2022-3911

The iubenda WordPress plugin before 3.3.3 does does not have authorisation and CSRF in an AJAX actio

CVE-2022-39182

H C Mingham-Smith Ltd - Tardis 2000 Privilege escalation.Version 1.6 is vulnerable to privilege esca

CVE-2022-3927

The affected products store both public and private key that are used to sign andprotect Custom Pa

CVE-2022-3928

Hardcoded credential is found in affected products' message queue. An attacker that manages to expl

CVE-2022-3929

Communication between the client and the server application of the affected products is partially d

CVE-2022-3977

A use-after-free flaw was found in the Linux kernel MCTP (Management Component Transport Protocol) f

CVE-2022-39947

A improper neutralization of special elements used in an os command ('os command injection') in Fort

CVE-2022-40201

Bentley Systems MicroStation Connect versions 10.17.0.209 and prior are vulnerable to a Stack-Bas

CVE-2022-4037

An issue has been discovered in GitLab CE/EE affecting all versions before 15.5.7, all versions star

CVE-2022-4043

The WP Custom Admin Interface WordPress plugin before 7.29 unserialize user input provided via the s

CVE-2022-40516

Memory corruption in Core due to stack-based buffer overflow.

CVE-2022-40517

Memory corruption in core due to stack-based buffer overflow

CVE-2022-40520

Memory corruption due to stack-based buffer overflow in Core

CVE-2022-40696

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WP Engine Advanced Custo

CVE-2022-40740

Realtek GPON router has insufficient filtering for special characters. A remote attacker authenticat

CVE-2022-40983

An integer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A s

CVE-2022-4140

The Welcart e-Commerce WordPress plugin before 2.8.5 does not validate user input before using it to

CVE-2022-41613

Bentley Systems MicroStation Connect versions 10.17.0.209 and prior are vulnerable to an Out-of-B

CVE-2022-41645

Out-of-bounds read vulnerability in V-Server v4.0.12.0 and earlier allows a local attacker to obtain

CVE-2022-4167

Incorrect Authorization check affecting all versions of GitLab EE from 13.11 prior to 15.5.7, 15.6 p

CVE-2022-41778

Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize user-supplied d

CVE-2022-42271

NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer

CVE-2022-42272

NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer

CVE-2022-42273

NVIDIA BMC contains a vulnerability in libwebsocket, where an authorized attacker can cause a buffer

CVE-2022-42274

NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer

CVE-2022-42275

NVIDIA BMC IPMI handler allows an unauthenticated host to write to a host SPI flash bypassing secure

CVE-2022-42276

NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmiFlash, where a local user with elevated

CVE-2022-42277

NVIDIA DGX Station contains a vulnerability in SBIOS in the SmiFlash, where a local user with elevat

CVE-2022-42278

NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can read and write

CVE-2022-42279

NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject arbitra

CVE-2022-42280

NVIDIA BMC contains a vulnerability in SPX REST auth handler, where an un-authorized attacker can ex

CVE-2022-42283

NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer

CVE-2022-42285

DGX A100 SBIOS contains a vulnerability in the Pre-EFI Initialization (PEI)phase, where a privileged

CVE-2022-42286

DGX A100 SBIOS contains a vulnerability in Bds, which may lead to code execution, denial of service,

CVE-2022-42287

NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can upload and dow

CVE-2022-42289

NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject arbitra

CVE-2022-42290

NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject arbitra

CVE-2022-4237

The Welcart e-Commerce WordPress plugin before 2.8.6 does not validate user input before using it in

CVE-2022-42435

IBM Business Automation Workflow 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20

CVE-2022-4294

Norton, Avira, Avast and AVG Antivirus for Windows may be susceptible to a Privilege Escalation vuln

CVE-2022-42967

Caret is vulnerable to an XSS attack when the user opens a crafted Markdown file when preview mode i

CVE-2022-4302

The White Label CMS WordPress plugin before 2.5 unserializes user input provided via the settings, w

CVE-2022-4324

The Custom Field Template WordPress plugin before 2.5.8 unserialises the content of an imported file

CVE-2022-43390

A command injection vulnerability in the CGI program of Zyxel NR7101 firmware prior to V1.15(ACCC.3)

CVE-2022-43393

An improper check for unusual or exceptional conditions in the HTTP request processing function of Z

CVE-2022-43436

The File Upload function of EasyTest has insufficient filtering for special characters and file type

CVE-2022-43437

The Download function’s parameter of EasyTest has insufficient validation for user input. A remote a

CVE-2022-43438

The Administrator function of EasyTest has an Incorrect Authorization vulnerability. A remote attack

CVE-2022-43448

Out-of-bounds write vulnerability in V-SFT v6.1.7.0 and earlier and TELLUS v4.0.12.0 and earlier all

CVE-2022-4351

The Qe SEO Handyman WordPress plugin through 1.0 does not properly sanitize and escape a parameter b

CVE-2022-43513

A vulnerability has been identified in Automation License Manager V5 (All versions), Automation Lice

CVE-2022-43514

A vulnerability has been identified in Automation License Manager V5 (All versions), Automation Lice

CVE-2022-43519

Multiple vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orche

CVE-2022-4352

The Qe SEO Handyman WordPress plugin through 1.0 does not properly sanitize and escape a parameter b

CVE-2022-43520

Multiple vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orche

CVE-2022-43521

Multiple vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orche

CVE-2022-43522

Multiple vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orche

CVE-2022-43523

Multiple vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orche

CVE-2022-43530

Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an aut

CVE-2022-43531

Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an aut

CVE-2022-43533

A vulnerability in the ClearPass OnGuard macOS agent could allow malicious users on a macOS instance

CVE-2022-43534

A vulnerability in the ClearPass OnGuard Linux agent could allow malicious users on a Linux instance

CVE-2022-43535

A vulnerability in the ClearPass OnGuard Windows agent could allow malicious users on a Windows inst

CVE-2022-43536

Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenti

CVE-2022-43537

Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenti

CVE-2022-43538

Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenti

CVE-2022-4355

The LetsRecover WordPress plugin before 1.2.0 does not properly sanitise and escape a parameter befo

CVE-2022-4356

The LetsRecover WordPress plugin before 1.2.0 does not properly sanitise and escape a parameter befo

CVE-2022-4358

The WP RSS By Publishers WordPress plugin through 0.1 does not properly sanitize and escape a parame

CVE-2022-4359

The WP RSS By Publishers WordPress plugin through 0.1 does not properly sanitize and escape a parame

CVE-2022-43591

A buffer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A spe

CVE-2022-4360

The WP RSS By Publishers WordPress plugin through 0.1 does not properly sanitize and escape a parame

CVE-2022-43662

Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in kernel_liteos_a has a kernel stack

CVE-2022-4370

The multimedial images WordPress plugin through 1.0b does not properly sanitize and escape a paramet

CVE-2022-4371

The Web Invoice WordPress plugin through 2.1.3 does not properly sanitize and escape a parameter bef

CVE-2022-4372

The Web Invoice WordPress plugin through 2.1.3 does not properly sanitize and escape a parameter bef

CVE-2022-4373

The Quote-O-Matic WordPress plugin through 1.0.5 does not properly sanitize and escape a parameter b

CVE-2022-4378

A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain

CVE-2022-4379

A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux ker

CVE-2022-43844

IBM Robotic Process Automation for Cloud Pak 20.12 through 21.0.3 is vulnerable to broken access con

CVE-2022-43920

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 could allow an authenticated us

CVE-2022-43932

Improper neutralization of special elements in output used by a downstream component ('Injection') v

CVE-2022-43970

A buffer overflow vulnerability exists in Linksys WRT54GL Wireless-G Broadband Router with firmware

CVE-2022-43971

An arbitrary code exection vulnerability exists in Linksys WUMC710 Wireless-AC Universal Media Conne

CVE-2022-43972

A null pointer dereference vulnerability exists in Linksys WRT54GL Wireless-G Broadband Router with

CVE-2022-43973

An arbitrary code execution vulnerability exisits in Linksys WRT54GL Wireless-G Broadband Router wit

CVE-2022-44036

In b2evolution 7.2.5, if configured with admins_can_manipulate_sensitive_files, arbitrary file uploa

CVE-2022-4428

support_uri parameter in the WARP client local settings file (mdm.xml) lacked proper validation whic

CVE-2022-44534

A vulnerability in the Aruba EdgeConnect Enterprise Orchestrator web-based management interface allo

CVE-2022-44535

A vulnerability in the Aruba EdgeConnect Enterprise Orchestrator web-based management interface allo

CVE-2022-44939

Efs Software Easy Chat Server Version 3.1 was discovered to contain a DLL hijacking vulnerability vi

CVE-2022-4499

TP-Link routers, Archer C5 and WR710N-V1, using the latest software, the strcmp function used for ch

CVE-2022-45093

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 1). An authenticate

CVE-2022-45094

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 1). An authenticate

CVE-2022-45126

Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in kernel_liteos_a has a kernel stack

CVE-2022-45143

The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not e

CVE-2022-45165

An issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application

CVE-2022-45354

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPChill Download Monitor

CVE-2022-45793

Sysmac Studio installs executables in a directory with poor permissions. This can allow a locally-au

CVE-2022-45794

An attacker with network access to the affected PLC (CJ-series and CS-series PLCs, all versions) may

CVE-2022-45867

MyBB before 1.8.33 allows Directory Traversal. The Admin CP Languages module allows remote authentic

CVE-2022-46081

In Garmin Connect 4.61, terminating a LiveTrack session wouldn't prevent the LiveTrack API from cont

CVE-2022-46163

Travel support program is a rails app to support the travel support program of openSUSE (TSP). Sensi

CVE-2022-46177

Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch an

CVE-2022-46304

ChangingTec ServiSign component has insufficient filtering for special characters in the connection

CVE-2022-46306

ChangingTec ServiSign component has a path traversal vulnerability due to insufficient filtering for

CVE-2022-4636

Black Box KVM Firmware version 3.4.31307 on models ACR1000A-R-R2, ACR1000A-T-R2, ACR1002A-T, ACR1002

CVE-2022-46360

Out-of-bounds read vulnerability in V-SFT v6.1.7.0 and earlier and TELLUS v4.0.12.0 and earlier allo

CVE-2022-46367

Rumpus - FTP server Cross-site request forgery (CSRF) – Privilege escalation vulnerability that may

CVE-2022-46368

Rumpus - FTP server version 9.0.7.1 Cross-site request forgery (CSRF) – vulnerability may allow unau

CVE-2022-46370

Rumpus - FTP server version 9.0.7.1 Improper Token Verification– vulnerability may allow bypassing i

CVE-2022-46372

Alotcer - AR7088H-A firmware version 16.10.3 Command execution Improper validation of unspecified in

CVE-2022-46449

An issue in MPD (Music Player Daemon) v0.23.10 allows attackers to cause a Denial of Service (DoS) v

CVE-2022-46463

An access control issue in Harbor v1.X.X to v2.5.3 allows attackers to access public and private ima

CVE-2022-46472

Helmet Store Showroom Site v1.0 was discovered to contain a SQL injection vulnerability via the id p

CVE-2022-46610

72crm v9 was discovered to contain an arbitrary file upload vulnerability via the avatar upload func

CVE-2022-46623

Judging Management System v1.0.0 was discovered to contain a SQL injection vulnerability via the use

CVE-2022-46721

The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13. An a

CVE-2022-4696

There exists a use-after-free vulnerability in the Linux kernel through io_uring and the IORING_OP_S

CVE-2022-4700

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the

CVE-2022-4701

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the

CVE-2022-4703

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the

CVE-2022-4704

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the

CVE-2022-47083

A PHP Object Injection vulnerability in the unserialize() function Spitfire CMS v1.0.475 allows auth

CVE-2022-47087

GPAC MP4box 2.1-DEV-rev574-g9d5bb184b has a Buffer overflow in gf_vvc_read_pps_bs_internal function

CVE-2022-47088

GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer Overflow.

CVE-2022-47089

GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer Overflow via gf_vvc_read_sps_bs_intern

CVE-2022-47091

GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer Overflow in gf_text_process_sub functi

CVE-2022-47092

GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is contains an Integer overflow vulnerability in gf_hevc_read_

CVE-2022-47093

GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to heap use-after-free via filters/dmx_m2ts.c:47

CVE-2022-47094

GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Null pointer dereference via filters/dmx_m2ts

CVE-2022-47095

GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer overflow in hevc_parse_vps_extension f

CVE-2022-47317

Out-of-bounds write vulnerability in V-Server v4.0.12.0 and earlier allows a local attacker to obtai

CVE-2022-4743

A potential memory leak issue was discovered in SDL2 in GLES_CreateTexture() function in SDL_render_

CVE-2022-47634

M-Link Archive Server in Isode M-Link R16.2v1 through R17.0 before R17.0v24 allows non-administrativ

CVE-2022-47653

GPAC MP4box 2.1-DEV-rev593-g007bf61a0 is vulnerable to Buffer Overflow in eac3_update_channels funct

CVE-2022-47654

GPAC MP4box 2.1-DEV-rev593-g007bf61a0 is vulnerable to Buffer Overflow in gf_hevc_read_sps_bs_intern

CVE-2022-47655

Libde265 1.0.9 is vulnerable to Buffer Overflow in function void put_qpel_fallback<unsigned short>

CVE-2022-47656

GPAC MP4box 2.1-DEV-rev617-g85ce76efd is vulnerable to Buffer Overflow in gf_hevc_read_sps_bs_intern

CVE-2022-47657

GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to buffer overflow in function hevc_parse_vps_ex

CVE-2022-47658

GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to buffer overflow in function gf_hevc_read_vps_

CVE-2022-47659

GPAC MP4box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to Buffer Overflow in gf_bs_read_data

CVE-2022-47660

GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is has an integer overflow in isomedia/isom_write.c

CVE-2022-47661

GPAC MP4Box 2.1-DEV-rev649-ga8f438d20 is vulnerable to Buffer Overflow via media_tools/av_parsers.c:

CVE-2022-47663

GPAC MP4box 2.1-DEV-rev649-ga8f438d20 is vulnerable to buffer overflow in h263dmx_process filters/re

CVE-2022-47908

Stack-based buffer overflow vulnerability in V-Server v4.0.12.0 and earlier allows a local attacker

CVE-2022-47915

The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13. An a

CVE-2022-47935

A vulnerability has been identified in JT Open (All versions < V11.1.1.0), JT Utilities (All version

CVE-2022-47965

The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13. An a

CVE-2022-47967

A vulnerability has been identified in Solid Edge (All versions < V2023 MP1). The DOCMGMT.DLL contai

CVE-2022-48217

The tf_remapper_node component 1.1.1 for Robot Operating System (ROS) allows attackers, who control

CVE-2022-48256

Technitium DNS Server before 10.0 allows a self-CNAME denial-of-service attack in which a CNAME loop

CVE-2022-48618

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.1, watchOS 9.2

CVE-2022-4869

A vulnerability was found in Evolution Events Artaxerxes. It has been declared as problematic. This

CVE-2022-4871

A vulnerability classified as problematic was found in ummmmm nflpick-em.com up to 2.2.x. This vulne

CVE-2022-4879

A vulnerability was found in Forged Alliance Forever up to 3746. It has been declared as critical. A

CVE-2023-0022

SAP BusinessObjects Business Intelligence Analysis edition for OLAP allows an authenticated attacker

CVE-2023-0029

A vulnerability was found in Multilaser RE708 RE1200R4GC-2T2R-V3_v3411b_MUL029B. It has been rated a

CVE-2023-0035

softbus_client_stub in communication subsystem within OpenHarmony-v3.0.5 and prior versions has an a

CVE-2023-0036

platform_callback_stub in misc subsystem within OpenHarmony-v3.0.5 and prior versions has an authent

CVE-2023-0046

Improper Restriction of Names for Files and Other Resources in GitHub repository lirantal/daloradius

CVE-2023-0048

Code Injection in GitHub repository lirantal/daloradius prior to master-branch.

CVE-2023-0049

Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.1143.

CVE-2023-0051

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1144.

CVE-2023-0054

Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1145.

CVE-2023-0088

The Swifty Page Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions

CVE-2023-0113

A vulnerability was found in Netis Netcore Router up to 2.2.6. It has been declared as problematic.

CVE-2023-0128

Use after free in Overview Mode in Google Chrome on Chrome OS prior to 109.0.5414.74 allowed a remot

CVE-2023-0129

Heap buffer overflow in Network Service in Google Chrome prior to 109.0.5414.74 allowed an attacker

CVE-2023-0134

Use after free in Cart in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a u

CVE-2023-0135

Use after free in Cart in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a u

CVE-2023-0136

Inappropriate implementation in in Fullscreen API in Google Chrome on Android prior to 109.0.5414.74

CVE-2023-0137

Heap buffer overflow in Platform Apps in Google Chrome on Chrome OS prior to 109.0.5414.74 allowed a

CVE-2023-0138

Heap buffer overflow in libphonenumber in Google Chrome prior to 109.0.5414.74 allowed a remote atta

CVE-2023-0247

Uncontrolled Search Path Element in GitHub repository bits-and-blooms/bloom prior to 3.3.1.

CVE-2023-0437

When calling bson_utf8_validate on some inputs a loop with an exit condition that cannot be reached

CVE-2023-21524

Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability

CVE-2023-21531

Azure Service Fabric Container Elevation of Privilege Vulnerability

CVE-2023-21535

Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability

CVE-2023-21537

Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability

CVE-2023-21539

Windows Authentication Remote Code Execution Vulnerability

CVE-2023-21541

Windows Task Scheduler Elevation of Privilege Vulnerability

CVE-2023-21543

Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability

CVE-2023-21546

Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability

CVE-2023-21547

Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability

CVE-2023-21548

Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability

CVE-2023-21549

Windows SMB Witness Service Elevation of Privilege Vulnerability

CVE-2023-21551

Microsoft Cryptographic Services Elevation of Privilege Vulnerability

CVE-2023-21555

Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability

CVE-2023-21556

Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability

CVE-2023-21557

Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability

CVE-2023-21558

Windows Error Reporting Service Elevation of Privilege Vulnerability

CVE-2023-21561

Microsoft Cryptographic Services Elevation of Privilege Vulnerability

CVE-2023-21674

Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability

CVE-2023-21676

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

CVE-2023-21677

Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability

CVE-2023-21678

Windows Print Spooler Elevation of Privilege Vulnerability

CVE-2023-21679

Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability

CVE-2023-21681

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

CVE-2023-21683

Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability

CVE-2023-21724

Microsoft DWM Core Library Elevation of Privilege Vulnerability

CVE-2023-21726

Windows Credential Manager User Interface Elevation of Privilege Vulnerability

CVE-2023-21730

Microsoft Cryptographic Services Elevation of Privilege Vulnerability

CVE-2023-21732

Microsoft ODBC Driver Remote Code Execution Vulnerability

CVE-2023-21733

Windows Bind Filter Driver Elevation of Privilege Vulnerability

CVE-2023-21736

Microsoft Office Visio Remote Code Execution Vulnerability

CVE-2023-21737

Microsoft Office Visio Remote Code Execution Vulnerability

CVE-2023-21738

Microsoft Office Visio Remote Code Execution Vulnerability

CVE-2023-21739

Windows Bluetooth Driver Elevation of Privilege Vulnerability

CVE-2023-21741

Microsoft Office Visio Information Disclosure Vulnerability

CVE-2023-21742

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVE-2023-21744

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVE-2023-21752

Windows Backup Service Elevation of Privilege Vulnerability

CVE-2023-21757

Windows Layer 2 Tunneling Protocol (L2TP) Denial of Service Vulnerability

CVE-2023-21758

Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability

CVE-2023-21760

Windows Print Spooler Elevation of Privilege Vulnerability

CVE-2023-21761

Microsoft Exchange Server Information Disclosure Vulnerability

CVE-2023-21763

Microsoft Exchange Server Elevation of Privilege Vulnerability

CVE-2023-21764

Microsoft Exchange Server Elevation of Privilege Vulnerability

CVE-2023-21765

Windows Print Spooler Elevation of Privilege Vulnerability

CVE-2023-21767

Windows Overlay Filter Elevation of Privilege Vulnerability

CVE-2023-21768

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

CVE-2023-21771

Windows Local Session Manager (LSM) Elevation of Privilege Vulnerability

CVE-2023-22320

OpenAM Web Policy Agent (OpenAM Consortium Edition) provided by OpenAM Consortium parses URLs improp

CVE-2023-22391

A vulnerability in class-of-service (CoS) queue management in Juniper Networks Junos OS on the ACX2K

CVE-2023-22393

An Improper Check for Unusual or Exceptional Conditions vulnerability in BGP route processing of Jun

CVE-2023-22394

An Improper Handling of Unexpected Data Type vulnerability in the handling of SIP calls in Juniper N

CVE-2023-22396

An Uncontrolled Resource Consumption vulnerability in TCP processing on the Routing Engine (RE) of J

CVE-2023-22399

When sFlow is enabled and it monitors a packet forwarded via ECMP, a buffer management vulnerability

CVE-2023-22400

An Uncontrolled Resource Consumption vulnerability in the PFE management daemon (evo-pfemand) of Jun

CVE-2023-22401

An Improper Validation of Array Index vulnerability in the Advanced Forwarding Toolkit Manager daemo

CVE-2023-22403

An Allocation of Resources Without Limits or Throttling vulnerability in the Packet Forwarding Engi

CVE-2023-22408

An Improper Validation of Array Index vulnerability in the SIP ALG of Juniper Networks Junos OS on S

CVE-2023-22411

An Out-of-Bounds Write vulnerability in Flow Processing Daemon (flowd) of Juniper Networks Junos OS

CVE-2023-22412

An Improper Locking vulnerability in the SIP ALG of Juniper Networks Junos OS on MX Series with MS-M

CVE-2023-22413

An Improper Check or Handling of Exceptional Conditions vulnerability in the IPsec library of Junipe

CVE-2023-22415

An Out-of-Bounds Write vulnerability in the H.323 ALG of Juniper Networks Junos OS allows an unauthe

CVE-2023-22416

A Buffer Overflow vulnerability in SIP ALG of Juniper Networks Junos OS allows a network-based, unau

CVE-2023-22417

A Missing Release of Memory after Effective Lifetime vulnerability in the Flow Processing Daemon (fl

CVE-2023-22451

Kiwi TCMS is an open source test management system. In version 11.6 and prior, when users register n

CVE-2023-22454

Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch an

CVE-2023-22460

go-ipld-prime is an implementation of the InterPlanetary Linked Data (IPLD) spec interfaces, a batte

CVE-2023-22461

The `sanitize-svg` package, a small SVG sanitizer to prevent cross-site scripting attacks, uses a de

CVE-2023-22467

Luxon is a library for working with dates and times in JavaScript. On the 1.x branch prior to 1.38.1

CVE-2023-22472

Deck is a kanban style organization tool aimed at personal planning and project organization for tea

CVE-2023-22477

Mercurius is a GraphQL adapter for Fastify. Any users of Mercurius until version 10.5.0 are subjecte

CVE-2023-22551

The FTP (aka 'Implementation of a simple FTP client and server') project through 96c1a35 allows remo

CVE-2023-22598

InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version In

CVE-2023-22600

InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version In

CVE-2023-22601

InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version In

CVE-2023-22947

Insecure folder permissions in the Windows installation path of Shibboleth Service Provider (SP) bef

CVE-2023-22959

WebChess through 0.9.0 and 1.0.0.rc2 allows SQL injection: mainmenu.php, chess.php, and opponentspas

CVE-2023-23559

In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is

CVE-2023-26157

Versions of the package libredwg before 0.12.5.6384 are vulnerable to Denial of Service (DoS) due to

CVE-2023-27098

TP-Link Tapo APK up to v2.12.703 uses hardcoded credentials for access to the login panel.

CVE-2023-28583

Memory corruption when IPv6 prefix timer object`s lifetime expires which are created while Netmgr da

CVE-2023-29048

A component for parsing OXMF templates could be abused to execute arbitrary system commands that wou

CVE-2023-29051

User-defined OXMF templates could be used to access a limited part of the internal OX App Suite Java

CVE-2023-29444

An uncontrolled search path element vulnerability (DLL hijacking) has been discovered that could all

CVE-2023-29445

An uncontrolled search path element vulnerability (DLL hijacking) has been discovered that could all

CVE-2023-3043

AMI’s SPx containsa vulnerability in the BMC where an Attacker maycause a stack-based buf

CVE-2023-31003

IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.

CVE-2023-31025

NVIDIA DGX A100 BMC contains a vulnerability where an attacker may cause an LDAP user injection. A s

CVE-2023-31031

NVIDIA DGX A100 SBIOS contains a vulnerability where a user may cause a heap-based buffer overflow b

CVE-2023-31033

NVIDIA DGX A100 BMC contains a vulnerability where a user may cause a missing authentication issue f

CVE-2023-31034

NVIDIA DGX A100 SBIOS contains a vulnerability where a local attacker can cause input validation che

CVE-2023-31035

NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may cause an SMI callout vulnerabil

CVE-2023-31036

NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where, when it is laun

CVE-2023-32366

An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in ma

CVE-2023-32378

A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS V

CVE-2023-32383

This issue was addressed by forcing hardened runtime on the affected binaries at the system level. T

CVE-2023-32401

A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Monterey

CVE-2023-32436

The issue was addressed with improved bounds checks. This issue is fixed in macOS Ventura 13.3. An a

CVE-2023-32650

An integer overflow vulnerability exists in the FST_BL_GEOM parsing maxhandle functionality of GTKWa

CVE-2023-32886

In Modem IMS SMS UA, there is a possible out of bounds write due to a missing bounds check. This cou

CVE-2023-32887

In Modem IMS Stack, there is a possible system crash due to a missing bounds check. This could lead

CVE-2023-32888

In Modem IMS Call UA, there is a possible out of bounds write due to a missing bounds check. This co

CVE-2023-32889

In Modem IMS Call UA, there is a possible out of bounds write due to a missing bounds check. This co

CVE-2023-32890

In modem EMM, there is a possible system crash due to improper input validation. This could lead to

CVE-2023-33030

Memory corruption in HLOS while running playready use-case.

CVE-2023-33032

Memory corruption in TZ Secure OS while requesting a memory allocation from TA region.

CVE-2023-33033

Memory corruption in Audio during playback with speaker protection.

CVE-2023-33038

Memory corruption while receiving a message in Bus Socket Transport Server.

CVE-2023-33062

Transient DOS in WLAN Firmware while parsing a BTM request.

CVE-2023-33085

Memory corruption in wearables while processing data from AON.

CVE-2023-33094

Memory corruption while running VK synchronization with KASAN enabled.

CVE-2023-33108

Memory corruption in Graphics Driver when destroying a context with KGSL_GPU_AUX_COMMAND_TIMELINE ob

CVE-2023-33109

Transient DOS while processing a WMI P2P listen start command (0xD00A) sent from host.

CVE-2023-33110

The session index variable in PCM host voice audio driver initialized before PCM open, accessed duri

CVE-2023-33112

Transient DOS when WLAN firmware receives 'reassoc response' frame including RIC_DATA element.

CVE-2023-33113

Memory corruption when resource manager sends the host kernel a reply message with multiple fragment

CVE-2023-33114

Memory corruption while running NPU, when NETWORK_UNLOAD and (NETWORK_UNLOAD or NETWORK_EXECUTE_V2)

CVE-2023-33116

Transient DOS while parsing ieee80211_parse_mscs_ie in WIN WLAN driver.

CVE-2023-33117

Memory corruption when HLOS allocates the response payload buffer to copy the data received from ADS

CVE-2023-33118

Memory corruption while processing Listen Sound Model client payload buffer when there is a request

CVE-2023-33120

Memory corruption in Audio when memory map command is executed consecutively in ADSP.

CVE-2023-33472

An issue was discovered in Scada-LTS v2.7.5.2 build 4551883606 and before, allows remote attackers w

CVE-2023-34061

Cloud Foundry routing release versions from v0.163.0 to v0.283.0 are vulnerable to a DOS attack. An

CVE-2023-34087

An improper array index validation vulnerability exists in the EVCD var len parsing functionality of

CVE-2023-34322

For migration as well as to work around kernels unaware of L1TF (seeXSA-273), PV guests may be run

CVE-2023-34325

libfsimage contains parsing code for several filesystems, most of them based ongrub-legacy code.

CVE-2023-34326

The caching invalidation guidelines from the AMD-Vi specification (48882—Rev3.07-PUB—Oct 2022) is i

CVE-2023-34332

AMI’s SPx containsa vulnerability in the BMC where an Attackermay cause an untrusted po

CVE-2023-34333

AMI’s SPx containsa vulnerability in the BMC where an Attacker may cause anuntrusted po

CVE-2023-34436

An out-of-bounds write vulnerability exists in the LXT2 num_time_table_entries functionality of GTKW

CVE-2023-35004

An integer overflow vulnerability exists in the VZT longest_len value allocation functionality of GT

CVE-2023-35057

An integer overflow vulnerability exists in the LXT2 lxt2_rd_trace value elements allocation functio

CVE-2023-35128

An integer overflow vulnerability exists in the fstReaderIterBlocks2 time_table tsec_nitems function

CVE-2023-35702

Multiple stack-based buffer overflow vulnerabilities exist in the FST LEB128 varint functionality of

CVE-2023-35703

Multiple stack-based buffer overflow vulnerabilities exist in the FST LEB128 varint functionality of

CVE-2023-35704

Multiple stack-based buffer overflow vulnerabilities exist in the FST LEB128 varint functionality of

CVE-2023-35955

Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 VCDATA parsing

CVE-2023-35956

Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 VCDATA parsing

CVE-2023-35957

Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 VCDATA parsing

CVE-2023-35958

Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 VCDATA parsing

CVE-2023-35959

Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.

CVE-2023-35960

Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.

CVE-2023-35961

Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.

CVE-2023-35962

Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.

CVE-2023-35963

Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.

CVE-2023-35964

Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.

CVE-2023-35969

Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 chain_table pa

CVE-2023-35970

Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 chain_table pa

CVE-2023-35989

An integer overflow vulnerability exists in the LXT2 zlib block allocation functionality of GTKWave

CVE-2023-35992

An integer overflow vulnerability exists in the FST fstReaderIterBlocks2 vesc allocation functionali

CVE-2023-35994

Multiple improper array index validation vulnerabilities exist in the fstReaderIterBlocks2 tdelta fu

CVE-2023-35995

Multiple improper array index validation vulnerabilities exist in the fstReaderIterBlocks2 tdelta fu

CVE-2023-35996

Multiple improper array index validation vulnerabilities exist in the fstReaderIterBlocks2 tdelta fu

CVE-2023-35997

Multiple improper array index validation vulnerabilities exist in the fstReaderIterBlocks2 tdelta fu

CVE-2023-36746

Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 fstWritex len

CVE-2023-36747

Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 fstWritex len

CVE-2023-36861

An out-of-bounds write vulnerability exists in the VZT LZMA_read_varint functionality of GTKWave 3.3

CVE-2023-36864

An integer overflow vulnerability exists in the fstReaderIterBlocks2 temp_signal_value_buf allocatio

CVE-2023-36915

Multiple integer overflow vulnerabilities exist in the FST fstReaderIterBlocks2 chain_table allocati

CVE-2023-36916

Multiple integer overflow vulnerabilities exist in the FST fstReaderIterBlocks2 chain_table allocati

CVE-2023-37282

An out-of-bounds write vulnerability exists in the VZT LZMA_Read dmem extraction functionality of GT

CVE-2023-37293

AMI’s SPx containsa vulnerability in the BMC where an Attacker may cause astack-based buffer overf

CVE-2023-37294

AMI’sSPx contains a vulnerability in the BMC where an Attacker maycause a heap memory corru

CVE-2023-37295

AMI’sSPx contains a vulnerability in the BMC where an Attacker maycause a heap memory corrupt

CVE-2023-37296

AMI’sSPx contains a vulnerability in the BMC where an Attacker maycause a stack memory corrupti

CVE-2023-37297

AMI’sSPx contains a vulnerability in the BMC where an Attacker maycause a heap memory corruption

CVE-2023-37416

Multiple out-of-bounds write vulnerabilities exist in the VCD parse_valuechange portdump functionali

CVE-2023-37417

Multiple out-of-bounds write vulnerabilities exist in the VCD parse_valuechange portdump functionali

CVE-2023-37418

Multiple out-of-bounds write vulnerabilities exist in the VCD parse_valuechange portdump functionali

CVE-2023-37419

Multiple out-of-bounds write vulnerabilities exist in the VCD parse_valuechange portdump functionali

CVE-2023-37420

Multiple out-of-bounds write vulnerabilities exist in the VCD parse_valuechange portdump functionali

CVE-2023-37442

Multiple out-of-bounds read vulnerabilities exist in the VCD var definition section functionality of

CVE-2023-37443

Multiple out-of-bounds read vulnerabilities exist in the VCD var definition section functionality of

CVE-2023-37444

Multiple out-of-bounds read vulnerabilities exist in the VCD var definition section functionality of

CVE-2023-37445

Multiple out-of-bounds read vulnerabilities exist in the VCD var definition section functionality of

CVE-2023-37446

Multiple out-of-bounds read vulnerabilities exist in the VCD var definition section functionality of

CVE-2023-37447

Multiple out-of-bounds read vulnerabilities exist in the VCD var definition section functionality of

CVE-2023-37573

Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc functionality of GTKWa

CVE-2023-37574

Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc functionality of GTKWa

CVE-2023-37575

Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc functionality of GTKWa

CVE-2023-37576

Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc functionality of GTKWa

CVE-2023-37577

Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc functionality of GTKWa

CVE-2023-37578

Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc functionality of GTKWa

CVE-2023-37607

Directory Traversal in Automatic-Systems SOC FL9600 FastLine lego_T04E00 allows a remote attacker to

CVE-2023-37608

An issue in Automatic Systems SOC FL9600 FastLine v.lego_T04E00 allows a remote attacker to obtain s

CVE-2023-37921

Multiple arbitrary write vulnerabilities exist in the VCD sorted bsearch functionality of GTKWave 3.

CVE-2023-37922

Multiple arbitrary write vulnerabilities exist in the VCD sorted bsearch functionality of GTKWave 3.

CVE-2023-37923

Multiple arbitrary write vulnerabilities exist in the VCD sorted bsearch functionality of GTKWave 3.

CVE-2023-38583

A stack-based buffer overflow vulnerability exists in the LXT2 lxt2_rd_expand_integer_to_bits functi

CVE-2023-38610

A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in macO

CVE-2023-38618

Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing functionality of GTKW

CVE-2023-38619

Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing functionality of GTKW

CVE-2023-38620

Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing functionality of GTKW

CVE-2023-38621

Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing functionality of GTKW

CVE-2023-38622

Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing functionality of GTKW

CVE-2023-38623

Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing functionality of GTKW

CVE-2023-38648

Multiple out-of-bounds write vulnerabilities exist in the VZT vzt_rd_get_facname decompression funct

CVE-2023-38649

Multiple out-of-bounds write vulnerabilities exist in the VZT vzt_rd_get_facname decompression funct

CVE-2023-38650

Multiple integer overflow vulnerabilities exist in the VZT vzt_rd_block_vch_decode times parsing fun

CVE-2023-38651

Multiple integer overflow vulnerabilities exist in the VZT vzt_rd_block_vch_decode times parsing fun

CVE-2023-38652

Multiple integer overflow vulnerabilities exist in the VZT vzt_rd_block_vch_decode dict parsing func

CVE-2023-38653

Multiple integer overflow vulnerabilities exist in the VZT vzt_rd_block_vch_decode dict parsing func

CVE-2023-38657

An out-of-bounds write vulnerability exists in the LXT2 zlib block decompression functionality of GT

CVE-2023-38674

FPE in paddle.nanmedian in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a deni

CVE-2023-38675

FPE in paddle.linalg.matrix_rank in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash a

CVE-2023-38676

Nullptr in paddle.dot in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial

CVE-2023-38677

FPE in paddle.linalg.eig in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a den

CVE-2023-38678

OOB access in paddle.mode in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a de

CVE-2023-39234

Multiple out-of-bounds write vulnerabilities exist in the VZT vzt_rd_process_block autosort function

CVE-2023-39235

Multiple out-of-bounds write vulnerabilities exist in the VZT vzt_rd_process_block autosort function

CVE-2023-39270

Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTK

CVE-2023-39271

Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTK

CVE-2023-39272

Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTK

CVE-2023-39273

Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTK

CVE-2023-39274

Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTK

CVE-2023-39275

Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTK

CVE-2023-39294

An OS command injection vulnerability has been reported to affect several QNAP operating system vers

CVE-2023-39296

A prototype pollution vulnerability has been reported to affect several QNAP operating system versio

CVE-2023-39316

Multiple integer overflow vulnerabilities exist in the LXT2 num_dict_entries functionality of GTKWav

CVE-2023-39317

Multiple integer overflow vulnerabilities exist in the LXT2 num_dict_entries functionality of GTKWav

CVE-2023-39336

An unspecified SQL Injection vulnerability in Ivanti Endpoint Manager released prior to 2022 SU 5 al

CVE-2023-39413

Multiple integer underflow vulnerabilities exist in the LXT2 lxt2_rd_iter_radix shift operation func

CVE-2023-39414

Multiple integer underflow vulnerabilities exist in the LXT2 lxt2_rd_iter_radix shift operation func

CVE-2023-39443

Multiple out-of-bounds write vulnerabilities exist in the LXT2 parsing functionality of GTKWave 3.3.

CVE-2023-39444

Multiple out-of-bounds write vulnerabilities exist in the LXT2 parsing functionality of GTKWave 3.3.

CVE-2023-40250

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Hancom HCell

CVE-2023-40393

An authentication issue was addressed with improved state management. This issue is fixed in macOS S

CVE-2023-41056

Redis is an in-memory database that persists on disk. Redis incorrectly handles resizing of memory b

CVE-2023-41060

A type confusion issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14, i

CVE-2023-41075

A type confusion issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.7

CVE-2023-41287

A SQL injection vulnerability has been reported to affect Video Station. If exploited, the vulnerabi

CVE-2023-41288

An OS command injection vulnerability has been reported to affect Video Station. If exploited, the v

CVE-2023-41289

An OS command injection vulnerability has been reported to affect QcalAgent. If exploited, the vulne

CVE-2023-41776

There is a local privilege escalation vulnerability of ZTE's ZXCLOUD iRAI.Attackers with regular use

CVE-2023-41780

There is an unsafe DLL loading vulnerability in ZTE ZXCLOUD iRAI. Due to the  program  failed to ade

CVE-2023-41783

There is a command injection vulnerability of ZTE's ZXCLOUD iRAI. Due to the  program  failed to ade

CVE-2023-41974

A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17

CVE-2023-42358

An issue was discovered in O-RAN Software Community ric-plt-e2mgr in the G-Release environment, allo

CVE-2023-42463

Wazuh is a free and open source platform used for threat prevention, detection, and response. This b

CVE-2023-42797

A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05.20), CP-8050

CVE-2023-42826

The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing a f

CVE-2023-42828

This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.5.

CVE-2023-42832

A race condition was addressed with improved state handling. This issue is fixed in macOS Big Sur 11

CVE-2023-42833

A correctness issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14, Safa

CVE-2023-42866

The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.5, iO

CVE-2023-42869

Multiple memory corruption issues were addressed with improved input validation. This issue is fixed

CVE-2023-42870

A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS S

CVE-2023-42871

The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14, iOS 1

CVE-2023-42876

The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14. Process

CVE-2023-42933

This issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. An app may be

CVE-2023-43511

Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that co

CVE-2023-43512

Transient DOS while parsing GATT service data when the total amount of memory that is required by th

CVE-2023-43514

Memory corruption while invoking IOCTLs calls from user space for internal mem MAP and internal mem

CVE-2023-44120

A vulnerability has been identified in Spectrum Power 7 (All versions < V23Q4). The affected product

CVE-2023-44250

An improper privilege management vulnerability in a Fortinet FortiOS HA cluster version 7.4.0 throu

CVE-2023-45039

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP

CVE-2023-45040

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP

CVE-2023-45041

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP

CVE-2023-45042

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP

CVE-2023-45043

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP

CVE-2023-45044

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP

CVE-2023-45139

fontTools is a library for manipulating fonts, written in Python. The subsetting module has a XML Ex

CVE-2023-45559

An issue in Tamaki_hamanoki Line v.13.6.1 allows attackers to send crafted notifications via leakage

CVE-2023-45892

An issue discovered in the Order and Invoice pages in Floorsight Insights Q3 2023 allows an unauthen

CVE-2023-45893

An indirect Object Reference (IDOR) in the Order and Invoice pages in Floorsight Customer Portal Q3

CVE-2023-46474

File Upload vulnerability PMB v.7.4.8 allows a remote attacker to execute arbitrary code and escalat

CVE-2023-46712

A improper access control in Fortinet FortiPortal version 7.0.0 through 7.0.6, Fortinet FortiPortal

CVE-2023-46805

An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Polic

CVE-2023-46929

An issue discovered in GPAC 2.3-DEV-rev605-gfc9e29089-master in MP4Box in gf_avc_change_vui /afltest

CVE-2023-46942

Lack of authentication in NPM's package @evershop/evershop before version 1.0.0-rc.8, allows remote

CVE-2023-47039

A vulnerability was found in Perl. This security issue occurs while Perl for Windows relies on the s

CVE-2023-47140

IBM CICS Transaction Gateway 9.3 could allow a user to transfer or view files due to improper access

CVE-2023-47145

IBM Db2 for Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow a local user to e

CVE-2023-47211

A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager

CVE-2023-47219

A SQL injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability c

CVE-2023-47473

Directory Traversal vulnerability in fuwushe.org iFair versions 23.8_ad0 and before allows an attack

CVE-2023-47560

An OS command injection vulnerability has been reported to affect QuMagie. If exploited, the vulnera

CVE-2023-47992

An integer overflow vulnerability in FreeImageIO.cpp::_MemoryReadProc in FreeImage 3.18.0 allows att

CVE-2023-47994

An integer overflow vulnerability in LoadPixelDataRLE4 function in PluginBMP.cpp in Freeimage 3.18.0

CVE-2023-48166

A directory traversal vulnerability in the SOAP Server integrated in Atos Unify OpenScape Voice V10

CVE-2023-48243

The vulnerability allows a remote attacker to upload arbitrary files in all paths of the system unde

CVE-2023-48247

The vulnerability allows an unauthenticated remote attacker to read arbitrary files under the contex

CVE-2023-48252

The vulnerability allows an authenticated remote attacker to perform actions exceeding their authori

CVE-2023-48253

The vulnerability allows a remote authenticated attacker to read or update arbitrary content of the

CVE-2023-48257

The vulnerability allows a remote attacker to access sensitive data inside exported packages or obta

CVE-2023-48258

The vulnerability allows a remote attacker to delete arbitrary files on the file system via a crafte

CVE-2023-48259

The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results

CVE-2023-48260

The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results

CVE-2023-48261

The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results

CVE-2023-48297

Discourse is a platform for community discussion. The message serializer uses the full list of expan

CVE-2023-48418

 In checkDebuggingDisallowed of DeviceVersionFragment.java, there is a    possible way to access ad

CVE-2023-48864

SEMCMS v4.8 was discovered to contain a SQL injection vulnerability via the languageID parameter in

CVE-2023-48909

An issue was discovered in Jave2 version 3.3.1, allows attackers to execute arbitrary code via the F

CVE-2023-49121

A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affe

CVE-2023-49122

A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affe

CVE-2023-49123

A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affe

CVE-2023-49124

A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affe

CVE-2023-49126

A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affe

CVE-2023-49127

A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affe

CVE-2023-49128

A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affe

CVE-2023-49129

A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affe

CVE-2023-49130

A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affe

CVE-2023-49131

A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affe

CVE-2023-49132

A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affe

CVE-2023-49252

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.7). The affected applicati

CVE-2023-49254

Authenticated user can execute arbitrary commands in the context of the root user by providing paylo

CVE-2023-49256

It is possible to download the configuration backup without authorization and decrypt included passw

CVE-2023-49257

An authenticated user is able to upload an arbitrary CGI-compatible file using the certificate uploa

CVE-2023-49259

The authentication cookies are generated using an algorithm based on the username, hardcoded secret

CVE-2023-49261

The 'tokenKey' value used in user authorization is visible in the HTML source of the login page.

CVE-2023-49427

Buffer Overflow vulnerability in Tenda AX12 V22.03.01.46, allows remote attackers to cause a denial

CVE-2023-49471

Blind Server-Side Request Forgery (SSRF) vulnerability in karlomikus Bar Assistant before version 3.

CVE-2023-49549

An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_get

CVE-2023-49550

An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs+0x4

CVE-2023-49551

An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_op_

CVE-2023-49552

An Out of Bounds Write in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service v

CVE-2023-49553

An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_des

CVE-2023-49568

A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.11. This vulne

CVE-2023-49589

An insufficient entropy vulnerability exists in the userRecoverPass.php recoverPass generation funct

CVE-2023-49647

Improper access control in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SD

CVE-2023-49715

A unrestricted php file upload vulnerability exists in the import.json.php temporary copy functional

CVE-2023-49738

An information disclosure vulnerability exists in the image404Raw.php functionality of WWBN AVideo d

CVE-2023-49794

KernelSU is a Kernel-based root solution for Android devices. In versions 0.7.1 and prior, the logic

CVE-2023-49801

Lif Auth Server is a server for validating logins, managing information, and account recovery for Li

CVE-2023-49961

WALLIX Bastion 7.x, 8.x, 9.x and 10.x and WALLIX Access Manager 3.x and 4.x have Incorrect Access Co

CVE-2023-50020

An issue was discovered in open5gs v2.6.6. SIGPIPE can be used to crash AMF.

CVE-2023-50082

Aoyun Technology pbootcms V3.1.2 is vulnerable to Incorrect Access Control, allows remote attackers

CVE-2023-50094

reNgine before 2.1.2 allows OS Command Injection if an adversary has a valid session ID. The attack

CVE-2023-50096

STMicroelectronics STSAFE-A1xx middleware before 3.3.7 allows MCU code execution if an adversary has

CVE-2023-50123

The number of attempts to bring the Hozard Alarm system (alarmsystemen) v1.0 to a disarmed state is

CVE-2023-50159

In ScaleFusion (Windows Desktop App) agent 10.5.2, Kiosk mode application restrictions can be bypass

CVE-2023-50162

SQL injection vulnerability in EmpireCMS v7.5, allows remote attackers to execute arbitrary code and

CVE-2023-50256

Froxlor is open source server administration software. Prior to version 2.1.2, it was possible to su

CVE-2023-50341

HCL DRYiCE MyXalytics is impacted by Improper Access Control (Obsolete web pages) vulnerability. Dis

CVE-2023-50350

HCL DRYiCE MyXalytics is impacted by the use of a broken cryptographic algorithm for encryption, pot

CVE-2023-50612

Insecure Permissions vulnerability in fit2cloud Cloud Explorer Lite version 1.4.1, allow local attac

CVE-2023-50671

In exiftags 1.01, nikon_prop1 in nikon.c has a heap-based buffer overflow (write of size 28) because

CVE-2023-50760

Online Notice Board System v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'f' pa

CVE-2023-50916

Kyocera Device Manager before 3.1.1213.0 allows NTLM credential exposure during UNC path authenticat

CVE-2023-50922

An issue was discovered on GL.iNet devices through 4.5.0. Attackers who are able to steal the AdminT

CVE-2023-50930

An issue was discovered in savignano S/Notify before 4.0.2 for Jira. While an administrative user is

CVE-2023-50931

An issue was discovered in savignano S/Notify before 2.0.1 for Bitbucket. While an administrative us

CVE-2023-50932

An issue was discovered in savignano S/Notify before 4.0.2 for Confluence. While an administrative u

CVE-2023-50991

Buffer Overflow vulnerability in Tenda i29 versions 1.0 V1.0.0.5 and 1.0 V1.0.0.2, allows remote att

CVE-2023-51063

QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 was discovered to contain a DOM Based Re

CVE-2023-51065

Incorrect access control in QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 allows unaut

CVE-2023-51066

An authenticated remote code execution vulnerability in QStar Archive Solutions Release RELEASE_3-0

CVE-2023-51073

An issue in Buffalo LS210D v.1.78-0.03 allows a remote attacker to execute arbitrary code via the Fi

CVE-2023-51127

FLIR AX8 thermal sensor cameras up to and including 1.46.16 are vulnerable to Directory Traversal du

CVE-2023-51406

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ninja Team FastDup – Fas

CVE-2023-51408

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in StudioWombat WP Optin Wh

CVE-2023-51439

A vulnerability has been identified in JT2Go (All versions < V14.3.0.6), Teamcenter Visualization V1

CVE-2023-51441

** UNSUPPORTED WHEN ASSIGNED ** Improper Input Validation vulnerability in Apache Axis allowed users

CVE-2023-51490

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPMU DEV Defender Securi

CVE-2023-51508

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Jordy Meow Database Clea

CVE-2023-51535

Cross-Site Request Forgery (CSRF) vulnerability in СleanTalk - Anti-Spam Protection Spam protection,

CVE-2023-51538

Cross-Site Request Forgery (CSRF) vulnerability in Awesome Support Team Awesome Support – WordPress

CVE-2023-51539

Cross-Site Request Forgery (CSRF) vulnerability in Apollo13Themes Apollo13 Framework Extensions.This

CVE-2023-51668

Cross-Site Request Forgery (CSRF) vulnerability in WP Zone Inline Image Upload for BBPress.This issu

CVE-2023-51698

Atril is a simple multi-page document viewer. Atril is vulnerable to a critical Command Injection Vu

CVE-2023-51701

fastify-reply-from is a Fastify plugin to forward the current HTTP request to another server. A reve

CVE-2023-51745

A vulnerability has been identified in JT2Go (All versions < V14.3.0.6), Teamcenter Visualization V1

CVE-2023-51746

A vulnerability has been identified in JT2Go (All versions < V14.3.0.6), Teamcenter Visualization V1

CVE-2023-51748

ScaleFusion 10.5.2 does not properly limit users to the Edge application because Ctrl-O and Ctrl-S c

CVE-2023-51749

ScaleFusion 10.5.2 does not properly limit users to the Edge application because a search can be mad

CVE-2023-51780

An issue was discovered in the Linux kernel before 6.6.8. do_vcc_ioctl in net/atm/ioctl.c has a use-

CVE-2023-51781

An issue was discovered in the Linux kernel before 6.6.8. atalk_ioctl in net/appletalk/ddp.c has a u

CVE-2023-51782

An issue was discovered in the Linux kernel before 6.6.8. rose_ioctl in net/rose/af_rose.c has a use

CVE-2023-51785

Deserialization of Untrusted Data vulnerability in Apache InLong.This issue affects Apache InLong: f

CVE-2023-51804

An issue in rymcu forest v.0.02 allows a remote attacker to obtain sensitive information via manipul

CVE-2023-51949

Verydows v2.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /prote

CVE-2023-52072

FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /system/

CVE-2023-52073

FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /system/

CVE-2023-52074

FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component system/s

CVE-2023-52119

Cross-Site Request Forgery (CSRF) vulnerability in Icegram Icegram Engage – WordPress Lead Generatio

CVE-2023-52120

Cross-Site Request Forgery (CSRF) vulnerability in Basix NEX-Forms – Ultimate Form Builder – Contact

CVE-2023-52121

Cross-Site Request Forgery (CSRF) vulnerability in NitroPack Inc. NitroPack – Cache & Speed Optimiza

CVE-2023-52122

Cross-Site Request Forgery (CSRF) vulnerability in PressTigers Simple Job Board.This issue affects S

CVE-2023-52123

Cross-Site Request Forgery (CSRF) vulnerability in WPChill Strong Testimonials.This issue affects St

CVE-2023-52127

Cross-Site Request Forgery (CSRF) vulnerability in WPClever WPC Product Bundles for WooCommerce.This

CVE-2023-52128

Cross-Site Request Forgery (CSRF) vulnerability in WhiteWP White Label – WordPress Custom Admin, Cus

CVE-2023-52129

Cross-Site Request Forgery (CSRF) vulnerability in Michael Winkler teachPress.This issue affects tea

CVE-2023-52130

Cross-Site Request Forgery (CSRF) vulnerability in wp.Insider, wpaffiliatemgr Affiliates Manager.Thi

CVE-2023-52136

Cross-Site Request Forgery (CSRF) vulnerability in Smash Balloon Custom Twitter Feeds – A Tweets Wid

CVE-2023-52142

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2023-52143

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Naa986 WP Stripe Checkou

CVE-2023-52145

Cross-Site Request Forgery (CSRF) vulnerability in Marios Alexandrou Republish Old Posts.This issue

CVE-2023-52149

Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Floating Button.This issue affects Fl

CVE-2023-52150

Cross-Site Request Forgery (CSRF) vulnerability in Ovation S.R.L. Dynamic Content for Elementor.This

CVE-2023-52184

Cross-Site Request Forgery (CSRF) vulnerability in WP Job Portal WP Job Portal – A Complete Job Boar

CVE-2023-52190

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WP Swings Coupon Referra

CVE-2023-52201

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2023-52202

Deserialization of Untrusted Data vulnerability in SVNLabs Softwares HTML5 MP3 Player with Folder Fe

CVE-2023-52204

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2023-52205

Deserialization of Untrusted Data vulnerability in SVNLabs Softwares HTML5 SoundCloud Player with Pl

CVE-2023-52206

Deserialization of Untrusted Data vulnerability in Live Composer Team Page Builder: Live Composer li

CVE-2023-52207

Deserialization of Untrusted Data vulnerability in SVNLabs Softwares HTML5 MP3 Player with Playlist

CVE-2023-52208

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Constant Contact Constan

CVE-2023-52216

Cross-Site Request Forgery (CSRF) vulnerability in Yevhen Kotelnytskyi JS & CSS Script Optimizer.Thi

CVE-2023-52219

Deserialization of Untrusted Data vulnerability in Gecka Gecka Terms Thumbnails.This issue affects G

CVE-2023-52222

Cross-Site Request Forgery (CSRF) vulnerability in Automattic WooCommerce.This issue affects WooComm

CVE-2023-52302

Nullptr in paddle.nextafter in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a

CVE-2023-52303

Nullptr in paddle.put_along_axis in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash a

CVE-2023-52305

FPE in paddle.topk in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of

CVE-2023-52306

FPE in paddle.lerp in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of

CVE-2023-52308

FPE in paddle.amin in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of

CVE-2023-52312

Nullptr dereference in paddle.crop in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash

CVE-2023-52313

FPE in paddle.argmin and paddle.argmax in PaddlePaddle before 2.6.0. This flaw can cause a runtime c

CVE-2023-5235

The Ovic Responsive WPBakery WordPress plugin before 1.2.9 does not limit which options can be updat

CVE-2023-5356

Incorrect authorization checks in GitLab CE/EE from all versions starting from 8.13 before 16.5.6, a

CVE-2023-5448

The WP Register Profile With Shortcode plugin for WordPress is vulnerable to Cross-Site Request Forg

CVE-2023-5504

The BackWPup plugin for WordPress is vulnerable to Directory Traversal in versions up to, and includ

CVE-2023-5880

When the Genie Company Aladdin Connect garage door opener (Retrofit-Kit Model ALDCM) is placed into

CVE-2023-5881

Unauthenticated access permitted to web interface page The Genie Company Aladdin Connect (Retrofit-K

CVE-2023-5957

The Ni Purchase Order(PO) For WooCommerce WordPress plugin through 1.2.1 does not validate logo and

CVE-2023-6040

An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 (n

CVE-2023-6042

Any unauthenticated user may send e-mail from the site with any title or content to the admin

CVE-2023-6064

The PayHere Payment Gateway WordPress plugin before 2.2.12 automatically creates publicly-accessible

CVE-2023-6113

The WP STAGING WordPress Backup Plugin before 3.1.3 and WP STAGING Pro WordPress Backup Plugin befor

CVE-2023-6140

The Essential Real Estate WordPress plugin before 4.4.0 does not prevent users with limited privileg

CVE-2023-6266

The Backup Migration plugin for WordPress is vulnerable to unauthorized access of data due to insuff

CVE-2023-6270

A flaw was found in the ATA over Ethernet (AoE) driver in the Linux kernel. The aoecmd_cfg_pkts() fu

CVE-2023-6271

The Backup Migration WordPress plugin before 1.3.6 stores in-progress backups information in easy to

CVE-2023-6338

Uncontrolled search path vulnerabilities were reported in the Lenovo Universal Device Client (UDC) t

CVE-2023-6383

The Debug Log Manager WordPress plugin before 2.3.0 contains a Directory listing vulnerability was d

CVE-2023-6421

The Download Manager WordPress plugin before 3.2.83 does not protect file download's passwords, leak

CVE-2023-6476

A flaw was found in CRI-O that involves an experimental annotation leading to a container being unco

CVE-2023-6505

The Migrate WordPress Website & Backups WordPress plugin before 1.9.3 does not prevent directory lis

CVE-2023-6528

The Slider Revolution WordPress plugin before 6.6.19 does not prevent users with at least the Author

CVE-2023-6532

The WP Blogs' Planetarium WordPress plugin through 1.0 does not have CSRF check in place when updati

CVE-2023-6540

A vulnerability was reported in the Lenovo Browser Mobile and Lenovo Browser HD Apps for Android tha

CVE-2023-6558

The Export and Import Users and Customers plugin for WordPress is vulnerable to arbitrary file uploa

CVE-2023-6567

The LearnPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order_by’ par

CVE-2023-6583

The Import and export users and customers plugin for WordPress is vulnerable to Directory Traversal

CVE-2023-6631

PowerSYSTEM Center versions 2020 Update 16 and prior contain a vulnerability that may allow an autho

CVE-2023-6636

The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to arbitrary f

CVE-2023-6699

The WP Compress – Image Optimizer plugin for WordPress is vulnerable to Directory Traversal in all

CVE-2023-6735

Privilege escalation in mk_tsm agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows

CVE-2023-6740

Privilege escalation in jar_signature agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39

CVE-2023-6750

The Clone WordPress plugin before 2.4.3 uses buffer files to store in-progress backup informations,

CVE-2023-6845

The CommentTweets WordPress plugin through 0.6 does not have CSRF checks in some places, which could

CVE-2023-6979

The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads du

CVE-2023-7032

A CWE-502: Deserialization of untrusted data vulnerability exists that could allow an attackerlogg

CVE-2023-7209

A vulnerability was found in Uniway Router up to 2.0. It has been rated as critical. Affected by thi

CVE-2023-7211

A vulnerability was found in Uniway Router 2.0. It has been declared as critical. This vulnerability

CVE-2023-7213

A vulnerability classified as critical was found in Totolink N350RT 9.3.5u.6139_B20201216. Affected

CVE-2023-7214

A vulnerability, which was classified as critical, has been found in Totolink N350RT 9.3.5u.6139_B20

CVE-2023-7218

A vulnerability, which was classified as critical, was found in Totolink N350RT 9.3.5u.6139_B202012.

CVE-2023-7224

OpenVPN Connect version 3.0 through 3.4.6 on macOS allows local users to execute code in external th

CVE-2024-0056

Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnera

CVE-2024-0185

A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been rated as critic

CVE-2024-0186

A vulnerability classified as problematic has been found in HuiRan Host Reseller System up to 2.0.0.

CVE-2024-0188

A vulnerability, which was classified as problematic, was found in RRJ Nueva Ecija Engineer Online P

CVE-2024-0196

A vulnerability has been found in Magic-Api up to 2.0.1 and classified as critical. Affected by this

CVE-2024-0206

A symbolic link manipulation vulnerability in Trellix Anti-Malware Engine prior to the January 2024

CVE-2024-0207

HTTP3 dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted ca

CVE-2024-0208

GVCP dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of servi

CVE-2024-0209

IEEE 1609.2 dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial o

CVE-2024-0210

Zigbee TLV dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or craft

CVE-2024-0211

DOCSIS dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted c

CVE-2024-0213

A buffer overflow vulnerability in TA for Linux and TA for MacOS prior to 5.8.1 allows a local user

CVE-2024-0222

Use after free in ANGLE in Google Chrome prior to 120.0.6099.199 allowed a remote attacker who had c

CVE-2024-0223

Heap buffer overflow in ANGLE in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to

CVE-2024-0224

Use after free in WebAudio in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to pot

CVE-2024-0225

Use after free in WebGPU in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to poten

CVE-2024-0241

encoded_id-rails versions before 1.0.0.beta2 are affected by an uncontrolled resource consumption vu

CVE-2024-0252

ManageEngine ADSelfService Plus versions 6401 and below are vulnerable to the remote code execution

CVE-2024-0260

A vulnerability, which was classified as problematic, was found in SourceCodester Engineers Online P

CVE-2024-0261

A vulnerability has been found in Sentex FTPDMIN 0.96 and classified as problematic. Affected by thi

CVE-2024-0263

A vulnerability was found in ACME Ultra Mini HTTPd 1.21. It has been classified as problematic. This

CVE-2024-0265

A vulnerability was found in SourceCodester Clinic Queuing System 1.0. It has been rated as critical

CVE-2024-0291

A vulnerability was found in Totolink LR1200GB 9.1.0u.6619_B20230130. It has been rated as critical.

CVE-2024-0305

A vulnerability was found in Guangzhou Yingke Electronic Technology Ncast up to 2017 and classified

CVE-2024-0306

A vulnerability was found in Kashipara Dynamic Lab Management System up to 1.0. It has been classifi

CVE-2024-0307

A vulnerability was found in Kashipara Dynamic Lab Management System up to 1.0. It has been declared

CVE-2024-0308

A vulnerability was found in Inis up to 2.0.1. It has been rated as critical. This issue affects som

CVE-2024-0341

A vulnerability was found in Inis up to 2.0.1. It has been rated as problematic. This issue affects

CVE-2024-0354

A vulnerability, which was classified as critical, has been found in unknown-o download-station up t

CVE-2024-0356

A vulnerability has been found in Mandelo ssm_shiro_blog 1.0 and classified as problematic. Affected

CVE-2024-0358

A vulnerability was found in DeShang DSO2O up to 4.1.0. It has been classified as critical. This aff

CVE-2024-0411

A vulnerability was found in DeShang DSMall up to 6.1.0. It has been classified as problematic. This

CVE-2024-0418

A vulnerability has been found in iSharer and upRedSun File Sharing Wizard up to 1.5.0 and classifie

CVE-2024-0419

A vulnerability was found in Jasper httpdx up to 1.5.4 and classified as problematic. This issue aff

CVE-2024-0425

A vulnerability classified as critical was found in ForU CMS up to 2020-06-23. This vulnerability af

CVE-2024-0459

A vulnerability has been found in Blood Bank & Donor Management 5.6 and classified as critical. This

CVE-2024-0472

A vulnerability was found in code-projects Dormitory Management System 1.0. It has been rated as pro

CVE-2024-20652

Windows HTML Platforms Security Feature Bypass Vulnerability

CVE-2024-20653

Microsoft Common Log File System Elevation of Privilege Vulnerability

CVE-2024-20654

Microsoft ODBC Driver Remote Code Execution Vulnerability

CVE-2024-20657

Windows Group Policy Elevation of Privilege Vulnerability

CVE-2024-20658

Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability

CVE-2024-20661

Microsoft Message Queuing Denial of Service Vulnerability

CVE-2024-20677

A security vulnerability exists in FBX that could lead to remote code execution. To mitigate this vu

CVE-2024-20681

Windows Subsystem for Linux Elevation of Privilege Vulnerability

CVE-2024-20682

Windows Cryptographic Services Remote Code Execution Vulnerability

CVE-2024-21307

Remote Desktop Client Remote Code Execution Vulnerability

CVE-2024-21309

Windows Kernel-Mode Driver Elevation of Privilege Vulnerability

CVE-2024-21310

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

CVE-2024-21318

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVE-2024-21325

Microsoft Printer Metadata Troubleshooter Tool Remote Code Execution Vulnerability

CVE-2024-21589

An Improper Access Control vulnerability in the Juniper Networks Paragon Active Assurance Control C

CVE-2024-21595

An Improper Validation of Syntactic Correctness of Input vulnerability in the Packet Forwarding Eng

CVE-2024-21597

An Exposure of Resource to Wrong Sphere vulnerability in the Packet Forwarding Engine (PFE) of Juni

CVE-2024-21602

A NULL Pointer Dereference vulnerability in Juniper Networks Junos OS Evolved on ACX7024, ACX7100-3

CVE-2024-21604

An Allocation of Resources Without Limits or Throttling vulnerability in the kernel of Juniper Netw

CVE-2024-21606

A Double Free vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on S

CVE-2024-21611

A Missing Release of Memory after Effective Lifetime vulnerability in the Routing Protocol Daemon (

CVE-2024-21612

An Improper Handling of Syntactically Invalid Structure vulnerability in Object Flooding Protoc

CVE-2024-21614

An Improper Check for Unusual or Exceptional Conditions vulnerability in Routing Protocol Daemon (R

CVE-2024-21616

An Improper Validation of Syntactic Correctness of Input vulnerability in Packet Forwarding Engine

CVE-2024-21622

Craft is a content management system. This is a potential moderate impact, low complexity privilege

CVE-2024-21625

SideQuest is a place to get virtual reality applications for Oculus Quest. The SideQuest desktop app

CVE-2024-21629

Rust EVM is an Ethereum Virtual Machine interpreter. In `rust-evm`, a feature called `record_externa

CVE-2024-21633

Apktool is a tool for reverse engineering Android APK files. In versions 2.9.1 and prior, Apktool in

CVE-2024-21634

Amazon Ion is a Java implementation of the Ion data notation. Prior to version 1.10.5, a potential d

CVE-2024-21642

D-Tale is a visualizer for Pandas data structures. Users hosting versions D-Tale prior to 3.9.0 publ

CVE-2024-21643

IdentityModel Extensions for .NET provide assemblies for web developers that wish to use federated i

CVE-2024-21644

pyLoad is the free and open-source Download Manager written in pure Python. Any unauthenticated user

CVE-2024-21647

Puma is a web server for Ruby/Rack applications built for parallelism. Prior to version 6.4.2, puma

CVE-2024-21648

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of

CVE-2024-21663

Discord-Recon is a Discord bot created to automate bug bounty recon, automated scans and information

CVE-2024-21664

jwx is a Go module implementing various JWx (JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE) technolog

CVE-2024-21669

Hyperledger Aries Cloud Agent Python (ACA-Py) is a foundation for building decentralized identity ap

CVE-2024-21735

SAP LT Replication Server - version S4CORE 103, S4CORE 104, S4CORE 105, S4CORE 106, S4CORE 107, S4CO

CVE-2024-21773

Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the produ

CVE-2024-21821

Multiple TP-LINK products allow a network-adjacent authenticated attacker with access to the product

CVE-2024-21833

Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the produ

CVE-2024-21907

Newtonsoft.Json before version 13.0.1 is affected by a mishandling of exceptional conditions vulnera

CVE-2024-21909

PeterO.Cbor versions 4.0.0 through 4.5.0 are vulnerable to a denial of service vulnerability. An at

CVE-2024-22050

Path traversal in the static file service in Iodine less than 0.7.33 allows an unauthenticated, remo

CVE-2024-22124

Under certain conditions, Internet Communication Manager (ICM) or SAP Web Dispatcher - versions KERN

CVE-2024-22125

Under certain conditions the Microsoft Edge browser extension (SAP GUI connector for Microsoft Edge)

CVE-2024-22190

GitPython is a python library used to interact with Git repositories. There is an incomplete fix for

CVE-2024-22197

Nginx-ui is online statistics for Server Indicators​​ Monitor CPU usage, memory usage, load average,

CVE-2024-22198

Nginx-UI is a web interface to manage Nginx configurations. It is vulnerable to arbitrary command ex