CVE-1999-0197
finger 0@host on some systems may print information on some user accounts.
finger 0@host on some systems may print information on some user accounts.
finger .@host on some systems may print information on some user accounts.
A network intrusion detection system (IDS) does not properly handle data within TCP handshake packet
A network intrusion detection system (IDS) does not properly reassemble fragmented packets.
In Windows NT, an inappropriate user is a member of a group, e.g. Administrator, Backup Operators, D
A system-critical Windows NT registry key has an inappropriate value.
The rexec service is running.
Buffer overflow in Netscape Enterprise Server and FastTrask Server allows remote attackers to gain p
Buffer overflow in Internet Explorer 4.0 via EMBED tag.
Red Hat Linux screen program does not use Unix98 ptys, allowing local users to write to other termin
Buffer overflow in FreeBSD setlocale in the libc module allows attackers to execute arbitrary code v
Macros in War FTP 1.70 and 1.67b2 allow local or remote attackers to read arbitrary files or execute
Buffer overflow in ICQ 99b 1.1.1.1 client allows remote attackers to execute commands via a malforme
get_it program in Corel Linux Update allows local users to gain root access by specifying an alterna
Buffer overflow in Winamp client allows remote attackers to execute commands via a long entry in a .
Red Hat userhelper program in the usermode package allows local users to gain root access via PAM an
Microsoft Commercial Internet System (MCIS) IMAP server allows remote attackers to cause a denial of
Buffer overflow in Solaris chkperm command allows local users to gain root access via a long -n opti
Cold Fusion CFCACHE tag places temporary cache files within the web document root, allowing remote a
PHP3 with safe_mode enabled does not properly filter shell metacharacters from commands that are exe
Internet Explorer 5 does not modify the security zone for a document that is being loaded into a win
The DTML implementation in the Z Object Publishing Environment (Zope) allows remote attackers to con
NtImpersonateClientOfPort local procedure call in Windows NT 4.0 allows local users to gain privileg
PowerScripts PlusMail CGI program allows remote attackers to execute commands via a password file wi
The October 1998 version of the HP-UX aserver program allows local users to gain privileges by speci
The June 1999 version of the HP-UX aserver program allows local users to gain privileges by specifyi
Hotmail does not properly filter JavaScript code from a user's mailbox, which allows a remote attack
Hotmail does not properly filter JavaScript code from a user's mailbox, which allows a remote attack
The Remote Access Service invoke.cfm template in Allaire Spectra 1.0 allows users to bypass authenti
Buffer overflow in Microsoft Phone Book Service allows local users to execute arbitrary commands, ak
Buffer overflow in AOL Instant Messenger before 4.3.2229 allows remote attackers to execute arbitrar
Buffer overflow in AOL Instant Messenger (AIM) before 4.3.2229 allows remote attackers to execute ar
modprobe in the modutils 2.3.x package on Linux systems allows a local user to execute arbitrary com
The default configuration for PostACI webmail system installs the /includes/global.inc configuration
rcvtty in BSD 3.0 and 4.0 does not properly drop privileges before executing a script, which allows
Variant of the 'IIS Cross-Site Scripting' vulnerability as originally discussed in MS:MS00-060 (CVE-
Buffer overflow in Microsoft Windows Media Player allows remote attackers to execute arbitrary comma
Buffer overflow in remote web administration component (webprox.dll) of 602Pro LAN SUITE before 2000
Buffer overflow in TransSoft Broker FTP Server before 4.3.0.1 allows remote attackers to cause a den
24Link 1.06 web server allows remote attackers to bypass access restrictions by prepending strings s
Buffer overflow in digest command in IBM AIX 4.3.x and earlier allows local users to execute arbitra
Buffer overflow in enq command in IBM AIX 4.3.x and earlier may allow local users to execute arbitra
Buffer overflow in setclock command in IBM AIX 4.3.x and earlier may allow local users to execute ar
Buffer overflow in pioout command in IBM AIX 4.3.x and earlier may allow local users to execute arbi
Buffer overflow in piobe command in IBM AIX 4.3.x allows local users to gain privileges via long env
restore 0.4b15 and earlier in Red Hat Linux 6.2 trusts the pathname specified by the RSH environment
Vulnerability in auto_parms and set_parms in HP-UX 11.00 and earlier allows remote attackers to exec
McAfee WebShield SMTP 4.5 allows remote attackers to bypass email content filtering rules by includi
Bill Kendrick web site guestbook (GBook) allows remote attackers to execute arbitrary commands via s
Multiple shell programs on various Unix systems, including (1) tcsh, (2) csh, (3) sh, and (4) bash,
Lotus Notes R5 client R5.0.5 and earlier does not properly warn users when an S/MIME email message h
The installation of Microsoft Exchange 2000 before Rev. A creates a user account with a known passwo
Buffer overflow in RegAPI.DLL used by Windows NT 4.0 Terminal Server allows remote attackers to exec
Buffer overflow in NAI Sniffer Agent allows remote attackers to execute arbitrary commands via a lon
NAI Sniffer Agent uses base64 encoding for authentication, which allows attackers to sniff the netwo
NAI Sniffer Agent allows remote attackers to gain privileges on the agent by sniffing the initial UD
The installation of AdCycle banner management system leaves the build.cgi program in a web-accessibl
WinVNC installs the WinVNC3 registry key with permissions that give Special Access (read and modify)
Twig webmail system does not properly set the 'vhosts' variable if it is not configured on the site,
ppp utility in FreeBSD 4.1.1 and earlier does not properly restrict access as specified by the 'nat
IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and pos
OpenSSH SSH client before 2.3.0 does not properly disable X11 or agent forwarding, which could allow
Buffer overflow in Netsnap webcam HTTP server before 1.2.9 allows remote attackers to execute arbitr
Buffer overflow in Gaim 0.10.3 and earlier using the OSCAR protocol allows remote attackers to condu
Multiple buffer overflows in AFS ACL parser for Ethereal 0.8.13 and earlier allows remote attackers
Buffer overflow in Koules 1.4 allows local users to execute arbitrary commands via a long command li
Directory traversal vulnerability in YaBB search.pl CGI script allows remote attackers to read arbit
Buffer overflow in socks5 server on Linux allows attackers to execute arbitrary commands via a long
Buffer overflow in phf CGI program allows remote attackers to execute arbitrary commands by specifyi
Buffer overflow in the HTML parser for Netscape 4.75 and earlier allows remote attackers to execute
Buffer overflow in pam_localuser PAM module in Red Hat Linux 7.x and 6.x allows attackers to gain pr
The line printer daemon (lpd) in the lpr package in multiple Linux operating systems allows local us
The line printer daemon (lpd) in the lpr package in multiple Linux operating systems authenticates b
WinCE 3.0.9348 generates predictable TCP Initial Sequence Numbers (ISNs), which allows remote attack
Basilix Webmail 0.9.7beta, and possibly other versions, stores *.class and *.inc files under the doc
Crystal Reports, when displaying data for a password protected database using HTML pages, embeds the
Polycom ViewStation before 7.2.4 has a default null password for the administrator account, which al
The Web server for Polycom ViewStation before 7.2.4 allows remote attackers to bypass authentication
The Telnet service for Polycom ViewStation before 7.2.4 does not restrict the number of failed login
Multiple buffer overflows in OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allow remote attackers to exec
OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allows remote or local attackers to execute arbitrary code
Integer overflow in pdftops, as used in Xpdf 2.01 and earlier, xpdf-i, and CUPS before 1.1.18, allow
Buffer overflow in (1) grpck and (2) pwck, if installed setuid on a system as recommended in some AI
Buffer overflow in passwd for HP UX B.10.20 allows local users to execute arbitrary commands with ro
Buffer overflows in (1) try_netscape_proxy and (2) try_squid_eplf for lftp 2.6.9 and earlier allow r
CVS server before 1.11.10 may allow attackers to cause the CVS server to create directories and file
Format string vulnerability in gpgkeys_hkp (experimental HKP interface) for the GnuPG (gpg) client 1
Buffer overflow in the authentication module for Cisco ACNS 4.x before 4.2.11, and 5.x before 5.0.5,
Cisco Unity on IBM servers is shipped with default settings that should have been disabled by the ma
Buffer overflow in the Microsoft Message Queue Manager (MSQM) allows remote attackers to cause a den
Unknown multiple vulnerabilities in (1) lpstat and (2) the libprint library in Solaris 2.6 through 9
xchat 2.0.6 allows remote attackers to cause a denial of service (crash) via a passive DCC request w
Cisco PIX firewall 5.x.x, and 6.3.1 and earlier, allows remote attackers to cause a denial of servic
The Q.931 dissector in Ethereal before 0.10.0, and Tethereal, allows remote attackers to cause a den
Unknown vulnerability in the bsd.a kernel networking for SGI IRIX 6.5.22 through 6.5.25, and possibl
HyperTerminal application for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does
Microsoft Word for Windows 6.0 Converter does not properly validate certain data lengths, which allo
The Local Procedure Call (LPC) interface of the Windows Kernel for Windows NT 4.0, Windows 2000, Win
LSASS (Local Security Authority Subsystem Service) of Windows 2000 Server and Windows Server 2003 do
The Indexing Service for Microsoft Windows XP and Server 2003 does not properly validate the length
The DHCP Server service for Microsoft Windows NT 4.0 Server and Terminal Server Edition does not pro
Microsoft Word for Windows 6.0 Converter (MSWRD632.WPC), as used in WordPad, does not properly valid
Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, inc
rquotad in nfs-utils (rquota_server.c) before 1.0.6-r6 on 64-bit architectures does not properly per
Buffer overflow in the C2S module in the open source Jabber 2.x server (Jabberd) allows remote attac
Buffer overflow in the process_menu function in yardradius 1.0.20 allows remote attackers to execute
Buffer overflow in mpg123 before 0.59s-r9 allows remote attackers to execute arbitrary code via fram
Buffer overflow in hpsockd before 0.6 allows remote attackers to cause a denial of service (applicat
Multiple integer overflows in xzgv 0.8 and earlier allow remote attackers to execute arbitrary code
Integer signedness error in the ssh2_rdpkt function in PuTTY before 0.56 allows remote attackers to
Stack-based buffer overflow in Cyrus IMAP Server 2.2.4 through 2.2.8, with the imapmagicplus option
The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6 and earlier allows remote auth
The argument parser of the FETCH command in Cyrus IMAP Server 2.2.x through 2.2.8 allows remote auth
Buffer overflow in proxyd for Cyrus IMAP Server 2.2.9 and earlier, with the imapmagicplus option ena
Multiple integer handling errors in PHP before 4.3.10 allow attackers to bypass safe mode restrictio
The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to cau
Multiple heap-based buffer overflows in imlib 1.9.14 and earlier, which is used by gkrellm and sever
Multiple integer overflows in the image handler for imlib 1.9.14 and earlier, which is used by gkrel
Untrusted execution path vulnerability in chcod on AIX IBM 5.1.0, 5.2.0, and 5.3.0 allows local user
Untrusted execution path vulnerability in invscout in IBM AIX 5.1.0, 5.2.0, and 5.3.0 allows local u
PHP 4.x to 4.3.9, and PHP 5.x to 5.0.2, when running in safe mode on a multithreaded Unix webserver,
The safe mode checks in PHP 4.x to 4.3.9 and PHP 5.x to 5.0.2 truncate the file path before passing
Buffer overflow in the exif_read_data function in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows r
Off-by-one error in the mysasl_canon_user function in Cyrus IMAP Server 2.2.9 and earlier leads to a
The load_elf_binary function in the binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4
The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does
The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, may
Multiple buffer overflows in the RtConfigLoad function in rt-config.c for Atari800 before 1.3.4 allo
Buffer overflow in (1) ncplogin and (2) ncpmap in nwclient.c for ncpfs 2.2.4, and possibly other ver
The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, Windows 2000 Server, and Windows Ser
Buffer overflow in InnerMedia DynaZip DUNZIP32.dll file version 5.00.03 and earlier allows remote at
Multiple integer overflows in (1) readbmp.c, (2) readgif.c, (3) readgif.c, (4) readmrf.c, (5) readpc
Archive::Zip Perl module before 1.14, when used by antivirus programs such as amavisd-new, allows re
Format string vulnerability in the cherokee_logger_ncsa_write_string function in Cherokee 0.4.17 and
MIMEDefang in MIME-tools 5.414 allows remote attackers to bypass virus scanning capabilities via an
Cisco Secure Access Control Server for Windows (ACS Windows) and Cisco Secure Access Control Server
SQL injection vulnerability in SQLgrey Postfix greylisting service before 1.2.0 allows remote attack
Buffer overflow in the handling of command line arguments in Skype 1.0.x.94 through 1.0.x.98 allows
The init scripts in Search for Extraterrestrial Intelligence (SETI) project 3.08-r3 and earlier exec
The init scripts in Great Internet Mersenne Prime Search (GIMPS) 23.9 and earlier execute user-owned
The init scripts in ChessBrain 20407 and earlier execute user-owned programs with root privileges, w
Buffer overflow in the WodFtpDLX.ocx (WeOnlyDo!) ActiveX component before 2.3.2.97, as used by Coffe
Stack-based buffer overflow in IN_CDDA.dll in Winamp 5.05, and possibly other versions including 5.0
Multiple buffer overflows in (1) http.c, (2) http-retr.c, (3) main.c and other code that handles net
Safari 1.x to 1.2.4, and possibly other versions, allows inactive windows to launch dialog boxes, wh
Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3.00, and other products that share
Buffer overflow in Open Dc Hub 0.7.14 allows remote attackers, with administrator privileges, to exe
Buffer overflow in CMailCOM.dll in CMailServer 5.2 allows remote attackers to execute arbitrary code
SQL injection vulnerability in (1) fdelmail.asp, (2) addressc.asp, and possibly (3) postmail.asp and
Buffer overflow in the Microsoft W3Who ISAPI (w3who.dll) allows remote attackers to cause a denial o
Multiple vulnerabilities in the IGMP functionality for Linux kernel 2.4.22 to 2.4.28, and 2.6.x to 2
VIM before 6.3 and gVim before 6.3 allow local users to execute arbitrary commands via a file contai
phpMyAdmin 2.6.0-pl2, and other versions before 2.6.1, with external transformations enabled, allows
Computer Associates eTrust EZ Antivirus 7.0.0 to 7.0.4, including 7.0.1.4, installs its files with i
Multiple buffer overflows in the (1) sys32_ni_syscall and (2) sys32_vm86_warning functions in sys_ia
Buffer overflow in the mailListIsPdf function in Adobe Acrobat Reader 5.09 for Unix allows remote at
Format string vulnerability in Adobe Acrobat Reader 6.0.0 through 6.0.2 allows remote attackers to c
Integer overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x through 3.0.9 allows remote authe
Opera 7.x up to 7.54, and possibly other versions, allows remote attackers to spoof arbitrary web si
Konqueror 3.x up to 3.2.2-6, and possibly other versions, allows remote attackers to spoof arbitrary
Netscape 7.x to 7.2, and possibly other versions, allows remote attackers to spoof arbitrary web sit
rssh 2.2.2 and earlier does not properly restrict programs that can be run, which could allow remote
The unison command in scponly before 4.0 does not properly restrict programs that can be run, which
Konqueror 3.3.1 allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that con
Stack-based buffer overflow in the WebDav handler in MaxDB WebTools 7.5.00.18 and earlier allows rem
a2ps 4.13 allows remote attackers to execute arbitrary commands via shell metacharacters in the file
Stack-based buffer overflow in the Agent Browser in Veritas Backup Exec 8.x before 8.60.3878 Hotfix
Heap-based buffer overflow in the pnm_get_chunk function for xine 0.99.2, and other packages such as
The pnm_get_chunk function in xine 0.99.2 and earlier, and other packages such as MPlayer that use t
Format string vulnerability in the lprintf function in Citadel/UX 6.27 and earlier allows remote att
Buffer overflow in Orbz 2.10 and earlier allows remote attackers to cause a denial of service (appli
Multiple buffer overflows in the IMAP service in Mercury/32 4.01a allow remote authenticated users t
Format string vulnerability in Kreed 1.05 and earlier allows remote attackers to execute arbitrary c
weblibs.pl in WebLibs 1.0 allows remote attackers to execute arbitrary commands via shell metacharac
SQL injection vulnerability in SugarCRM Sugar Sales before 2.0.1a allows remote attackers to execute
Directory traversal vulnerability in SugarCRM Sugar Sales 2.0.1c and earlier allows remote attackers
Cross-site scripting vulnerability in the parser for Gadu-Gadu allows remote attackers to inject arb
Stack-based buffer overflow in the code that sends images in Gadu-Gadu allows remote attackers to ex
WinRAR 3.40, and possibly earlier versions, allows remote attackers to execute arbitrary code via a
Buffer overflow in the expandtabs function in 2fax 3.04 allows remote attackers to execute arbitrary
Multiple buffer overflows in the (1) event_text and (2) event_specific functions in abc2midi 2004.12
Buffer overflow in the process_abc function in abc.c for abc2mtex 1.6.1 allows remote attackers to e
Buffer overflow in the put_words function in subs.c for abcm2ps 3.7.20 allows remote attackers to ex
Multiple buffer overflows in the handle_directive function in abcpp.c for abcpp 1.3.0 allow remote a
Multiple buffer overflows in the (1) write_heading function in subs.cpp or (2) trim_title function i
Multiple buffer overflows in the preparse function in asp2php 0.76.23 allow remote attackers to exec
Buffer overflow in the bsb_open_header function in libbsb for bsb2ppm 0.0.6 allows remote attackers
changepassword.cgi in ChangePassword 0.8, when installed setuid, allows local users to execute arbit
Buffer overflow in the simplify_path function in config.c for ChBg 1.5 allows remote attackers to ex
Buffer overflow in the readObjectChunk function in 3dsimp.cpp for the convex-tool program in Convex
Buffer overflow in the get_field_headers function in csv2xml.cpp for csv2xml 0.5.1 allows remote att
Buffer overflow in the dxfin function in d.c for dxfscope 0.2 allows remote attackers to execute arb
Buffer overflow in the save_embedded_address function in filter.c for elm/bolthole filter 2.6.1 allo
Buffer overflow in the DownloadLoop function in main.c for greed 0.81p allows remote attackers to ex
The DownloadLoop function in main.c for greed 0.81p allows remote attackers to execute arbitrary cod
Buffer overflow in the remove_quote function in convert.c for html2hdml 1.0.3 allows remote attacker
Buffer overflow in the switch_voice function in parse.c for jcabc2ps 20040902 allows remote attacker
Buffer overflow in the get_file_list_stdin function in jpegtoavi 1.5 allows remote attackers to exec
The gui_popup_view_fly function in gui_tview_popup.c for junkie 0.3.1 allows remote malicious FTP se
Buffer overflow in the strexpand function in string.c for LinPopUp 1.2.0 allows remote attackers to
Buffer overflow in the Mesh::type method in mesh.c for the mview program in Mesh Viewer 0.2.2 allows
Buffer overflow in the find_next_file function in playlist.c for mpg123 0.59r allows remote attacker
Buffer overflow in the get_header function in asf_mmst_streaming.c for MPlayer 1.0pre5 allows remote
Buffer overflow in the auto_filter_extern function in auto.c for NapShare 1.2, with the extern filte
Buffer overflow in the error function in preproc.c for NASM 0.98.38 1.2 allows attackers to execute
Buffer overflow in the parse_html function in o3read.c for o3read 0.0.3 allows remote attackers to e
Multiple buffer overflows in (1) the getline function in pcalutil.c and (2) the get_holiday function
Buffer overflow in the process_moves function in pgn2web.c for pgn2web 0.3 allows remote attackers t
Buffer overflow in qwik-smtpd allows remote attackers to use the server as an SMTP spam relay via a
Buffer overflow in the parse_emelody function in parse_emelody.c for ringtonetools 2.22 allows remot
Buffer overflow in the ReadFontTbl function in reader.c for rtf2latex2e 1.0fc2 allows remote attacke
Buffer overflow in the process_font_table function in convert.c for unrtf 0.19.3 allows remote attac
Buffer overflow in the parse function in vb2c.c for vb2c 0.02 allows remote attackers to execute arb
Buffer overflow in the get_attr function in html.c for vilistextum 2.6.6 allows remote attackers to
Buffer overflow in the open_aiff_file function in demux_aiff.c for xine-lib (libxine) 1-rc7 allows r
Buffer overflow in the book_format_sql function in format.c for xlreader 0.9.0 allows remote attacke
The id3tag_sort function in id3tag.c for YAMT 0.5 allows remote attackers to execute arbitrary comma
Buffer overflow in the get function in get.c for Yanf 0.4 allows remote malicious web servers to exe
Stack-based buffer overflow in the ELF header parsing code in file before 4.12 allows attackers to e
Integer overflow in (1) tif_dirread.c and (2) tif_fax3.c for libtiff 3.5.7 and 3.7.0 allows remote a
Heap-based buffer overflow in the demux_open_bmp function in demux_bmp.c for Unix MPlayer 1.0pre5 al
Stack-based buffer overflow in the asf_mmst_streaming.c functionality for MPlayer 1.0pre5 allows rem
Integer overflow in the real_setup_and_get_header function in real.c for Unix MPlayer 1.0pre5 allows
A bug in the HTML parser in a certain Microsoft HTML library, as used in various third party product
The Smc.exe process in My Firewall Plus 5.0 build 1117, and possibly other versions, does not drop p
Safari 1.x allows remote attackers to spoof arbitrary web sites by injecting content from one window
Buffer overflow in the web server of Webcam Watchdog 3.63 allows remote attackers to execute arbitra
SQL injection vulnerability in calendar.php for Invision Power Board 1.3 allows remote attackers to
Direct code injection vulnerability in FlatNuke 2.5.1 allows remote attackers to execute arbitrary P
Multiple SQL injection vulnerabilities in ReviewPost PHP Pro before 2.84 allow remote attackers to e
Format string vulnerability in Soldner Secret Wars 30830 and earlier allows remote attackers to caus
SQL injection vulnerability in addentry.php in Woltlab Burning Book 1.0 Gold, 1.1.1e, and possibly o
PHP remote file inclusion vulnerability in SGallery 1.01 allows local and possibly remote attackers
Unspecified vulnerability in Microsoft Outlook 2000 through 2003, Exchange 5.0 Server SP2 and 5.5 SP
Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server
An unspecified Microsoft WMF parsing application, as used in Internet Explorer 5.01 SP4 on Windows 2
PHP remote file include vulnerability in includes/orderSuccess.inc.php in CubeCart allows remote att
SQL injection vulnerability in (1) functions.php, (2) functions_update.php, and (3) functions_displa
SQL injection vulnerability in index.php in PHPjournaler 1.0 allows remote attackers to execute arbi
SQL injection vulnerability in login.php in VEGO Links Builder 2.00 and earlier allows remote attack
SQL injection vulnerability in Primo Cart 1.0 and earlier allows remote attackers to execute arbitra
Buffer overflow in termsh on SCO OpenServer 5.0.7 allows remote attackers to execute arbitrary code
SQL injection vulnerability in profile.php in PHPenpals allows remote attackers to execute arbitrary
Direct static code injection vulnerability in phpBook 1.3.2 and earlier allows remote attackers to e
PHP remote file include vulnerability in forum.php in oaBoard 1.0 allows remote attackers to execute
SQL injection vulnerability in auth.php in ScozNet ScozBook BETA 1.1 allows remote attackers to exec
ialmnt5.sys in the ialmrnt5 display driver in Intel Graphics Accelerator Driver 6.14.10.4308 allows
SQL injection vulnerability in Nkads 1.0 alfa 3 allows remote attackers to execute arbitrary SQL com
SQL injection vulnerability in (1) pages.php and (2) detail.php in Lizard Cart CMS 1.04 allows remot
SQL injection vulnerability in intouch.lib.php in inTouch 0.5.1 Alpha allows remote attackers to exe
PHP remote file include vulnerability in forum.php in oaBoard 1.0 allows remote attackers to execute
wan/sdla.c in Linux kernel 2.6.x before 2.6.11 and 2.4.x before 2.4.29 does not require the CAP_SYS_
Stack-based buffer overflow in the create_named_pipe function in libmysql.c in PHP 4.3.10 and 4.4.x
PHP remote file include vulnerability in (1) include/templates/categories/default.php and (2) certai
gdi/driver.c and gdi/printdrv.c in Wine 20050930, and other versions, implement the SETABORTPROC GDI
SQL injection vulnerability in Timecan CMS allows remote attackers to execute arbitrary SQL commands
SQL injection vulnerability in mcl_login.asp in Timecan CMS allows remote attackers to execute arbit
Multiple SQL injection vulnerabilities in OnePlug Solutions OnePlug CMS allow remote attackers to ex
Multiple unspecified vulnerabilities in IBM Lotus Notes and Domino Server before 6.5.5 have unknown
Multiple memory leaks in IBM Lotus Notes and Domino Server before 6.5.5 allow attackers to cause a d
Multiple SQL injection vulnerabilities in ADN Forum 1.0b allow remote attackers to execute arbitrary
Buffer overflow in the IMAP service of Rockliffe MailSite before 6.1.22.1 allows remote attackers to
Mail Management Agent (MAILMA) (aka Mail Management Server) in Rockliffe MailSite 7.0.3.1 and earlie
SQL injection vulnerability in login.php in TheWebForum (twf) 1.2.1 allows remote attackers to execu
SQL injection vulnerability in linkcategory.php in Phanatic Softwares Chimera Web Portal System 0.2
Microsoft Windows Graphics Rendering Engine (GRE) allows remote attackers to corrupt memory and caus
The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote at
The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1)
Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70,
Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.
sudo 1.6.8 and other versions does not clear the PYTHONINSPECT environment variable, which allows li
427BB 2.2 and 2.2.1 verifies authentication credentials based on the username, authenticated, and us
SQL injection vulnerability in showthread.php in 427BB 2.2 and 2.2.1 allows remote attackers to exec
SQL injection vulnerability in index.php in CyberDoc SiteSuite CMS allows remote attackers to execut
SQL injection vulnerability in escribir.php in Foro Domus 2.10 allows remote attackers to execute ar
SQL injection vulnerability in add_post.php3 in Venom Board 1.22 allows remote attackers to execute
Heap-based buffer overflow in libclamav/upx.c in Clam Antivirus (ClamAV) before 0.88 allows remote a
SQL injection vulnerability in the search module (modules/Search/index.php) of PHPNuke EV 7.7 -R1 al
phgstats.inc.php in phgstats before 0.5.1, if register_globals is enabled, allows remote attackers t
Symantec Norton SystemWorks and SystemWorks Premier 2005 and 2006 stores temporary copies of files i
SQL injection vulnerability in MyPhPim 01.05 allows remote attackers to execute arbitrary SQL comman
addresses.php3 in MyPhPim 01.05 does not restrict uploaded files, which allows remote attackers to e
PHP remote file include vulnerability in index.php in OrjinWeb E-commerce allows remote attackers to
Buffer overflow in certain functions in src/fileio.c and src/unix/fileio.c in xmame before 11 Januar
Multiple buffer overflows in Cray UNICOS 9.0.2.2 might allow local users to gain privileges by (1) i
Format string vulnerability in /bin/ftp in UNICOS 9.0.2.2 allows local users to have an unknown impa
Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.1.3 has an undocumented a
login.php in ACal Calendar Project 2.2.5 allows remote attackers to bypass authentication by setting
Multiple SQL injection vulnerabilities in AspTopSites allow remote attackers to execute arbitrary SQ
Unspecified vulnerability in the Admin login for Georgian discussion board (GeoBB) before 1.0 has un
SQL injection vulnerability in Deadlock User Management System (phpdeadlock) 0.64 and earlier allows
SQL injection vulnerability in newsletters/edition.php in bitweaver 1.3.1 and earlier allows remote
Buffer overflow in eXtremail 2.1 has unknown impact and attack vectors, as demonstrated by VulnDisco
Multiple SQL injection vulnerabilities in Rialto 1.6 allow remote attackers to execute arbitrary SQL
SQL injection vulnerability in viewad.asp in Rapid Classified 3.1 allows remote attackers to execute
The default configuration of xterm on Debian GNU/Linux sid and possibly Ubuntu enables the allowWind
Stack-based buffer overflow in MoviePlay 4.76 allows remote attackers to execute arbitrary code via
Integer overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet
Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows remote attackers
Microsoft Excel 2000, 2002, 2003, Viewer 2003, Office 2004 for Mac, and Office v.X for Mac does not
Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted rem
Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted rem
Heap-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X fo
Microsoft Outlook 2002 and 2003 allows user-assisted remote attackers to execute arbitrary code via
Buffer overflow in the Advanced Search (Finder.exe) feature of Microsoft Outlook 2000, 2002, and 200
Double free vulnerability in the Adobe Acrobat Reader Plugin before 8.0.0, as used in Mozilla Firefo
Geckovich TaskTracker Pro 1.5 and earlier allows remote attackers to add administrative or other acc
PHP remote file inclusion vulnerability in index.php in OpenPinboard 2.0 allows remote attackers to
SQL injection vulnerability in haberdetay.asp in Vizayn Haber allows remote attackers to execute arb
SQL injection vulnerability in detail.asp in ASP SiteWare autoDealer 2.0 and earlier allows remote a
Cisco Clean Access (CCA) 3.6.x through 3.6.4.2 and 4.0.x through 4.0.3.2 does not properly configure
Cisco Clean Access (CCA) 3.5.x through 3.5.9 and 3.6.x through 3.6.1.1 on the Clean Access Manager (
The kernel in Microsoft Windows 2000 SP4, XP SP2, and Server 2003, when ICMP Router Discovery Protoc
Unspecified vulnerability in the kernel in Microsoft Windows XP SP2, Server 2003, and Vista allows r
AspBB stores sensitive information under the web root with insufficient access control, which allows
Openforum stores sensitive information under the web root with insufficient access control, which al
rblog stores sensitive information under the web root with insufficient access control, which allows
The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remo
Microsoft Internet Information Services (IIS), when accessed through a TCP connection with a large w
jgbbs stores sensitive information under the web root with insufficient access control, which allows
WineGlass stores sensitive information under the web root with insufficient access control, which al
newsCMSlite stores sensitive information under the web root with insufficient access control, which
SQL injection vulnerability in productdetail.asp in E-SMARTCART 1.0 allows remote attackers to execu
SQL injection vulnerability in page.php in Simple Web Content Management System allows remote attack
Sven Moderow GuestBook 0.3a stores sensitive information under the web root with insufficient access
CarbonCommunities stores sensitive information under the web root with insufficient access control,
Multiple stack-based buffer overflows in the (1) LoadTree and (2) ReadHeader functions in PAISO.DLL
Race condition in the msxml3 module in Microsoft XML Core Services 3.0, as used in Internet Explorer
The Perforce client does not restrict the set of files that it overwrites upon receiving a request f
Stack-based buffer overflow in the CSAdmin service in Cisco Secure Access Control Server (ACS) for W
SQL injection vulnerability in cats.asp in createauction allows remote attackers to execute arbitrar
Digger Solutions Intranet Open Source (IOS) stores sensitive information under the web root with ins
DiskManagementTool in the DiskManagement.framework 92.29 on Mac OS X 10.4.8 does not properly valida
Heap-based buffer overflow in Opera 9.02 allows remote attackers to execute arbitrary code via a JPE
The Javascript SVG support in Opera before 9.10 does not properly validate object types in a createS
SQL injection vulnerability in info_book.asp in Digirez 3.4 and earlier allows remote attackers to e
SQL injection vulnerability in main.asp in LocazoList 2.01a beta5 and earlier allows remote attacker
SQL injection vulnerability in user.php in iGeneric iG Calendar 1.0 allows remote attackers to execu
JAMWiki before 0.5.0 does not properly check permissions during moves of 'read-only or admin-only to
SQL injection vulnerability in compare_product.php in iGeneric iG Shop 1.4 allows remote attackers t
Multiple SQL injection vulnerabilities in display_review.php in iGeneric iG Shop 1.4 and earlier all
Multiple eval injection vulnerabilities in iGeneric iG Shop 1.0 allow remote attackers to execute ar
Unspecified vulnerability in the DECnet-Plus 7.3-2 feature in DECnet/OSI 7.3-2 for OpenVMS ALPHA, an
SQL injection vulnerability in down.asp in Kolayindir Download (Yenionline) allows remote attackers
SQL injection vulnerability in orange.asp in ShopStoreNow E-commerce Shopping Cart allows remote att
PHP remote file inclusion vulnerability in bn_smrep1.php in BinGoPHP News (BP News) 3.01 allows remo
EMembersPro 1.0 stores sensitive information under the web root with insufficient access control, wh
Multiple PHP remote file inclusion vulnerabilities in index.php in Dayfox Blog allow remote attacker
MitiSoft stores sensitive information under the web root with insufficient access control, which all
OhhASP stores sensitive information under the web root with insufficient access control, which allow
AJLogin 3.5 stores sensitive information under the web root with insufficient access control, which
Webulas stores sensitive information under the web root with insufficient access control, which allo
HarikaOnline 2.0 stores sensitive information under the web root with insufficient access control, w
M-Core stores the database under the web document root, which allows remote attackers to obtain sens
Array index error in the uri_lookup function in the URI parser for neon 0.26.0 to 0.26.2, possibly o
Stack-based buffer overflow in the LiveJournal support (hooks/ljhook.cc) in CenterICQ 4.9.11 through
SecureKit Steganography 1.7.1 and 1.8 embeds password information in the carrier file, which allows
Camouflage 1.2.1 embeds password information in the carrier file, which allows remote attackers to b
Unspecified vulnerability in libnsl in Sun Solaris 8 and 9 allows remote attackers to cause a denial
Multiple PHP file inclusion vulnerabilities in WGS-PPC (aka PPC Search Engine), as distributed with
The Tape Engine service in Computer Associates (CA) BrightStor ARCserve Backup 9.01 through 11.5, En
Multiple buffer overflows in Computer Associates (CA) BrightStor ARCserve Backup 9.01 through 11.5,
PHP remote file inclusion vulnerability in index.php in AllMyVisitors 0.4.0 allows remote attackers
PHP remote file inclusion vulnerability in index.php in AllMyLinks 0.5.0 and earlier allows remote a
Multiple PHP remote file inclusion vulnerabilities in AllMyGuests 0.3.0 and earlier allow remote att
Multiple stack-based multiple buffer overflows in the BRWOSSRE2UC.dll ActiveX Control in Sina UC2006
PHP remote file inclusion vulnerability in info.php in Easy Banner Pro 2.8 allows remote attackers t
SQL injection vulnerability in comment.php in PHPKIT 1.6.1 R2 allows remote attackers to execute arb
Stack-based buffer overflow in EF Commander 5.75 allows user-assisted attackers to execute arbitrary
PHP remote file inclusion vulnerability in include/common_function.php in magic photo storage websit
Multiple PHP remote file inclusion vulnerabilities in magic photo storage website allow remote attac
Getahead Direct Web Remoting (DWR) before 1.1.4 allows attackers to obtain unauthorized access to pu
F5 FirePass 5.4 through 5.5.2 and 6.0 allows remote attackers to access restricted URLs via (1) a tr
PHP remote file inclusion vulnerability in index.php in GeoBB Georgian Bulletin Board allows remote
PHP remote file inclusion vulnerability in edit_address.php in edit-x ecommerce allows remote attack
Cross-site request forgery (CSRF) vulnerability in the save_main operation in the ad_perms section i
FON La Fonera routers do not properly limit DNS service access by unauthenticated clients, which all
admin.php in MKPortal M1.1 RC1 allows remote attackers to obtain sensitive information via a direct
SQL injection vulnerability in admin_check_user.asp in Motionborg Web Real Estate 2.1 and earlier al
PHP remote file inclusion vulnerability in template.php in Geoffrey Golliher Axiom Photo/News Galler
Buffer overflow in the cmd_usr function in ftp-gw in TIS Internet Firewall Toolkit (FWTK) allows rem
SQL injection vulnerability in index.php in @lex Guestbook 4.0.2 and earlier, when magic_quotes_gpc
Multiple unspecified vulnerabilities in phpMyAdmin before 2.9.2-rc1 have unknown impact and attack v
Directory traversal vulnerability in admin/skins.php for @lex Guestbook 4.0.2 and earlier allows rem
SQL injection vulnerability in shared/code/cp_functions_downloads.php in Nicola Asuni All In One Con
SQL injection vulnerability in shopgiftregsearch.asp in VP-ASP Shopping Cart 6.09 and earlier allows
SQL injection vulnerability in wbsearch.aspx in uniForum 4 and earlier allows remote attackers to ex
Integer overflow in the ffs_mountfs function in Mac OS X 10.4.8 and FreeBSD 6.1 allows local users t
PHP remote file inclusion vulnerability in install.php in CS-Cart 1.3.3 allows remote attackers to e
PHP remote file inclusion vulnerability in routines/fieldValidation.php in Jshop Server 1.3 allows r
wp-trackback.php in WordPress 2.0.6 and earlier does not properly unset variables when the input dat
A vulnerability classified as problematic has been found in web-cyradm. This affects an unknown part
Unspecified vulnerability in Local Security Authority Subsystem Service (LSASS) in Microsoft Windows
Buffer overflow in OpenPegasus Management server, when compiled to use PAM and with PEGASUS_USE_PAM_
ssh-signer in SSH Tectia Client and Server 5.x before 5.2.4, and 5.3.x before 5.3.6, on Unix and Lin
STEngine.exe 3.5.0.20 in Novell ZENworks Endpoint Security Management (ESM) 3.5, and other ESM versi
The NantSys device 5.0.0.115 in Motorola netOctopus 5.1.2 build 1011 has weak permissions for the \\
NICM.SYS driver 3.0.0.4, as used in Novell NetWare Client 4.91 SP4, allows local users to execute ar
Stack-based buffer overflow in AOL AOLMediaPlaybackControl (AOLMediaPlaybackControl.exe), as used by
Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when
Double free vulnerability in the Widget Library (libxfcegui4) in Xfce before 4.4.2 might allow remot
The DBLink module in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7
unp 1.0.12, and other versions before 1.0.14, does not properly escape file names, which might allow
The Setup Wizard in Atlassian JIRA Enterprise Edition before 3.12.1 does not properly restrict setup
SQL injection vulnerability in security.php in ZeusCMS 0.3 and earlier allows remote attackers to ex
Multiple buffer overflows in the RTSP_valid_response_msg function in RTSP_state_machine.c in LScube
Integer overflow in the RTSP_remove_msg function in RTSP_lowlevel.c in LScube Feng 0.1.15 and earlie
Multiple buffer overflows in LScube libnemesi 0.6.4-rc1 and earlier allow remote attackers to execut
March Networks DVR 3204 stores sensitive information under the web root with insufficient access con
SQL injection vulnerability in index.php in IPTBB 0.5.4 and earlier allows remote attackers to execu
Unspecified vulnerability in Joomla! before 1.5 RC4 allows remote authenticated users to gain privil
SQL injection vulnerability in index.php in w-Agora 4.2.1 and earlier allows remote attackers to exe
PHP remote file inclusion vulnerability in includes/tumbnail.php in MatPo Bilder Galerie 1.1 allows
Unrestricted file upload vulnerability in fisheye/upload.php in Bitweaver R2 CMS allows remote attac
cpie.php in XCMS 1.83 and earlier sends a redirect to the web browser but does not exit, which allow
Buffer overflow in a certain ActiveX control in Macrovision InstallShield Update Service Web Agent 5
PHP remote file inclusion vulnerability in includes/function.php in Kontakt Formular 1.4 allows remo
SQL injection vulnerability in content_css.php in the TinyMCE module for CMS Made Simple 1.2.2 and e
PHP remote file inclusion vulnerability in source/includes/load_forum.php in Mihalism Multi Forum Ho
SQL injection vulnerability in admin.php/vars.php in CustomCMS (CCMS) 3.1 Demo allows remote attacke
SQL injection vulnerability in (1) Puarcade.php and (2) PUarcade.html.php in Pragmatic Utopia PU Arc
SQL injection vulnerability in index.php in WebPortal CMS 0.6.0 and earlier allows remote attackers
SQL injection vulnerability in admin/login.asp in Netchemia oneSCHOOL allows remote attackers to exe
SQL injection vulnerability in rss.php in Zenphoto 1.1 through 1.1.3 allows remote attackers to exec
admin/uploadgames.php in MySpace Content Zone (MCZ) 3.x does not require administrative privileges,
SQL injection vulnerability in search.php in PHCDownload 1.1.0 allows remote attackers to execute ar
SQL injection vulnerability in login_form.asp in Instant Softwares Dating Site allows remote attacke
Unspecified vulnerability in the Administrative Console in IBM WebSphere Application Server 6.1 befo
Stack-based buffer overflow in the PAMBasicAuthenticator::PAMCallback function in OpenPegasus CIM ma
Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7
SQL injection vulnerability in uprofile.php in ClipShare allows remote attackers to execute arbitrar
Multiple buffer overflows in Georgia SoftWorks SSH2 Server (GSW_SSHD) 7.01.0003 and earlier allow re
Format string vulnerability in the log function in Georgia SoftWorks SSH2 Server (GSW_SSHD) 7.01.000
Buffer overflow in RealPlayer 11 build 6.0.14.748 allows remote attackers to execute arbitrary code
Stack-based buffer overflow in the Scene::errorf function in Scene.cpp in White_Dune 0.29 beta791 an
Format string vulnerability in the swDebugf function in DuneApp.cpp in White_Dune 0.29 beta791 and e
The administration interface in McAfee E-Business Server 8.5.2 and earlier allows remote attackers t
SQL injection vulnerability in login_form.asp in Instant Softwares Dating Site allows remote attacke
Multiple SQL injection vulnerabilities in Tribisur 2.1 and earlier allow remote attackers to execute
PHP remote file inclusion vulnerability in config.inc.php in SNETWORKS PHP CLASSIFIEDS 5.0 allows re
actions.php in WebPortal CMS 0.6-beta generates predictable passwords containing only the time of da
PHP remote file inclusion vulnerability in common/db.php in samPHPweb, possibly 4.2.2 and others, as
PHP remote file inclusion vulnerability in index.php in NetRisk 1.9.7 and earlier allows remote atta
Unspecified vulnerability in glob in PHP before 4.4.8, when open_basedir is enabled, has unknown imp
TUTOS 1.3 does not restrict access to php/admin/cmd.php, which allows remote attackers to execute ar
Heap-based buffer overflow in Foxit WAC Server 2.1.0.910, 2.0 Build 3503, and earlier allows remote
SQL injection vulnerability in index.php in EvilBoard 0.1a (Alpha) allows remote attackers to execut
SQL injection vulnerability in FlexBB 0.6.3 and earlier allows remote attackers to execute arbitrary
SQL injection vulnerability in index.php in NetRisk 1.9.7 and possibly earlier versions allows remot
SQL injection vulnerability in songinfo.php in SAM Broadcaster samPHPweb, possibly 4.2.2 and earlier
Directory traversal vulnerability in wp-db-backup.php in WordPress 2.0.3 and earlier allows remote a
SQL injection vulnerability in soporte_horizontal_w.php in PHP Webquest 2.6 allows remote attackers
Multiple stack-based buffer overflows in the WebLaunch.WeblaunchCtl.1 (aka CWebLaunchCtl) ActiveX co
Directory traversal vulnerability in the WebLaunch.WeblaunchCtl.1 (aka CWebLaunchCtl) ActiveX contro
Unrestricted file upload vulnerability in ajaxfilemanager.php in the Wp-FileManager 1.2 plugin for W
Buffer overflow in JustSystems JSFC.DLL, as used in multiple JustSystems products such as Ichitaro,
SQL injection vulnerability in index.php in the Newbb_plus 0.92 and earlier module in RunCMS 1.6.1 a
Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products,
yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allows remote attackers to ca
Cross-site request forgery (CSRF) vulnerability in apply.cgi in the Linksys WRT54GL Wireless-G Broad
The telnet service in LevelOne WBR-3460 4-Port ADSL 2/2+ Wireless Modem Router with firmware 1.00.11
PHP remote file inclusion vulnerability in php121db.php in osDate 2.0.8 and possibly earlier version
Multiple directory traversal vulnerabilities in index.php in Tuned Studios (1) Subwoofer, (2) Freeze
Multiple SQL injection vulnerabilities in Zero CMS 1.0 Alpha allow remote attackers to execute arbit
Unrestricted file upload vulnerability in Zero CMS 1.0 Alpha and earlier allows remote attackers to
Buffer overflow in Apple Quicktime Player 7.3.1.70 and other versions before 7.4.1, when RTSP tunnel
The Microsoft VFP_OLE_Server ActiveX control allows remote attackers to execute arbitrary code by in
Multiple heap-based buffer overflows in the rmff_dump_cont function in input/libreal/rmff.c in xine-
Unspecified vulnerability in libdevinfo in Sun Solaris 10 allows local users to access files and gai
Unspecified vulnerability in Lotus Domino 7.0.2 before Fix Pack 3 allows attackers to cause a denial
SAP MaxDB 7.6.03 build 007 and earlier allows remote attackers to execute arbitrary commands via '&&
admin.php in UploadImage 1.0 does not check for the original password before making a change to a ne
admin.php in UploadScript 1.0 does not check for the original password before making a change to a n
Heap-based buffer overflow in the Express Backup Server service (dsmsvc.exe) in IBM Tivoli Storage M
Buffer overflow in an ActiveX control in ccpm_0237.dll for StreamAudio ChainCast ProxyManager allows
Buffer overflow in Microsoft Visual InterDev 6.0 (SP6) allows user-assisted attackers to execute arb
Unrestricted file upload vulnerability in PhotoPost vBGallery before 2.4.2 allows remote attackers t
Directory traversal vulnerability in the _get_file_path function in (1) lib/sessions.py in CherryPy
SQL injection vulnerability in the create function in common/include/GroupJoinRequest.class in GForg
CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands v
Multiple heap-based buffer overflows in the AddTab method in the (1) Tab and (2) CTab ActiveX contro
WBPublish (aka WBPublish.exe) in Fujitsu-Siemens WebTransactions 7.0, 7.1, and possibly other versio
SQL injection vulnerability in the PaxGallery (com_paxgallery) component 0.1 for Joomla! allows remo
Multiple unspecified vulnerabilities in SPIP 1.8 before 1.8.3b, 1.9 before 1.9.2g, and 2.0 before 2.
SQL injection vulnerability in inc/rubriques.php in SPIP 1.8 before 1.8.3b, 1.9 before 1.9.2g, and 2
SQL injection vulnerability in Acomment.php in phpAlumni allows remote attackers to execute arbitrar
SQL injection vulnerability in repository.php in ILIAS 3.7.4 and earlier allows remote attackers to
SQL injection vulnerability in eDNews_view.php in eDreamers eDNews 2 allows remote attackers to exec
The Nokia 6131 Near Field Communication (NFC) phone with 05.12 firmware allows remote attackers to c
The Nokia 6131 Near Field Communication (NFC) phone with 05.12 firmware automatically installs softw
SQL injection vulnerability in search_results.php in E-Php Scripts E-Shop (aka E-Php Shopping Cart)
Buffer overflow in Foxmail 6.5 allows remote attackers to execute arbitrary code via a long mailto U
PHP iCalendar 2.24 and earlier allows remote attackers to bypass authentication by setting the phpic
Multiple SQL injection vulnerabilities in iGaming 1.5 and earlier allow remote attackers to execute
PHP 5.2.7 contains an incorrect change to the FILTER_UNSAFE_RAW functionality, and unintentionally d
The Advantech ADAM-6000 module has 00000000 as its default password, which makes it easier for remot
SQL injection vulnerability in index.php in My PHP Baseball Stats (MyPBS) allows remote attackers to
SQL injection vulnerability in locator.php in the Userlocator module 3.0 for Woltlab Burning Board (
SQL injection vulnerability in the Top Hotel (com_tophotelmodule) component 1.0 in the Hotel Booking
SQL injection vulnerability in the com_hbssearch component 1.0 in the Hotel Booking Reservation Syst
The Proxim Wireless Tsunami MP.11 2411 with firmware 3.0.3 has public as its default SNMP read/write
Stack-based buffer overflow in IntelliTamper 2.07 and 2.08 allows user-assisted attackers to execute
Multiple unspecified vulnerabilities in the UNIStim File Transfer Protocol (UFTP) processing in IP C
Yerba SACphp 6.3 and earlier allows remote attackers to bypass authentication and gain administrativ
Multiple SQL injection vulnerabilities in the Hotel Booking Reservation System (aka HBS) for Joomla!
SQL injection vulnerability in the com_lowcosthotels component in the Hotel Booking Reservation Syst
Buffer overflow in Irrlicht before 1.5 allows remote attackers to cause a denial of service (crash)
admin/auth.php in Gobbl CMS 1.0 allows remote attackers to bypass authentication and gain administra
Multiple directory traversal vulnerabilities in playSMS 0.9.3 allow remote attackers to include and
SQL injection vulnerability in login.asp in Citrix Application Gateway - Broadcast Server (BCS) befo
Absolute path traversal vulnerability in front-end/dir.php in mini-pub 0.3 and earlier allows remote
Multiple SQL injection vulnerabilities in Click&Rank allow remote attackers to execute arbitrary SQL
SQL injection vulnerability in feeds.php in Injader before 2.1.2 allows remote attackers to execute
Multiple SQL injection vulnerabilities in ClickAndEmail allow remote attackers to execute arbitrary
SQL injection vulnerability in connection.php in Mediatheka 4.2 and earlier allows remote attackers
CodeAvalanche RateMySite stores sensitive information under the web root with insufficient access co
CodeAvalanche FreeWallpaper stores sensitive information under the web root with insufficient access
CodeAvalanche Directory stores sensitive information under the web root with insufficient access con
CodeAvalanche FreeForAll stores sensitive information under the web root with insufficient access co
CodeAvalanche Articles stores sensitive information under the web root with insufficient access cont
iyzi Forum 1.0 beta 3 stores sensitive information under the web root with insufficient access contr
The smmsnmpd service in CA Service Metric Analysis r11.0 through r11.1 SP1 and Service Level Managem
Buffer overflow in net/sctp/sm_statefuns.c in the Stream Control Transmission Protocol (sctp) implem
Multiple unspecified vulnerabilities in Intel system software for Trusted Execution Technology (TXT)
Integer signedness error in Apple Safari allows remote attackers to read the contents of arbitrary m
Multiple PHP remote file inclusion vulnerabilities in playSMS 0.9.3 allow remote attackers to execut
SQL injection vulnerability in index.php in EZpack 4.2b2 allows remote attackers to execute arbitrar
SQL injection vulnerability in profile.php in PHPAuctions (aka PHPAuctionSystem) allows remote attac
PHPAuctions (aka PHPAuctionSystem) allows remote attackers to bypass authentication and gain adminis
SQL injection vulnerability in index.php in RiotPix 0.61 and earlier allows remote attackers to exec
SQL injection vulnerability in read.php in RiotPix 0.61 and earlier allows remote attackers to execu
SQL injection vulnerability in frontpage.php in Goople CMS 1.8.2 and earlier allows remote attackers
Unspecified vulnerability in the Oracle OLAP component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0
Buffer overflow in Adobe Illustrator CS3 13.0.3 and earlier and Illustrator CS4 14.0.0 allows attack
Buffer overflow in PowerDNS Recursor before 3.1.7.2 allows remote attackers to cause a denial of ser
Unspecified vulnerability in PowerDNS Recursor before 3.1.7.2 allows remote attackers to spoof DNS d
Stack-based buffer overflow in the eDirectory plugin in Novell iManager before 2.7.3 allows remote a
drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel 2.6.32.3 and earlier handles
drivers/net/r8169.c in the r8169 driver in the Linux kernel 2.6.32.3 and earlier does not properly c
drivers/net/e1000e/netdev.c in the e1000e driver in the Linux kernel 2.6.32.3 and earlier does not p
Multiple PHP remote file inclusion vulnerabilities in IsolSoft Support Center 2.5 allow remote attac
globepersonnel_login.asp in Logoshows BBS 2.0 allows remote attackers to bypass authentication and g
Stack-based buffer overflow in A2 Media Player Pro 2.51 allows remote attackers to execute arbitrary
SQL injection vulnerability in the Kunena Forum (com_kunena) component 1.5.3 and 1.5.4 for Joomla! a
SQL injection vulnerability in the Survey Pro module for Miniweb 2.0 allows remote attackers to exec
Quick Heal AntiVirus Plus 2009 10.00 SP1 and Quick Heal Total Security 2009 10.00 SP1 use weak permi
SQL injection vulnerability in profile.php in WebLeague 2.2.0 allows remote attackers to execute arb
sendmail before 8.14.4 does not properly handle a '\0' character in a Common Name (CN) field of an X
SQL injection vulnerability in index.php in Zenphoto 1.2.5 allows remote attackers to execute arbitr
SQL injection vulnerability in elkagroup Image Gallery allows remote attackers to execute arbitrary
Multiple SQL injection vulnerabilities in index.php in PhpShop 0.8.1 allow remote attackers to execu
SQL injection vulnerability in country_escorts.php in I-Escorts Directory Script allows remote attac
SQL injection vulnerability in the BeeHeard (com_beeheard) component 1.x for Joomla! allows remote a
SQL injection vulnerability in the MDForum module 2.x through 2.07 for MAXdev MDPro allows remote at
SQL injection vulnerability in detail.php in the Dictionary module for XOOPS 2.0.18 allows remote at
SQL injection vulnerability in the DhForum (com_dhforum) component for Joomla! allows remote attacke
admin.php in dB Masters Multimedia Links Directory 3.1.3 allows remote attackers to bypass authentic
Heap-based buffer overflow in the WindsPlayerIE.View.1 ActiveX control in WindsPly.ocx 3.5.0.0 Beta,
SQL injection vulnerability in Basic Analysis and Security Engine (BASE) before 1.4.4 allows remote
Unspecified vulnerability in base_local_rules.php in Basic Analysis and Security Engine (BASE) befor
Unspecified vulnerability in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.131 for Domi
Multiple SQL injection vulnerabilities in index.php in PHP Inventory 1.2 allow (1) remote authentica
SQL injection vulnerability in the JPhoto (com_jphoto) component 1.0 for Joomla! allows remote attac
Multiple SQL injection vulnerabilities in the JS Jobs (com_jsjobs) component 1.0.5.6 for Joomla! all
SQL injection vulnerability in realestate20/loginaction.php in NetArt Media Real Estate Portal 2.0 a
PHP remote file inclusion vulnerability in mamboleto.php in the Fernando Soares Mamboleto (com_mambo
Cisco IOS before 15.0(1)XA does not properly handle IRC traffic during a specific time period after
Stack-based buffer overflow in Mini-stream CastRipper 2.50.70 allows remote attackers to execute arb
Directory traversal vulnerability in libtransmission/metainfo.c in Transmission 1.22, 1.34, 1.75, an
Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 a
Unspecified vulnerability in the Listener component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5,
Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.3 all
Multiple vulnerabilities in the JRockit component in BEA Product Suite R27.6.5 using JRE/JDK 1.4.2,
Directory traversal vulnerability in the Bible Study (com_biblestudy) component 6.1 for Joomla! allo
SQL injection vulnerability in the JoomlaBamboo (JB) Simpla Admin template for Joomla! allows remote
Heap-based buffer overflow in Sun Java System Web Server 7.0 Update 6 on Linux allows remote attacke
Unspecified vulnerability in Sun Java System Web Server 7.0 Update 6 on Linux allows remote attacker
Unspecified vulnerability in the Edit Contact scene in Ultra-light Mode in IBM Lotus iNotes (aka Dom
Ultra-light Mode in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.241 for Domino 8.0.2
IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.241 for Domino 8.0.2 FP3 does not properl
A vulnerability, which was classified as problematic, was found in Acritum Femitter Server 1.04. Aff
Multiple buffer overflows in the PDF Distiller in the BlackBerry Attachment Service component in Res
Array index error in the PK font parser in the dvi-backend component in Evince 2.32 and earlier allo
Array index error in the VF font parser in the dvi-backend component in Evince 2.32 and earlier allo
Heap-based buffer overflow in the AFM font parser in the dvi-backend component in Evince 2.32 and ea
Integer overflow in the TFM font parser in the dvi-backend component in Evince 2.32 and earlier allo
Integer overflow in base/ftstream.c in libXft (aka the X FreeType library) in FreeType before 2.4 al
Buffer overflow in the log2vis_utf8 function in pyfribidi.c in GNU FriBidi 0.19.1, 0.19.2, and possi
obs-server before 1.7.7 allows logins by 'unconfirmed' accounts due to a bug in the REST api impleme
ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and 2.12.x before 2.12.2, does not pr
Integer overflow in the rds_rdma_pages function in net/rds/rdma.c in the Linux kernel allows local u
Multiple integer overflows in real.c in the Real demuxer plugin in VideoLAN VLC Media Player before
The supportconfig script in supportutils in SUSE Linux Enterprise 11 SP1 and 10 SP3 does not 'disgui
Buffer overflow in mng_core_com.dll in CA XOsoft Replication r12.0 SP1 and r12.5 SP2 rollup, CA XOso
Multiple integer underflows in the x25_parse_facilities function in net/x25/x25_facilities.c in the
Multiple SQL injection vulnerabilities in Collaborative Information Manager server, as used in TIBCO
Unspecified vulnerability in Collaborative Information Manager server, as used in TIBCO Collaborativ
Multiple stack-based buffer overflows in libopensc in OpenSC 0.11.13 and earlier allow physically pr
Race condition in the sctp_icmp_proto_unreachable function in net/sctp/input.c in Linux kernel 2.6.1
Buffer overflow in the sect_enttec_dmx_da function in epan/dissectors/packet-enttec.c in Wireshark 1
Stack-based buffer overflow in the loadit function in plug-ins/common/sphere-designer.c in the SPHER
Heap-based buffer overflow in the read_channel_data function in file-psp.c in the Paint Shop Pro (PS
The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Microsoft Windows XP, Windo
The Neighbor Discovery (ND) protocol implementation in the IPv6 stack on Cisco Adaptive Security App
The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS before 15.0(1)XA5
Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2(3) and earlier allow
Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2(4) and earlier allow
Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 series devices with softw
Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) do not prop
Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) permit pack
Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) do not prop
The WebVPN implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices with softw
Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 series devices with softw
Memory leak on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2
Memory leak in Cisco IOS before 15.0(1)XA5 might allow remote attackers to cause a denial of service
Cisco IOS before 15.0(1)XA1, when certain TFTP debugging is enabled, allows remote attackers to caus
CallManager Express (CME) on Cisco IOS before 15.0(1)XA1 does not properly handle SIP TRUNK traffic
Unspecified vulnerability in the SIP inspection feature on Cisco Adaptive Security Appliances (ASA)
Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.3(2) do not prop
Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 series devices with softw
Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 series devices with softw
Multiple SQL injection vulnerabilities in index.php in SweetRice CMS before 0.6.7.1 allow remote att
Integer signedness error in the SQLConnectW function in an ODBC API (odbc32.dll) in Microsoft Data A
Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6
Use-after-free vulnerability in the ReleaseInterface function in MSHTML.DLL in Microsoft Internet Ex
Microsoft Internet Explorer on Windows XP allows remote attackers to trigger an incorrect GUI displa
Untrusted search path vulnerability in ImgBurn.exe in ImgBurn 2.4.0.0, 2.5.4.0, and other versions a
Stack-based buffer overflow in NetSupport Manager Agent for Linux 11.00, for Solaris 9.50, and for M
Heap-based buffer overflow in HistorySvr.exe in WellinTech KingView 6.53 allows remote attackers to
SQL injection vulnerability in the store function in _phenotype/system/class/PhenoTypeDataObject.cla
The PolyVision RoomWizard with firmware 3.2.3 has a default password of roomwizard for the administr
Buffer overflow in the MAC-LTE dissector (epan/dissectors/packet-mac-lte.c) in Wireshark 1.2.0 throu
The get_free_port function in Xen allows local authenticated DomU users to cause a denial of service
Heap-based buffer overflow in libxml2, as used in Google Chrome before 16.0.912.75, allows remote at
Use-after-free vulnerability in Google Chrome before 16.0.912.75 allows remote attackers to cause a
Stack-based buffer overflow in Google Chrome before 16.0.912.75 allows remote attackers to cause a d
The H.263 codec (libavcodec/h263dec.c) in FFmpeg 0.7.x before 0.7.12, 0.8.x before 0.8.11, and unspe
Buffer overflow in the WebClient ActiveX control in Siemens Tecnomatix FactoryLink 6.6.1 (aka 6.6 SP
Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled,
etc/inc/certs.inc in the PKI implementation in pfSense before 2.0.1 creates each X.509 certificate w
Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers
Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers
Multiple buffer overflows in Siemens Automation License Manager (ALM) 4.0 through 5.1+SP1+Upd1 allow
Splunk 4.2.5 and earlier, when a Free license is selected, enables potentially undesirable functiona
Directory traversal vulnerability in the HP-ChaiSOE/1.0 web server on the HP LaserJet P3015 printer
A certain ActiveX control in HPTicketMgr.dll in HP Easy Printer Care Software 2.5 and earlier allows
A certain ActiveX control in HPTicketMgr.dll in HP Easy Printer Care Software 2.5 and earlier allows
Absolute path traversal vulnerability in the web interface on HP StorageWorks P2000 G3 MSA array sys
Stack-based buffer overflow in magentservice.exe in the server in HP LoadRunner 11.00 before patch 4
Multiple unrestricted file upload vulnerabilities in the WP Symposium plugin before 11.12.24 for Wor
Stack-based buffer overflow in Final Draft 8 before 8.02 allows remote attackers to execute arbitrar
Snare for Linux before 1.7.0 has password disclosure because the rendered page contains the field Re
Unspecified vulnerability in the Connections plugin before 0.7.1.6 for WordPress has unknown impact
Buffer overflow in the Download method in a certain ActiveX control in MDIEEx.dll in Gogago YouTube
Multiple SQL injection vulnerabilities in cdnvote-post.php in the cdnvote plugin before 0.4.2 for Wo
Multiple SQL injection vulnerabilities in includes/password.php in Redaxscript 0.3.2 allow remote at
The kernel in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2
Unspecified vulnerability in winmm.dll in Windows Multimedia Library in Windows Media Player (WMP) i
Unspecified vulnerability in DirectShow in DirectX in Microsoft Windows XP SP2 and SP3, Windows Serv
Untrusted search path vulnerability in the Windows Object Packager configuration in Microsoft Window
Incomplete blacklist vulnerability in the Windows Packager configuration in Microsoft Windows XP SP2
MaraDNS before 1.3.07.12 and 1.4.x before 1.4.08 computes hash values for DNS data without restricti
The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL
Multiple unspecified vulnerabilities in Google Chrome before 17.0.963.27 on the Acer AC700, Samsung
HP StorageWorks P2000 G3 MSA array systems have a default account, which makes it easier for remote
Multiple cross-site request forgery (CSRF) vulnerabilities in Family Connections CMS (aka FCMS) 2.9
Heap-based buffer overflow in the XSLT engine in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x bef
The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary
Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token s
PHP code injection in TinyWebGallery before 1.8.8 allows remote authenticated users with admin privi
Gateway Geomatics MapServer for Windows before 3.0.6 contains a Local File Include Vulnerability whi
The Apache Sling JCR ContentLoader 2.1.4 XmlReader used in the Sling JCR content loader module makes
The (1) my_popenv_impl and (2) my_spawnv functions in src/condor_utils/my_popen.cpp and the (3) syst
Samsung Kies before 2.5.0.12094_27_11 contains a NULL pointer dereference vulnerability which could
Samsung Kies before 2.5.0.12094_27_11 has arbitrary file modification.
Samsung Kies before 2.5.0.12094_27_11 has arbitrary directory modification.
Samsung Kies before 2.5.0.12094_27_11 has registry modification.
Arial Campaign Enterprise before 11.0.551 has unauthorized access to the User-Edit.asp page, which a
Arial Campaign Enterprise before 11.0.551 stores passwords in clear text and these may be retrieved.
In Arial Campaign Enterprise before 11.0.551, multiple pages are accessible without authentication o
Chamilo before 1.8.8.6 does not adequately handle user supplied input by the index.php script, which
fwknop before 2.0.3 allow remote authenticated users to cause a denial of service (server crash) or
Citrix XenApp Online Plug-in for Windows 12.1 and earlier, and Citrix Receiver for Windows 3.2 and e
Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and ear
Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1
Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1
Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and ear
Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 allows remote attackers to execute arb
Multiple SQL injection vulnerabilities in the (1) update_whosonline_reg and (2) update_whosonline_gu
Multiple stack-based buffer overflows in the canoniseFileName function in os/pl-os.c in SWI-Prolog b
Multiple stack-based buffer overflows in the expand function in os/pl-glob.c in SWI-Prolog before 6.
The _compile function in Maketext.pm in the Locale::Maketext implementation in Perl before 5.17.7 do
LemonLDAP::NG before 1.2.3 does not use the signature-verification capability of the Lasso library,
Opera before 12.10 allows remote attackers to execute arbitrary code or cause a denial of service (a
Heap-based buffer overflow in Opera before 12.11 allows remote attackers to execute arbitrary code o
Opera before 12.12 does not properly allocate memory for GIF images, which allows remote attackers t
SQL injection vulnerability in the Active Record component in Ruby on Rails before 3.0.18, 3.1.x bef
Buffer overflow in the Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1
Buffer overflow in a System.DirectoryServices.Protocols (S.DS.P) namespace method in Microsoft .NET
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properl
The WCF Replace function in the Open Data (aka OData) protocol implementation in Microsoft .NET Fram
Microsoft XML Core Services (aka MSXML) 3.0, 5.0, and 6.0 does not properly parse XML content, which
Microsoft XML Core Services (aka MSXML) 4.0, 5.0, and 6.0 does not properly parse XML content, which
win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, a
The Print Spooler in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows r
Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitra
Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attacker
Use-after-free vulnerability in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 1
Heap-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.
Heap-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.
Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attacker
Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11
Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attacker
Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attacker
Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 1
Stack-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11
Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attacker
Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11
Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 1
Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attacker
Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11
Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attacker
Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11
Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attacker
Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attacker
Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attacker
Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11
Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attacker
Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attacker
Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attacker
Stack-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11
Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x
Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10, when a password is not configured, allows attackers to a
Buffer overflow in Adobe Flash Player before 10.3.183.50 and 11.x before 11.5.502.146 on Windows and
Adobe ColdFusion 9.0, 9.0.1, and 9.0.2 allows attackers to obtain sensitive information via unspecif
A vulnerability classified as problematic has been found in ethitter WP-Print-Friendly up to 0.5.2.
SQL injection vulnerability in the miq_policy controller in Red Hat CloudForms 2.0 Management Engine
Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbit
Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbit
Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbit
The Backup Client Service (OmniInet.exe) in HP Storage Data Protector 6.2X allows remote attackers t
Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbit
Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbit
Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbit
The RACInstaller.StateCtrl.1 ActiveX control in InstallerDlg.dll in RealNetworks GameHouse RealArcad
RealNetworks GameHouse RealArcade Installer (aka ActiveMARK Game Installer) 2.6.0.481 and 3.0.7 uses
Stack-based buffer overflow in xnview.exe in XnView before 2.03 allows remote attackers to execute a
Heap-based buffer overflow in xnview.exe in XnView before 2.03 allows remote attackers to execute ar
Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherbo
Hardcoded WSMan credentials in Intelligent Platform Management Interface (IPMI) with firmware for Su
SQL injection vulnerability in the Jomres (com_jomres) component before 7.3.1 for Joomla! allows rem
Cross-site request forgery (CSRF) vulnerability in Opsview before 4.4.1 and Opsview Core before 2013
Heap-based buffer overflow in xnview.exe in XnView before 2.13 allows remote attackers to execute ar
xnview.exe in XnView before 2.13 does not properly handle RLE strip lengths during processing of RGB
Stack-based buffer overflow in the MrSID plugin (MrSID.dll) before 4.37 for IrfanView allows remote
The MrSID plugin (MrSID.dll) before 4.37 for IrfanView allows remote attackers to execute arbitrary
Heap-based buffer overflow in the MrSID plugin (MrSID.dll) before 4.37 for IrfanView allows remote a
(1) oo-analytics-export and (2) oo-analytics-import in the openshift-origin-broker-util package in R
Qemu 1.1.2+dfsg to 2.1+dfsg suffers from a buffer overrun which could potentially result in arbitrar
The Management Console in Symantec Endpoint Protection (SEP) 11.x before 11.0.7.4 and 12.x before 12
Unquoted Windows search path vulnerability in the client in Symantec Endpoint Protection (SEP) 11.x
Unspecified vulnerability in Atmail before 6.6.4, and 7.x before 7.1.2, has unknown impact and attac
Unspecified vulnerability in Atmail before 6.6.4, and 7.x before 7.1.2, has unknown impact and attac
Unspecified vulnerability in Atmail before 6.6.4, and 7.x before 7.1.2, has unknown impact and attac
Unspecified vulnerability in Atmail before 6.6.4, and 7.x before 7.1.2, has unknown impact and attac
Integer underflow in Picasa3.exe in Google Picasa before 3.9.0 Build 137.69 allows remote attackers
Integer overflow in Picasa3.exe in Google Picasa before 3.9.0 Build 137.69 allows remote attackers t
Picasa3.exe in Google Picasa before 3.9.0 Build 137.69 allows remote attackers to trigger memory cor
Stack-based buffer overflow in Picasa3.exe in Google Picasa before 3.9.0 Build 137.69 might allow re
The OSPF implementation in IBM i 6.1 and 7.1, in z/OS on zSeries servers, and in Networking Operatin
FuzeZip 1.0.0.131625 has a Local Buffer Overflow vulnerability
AultWare pwStore 2010.8.30.0 has DoS via an empty HTTP request
Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbit
Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbit
SpagoBI before 4.1 has Privilege Escalation via an error in the AdapterHTTP script
SQL injection vulnerability in IBM Atlas eDiscovery Process Management 6.0.1.5 and earlier and 6.0.2
Stack-based buffer overflow in the bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont
CRU Ditto Forensic FieldStation with firmware before 2013Oct15a allows remote attackers to execute a
The write-blocker in CRU Ditto Forensic FieldStation with firmware before 2013Oct15a has a default '
Uscan in devscripts before 2.13.9 allows remote attackers to execute arbitrary code via a crafted ta
webman/imageSelector.cgi in Synology DiskStation Manager (DSM) 4.0 before 4.0-2259, 4.2 before 4.2-3
SQL injection vulnerability in download.php in Horizon Quick Content Management System (QCMS) 4.0 an
Absolute path traversal vulnerability in cgi-bin/jc.cgi in QNAP QTS before 4.1.0 allows remote attac
Multiple stack-based buffer overflows in RealNetworks RealPlayer before 17.0.4.61 on Windows, and Ma
SQL injection vulnerability in Naxtech CMS Afroditi 1.0 allows remote attackers to execute arbitrary
The management web interface on the Nisuta NS-WIR150NE router with firmware 5.07.41 and Nisuta NS-WI
Race condition in the libreswan.spec files for Red Hat Enterprise Linux (RHEL) and Fedora packages i
Buffer overflow in Hancom Office 2010 SE allows remote attackers to execute arbitrary via a long str
The check_privileges method in vmdb/app/controllers/application_controller.rb in ManageIQ, as used i
Juniper Junos before 10.4 before 10.4R16, 11.4 before 11.4R8, 12.1R before 12.1R7, 12.1X44 before 12
The Cisco WAP4410N access point with firmware through 2.0.6.1, WRVS4400N router with firmware 1.x th
Stack-based buffer overflow in the yyerror function in lib/cgraph/scan.l in Graphviz 2.34.0 allows r
Hitron CVE-30360 devices use a 578A958E3DD933FC DES key that is shared across different customers' i
Stack-based buffer overflow in the chkNum function in lib/cgraph/scan.l in Graphviz 2.34.0 allows re
A vulnerability was found in rails-cv-app. It has been rated as problematic. Affected by this issue
A vulnerability was found in emmflo yuko-bot. It has been declared as problematic. This vulnerabilit
A vulnerability classified as critical has been found in CherishSin klattr. This affects an unknown
The Conceptronic C54APM access point with runtime code 1.26 has a default password of admin for the
Aruba Networks ClearPass Policy Manager 6.1.x, 6.2.x before 6.2.5.61640 and 6.3.x before 6.3.0.61712
Ansible prior to 1.5.4 mishandles the evaluation of some strings.
SQL injection vulnerability in the GD Star Rating plugin 19.22 for WordPress allows remote administr
Publify before 8.0.1 is vulnerable to a Denial of Service attack
BSS Continuity CMS 4.2.22640.0 has a Remote Denial Of Service vulnerability
(1) lib/dataset/database/mysql.rb and (2) lib/dataset/database/postgresql.rb in the codders-dataset
lib/cap-strap/helpers.rb in the cap-strap gem 0.1.5 for Ruby places credentials on the useradd comma
(1) lib/backup/cli/utility.rb in the backup-agoddard gem 3.0.28 and (2) lib/backup/cli/utility.rb in
Race condition in lib/vlad/dba/mysql.rb in the VladTheEnterprising gem 0.2 for Ruby allows local use
lib/commands/setup.rb in the point-cli gem 0.0.1 for Ruby places credentials on the curl command lin
test/tc_database.rb in the lean-ruport gem 0.3.8 for Ruby places the mysql user password on the mysq
vendor/plugins/dataset/lib/dataset/database/mysql.rb in the kajam gem 1.0.3.rc2 for Ruby places the
The login function in lib/lawn.rb in the lawn-login gem 0.0.7 for Ruby places credentials on the cur
lib/ksymfony1.rb in the kcapifony gem 2.1.6 for Ruby places database user passwords on the (1) mysql
The lynx gem before 1.0.0 for Ruby places the configured password on command lines, which allows loc
lib/brbackup.rb in the brbackup gem 0.1.1 for Ruby places the database password on the mysql command
DOMPDF before 0.6.2 allows remote code execution, a related issue to CVE-2014-2383.
Directory traversal vulnerability in the web application in Symmetricom s350i 2.70.15 allows remote
Symmetricom s350i 2.70.15 allows remote authenticated users to gain privileges via vectors related t
Status2k allows Remote Command Execution in admin/options/editpl.php.
The bindReplace function in the query factory in includes/classes/database.php in Loaded Commerce 7
A Bash script injection vulnerability exists in Kemp Load Master 7.1-16 and earlier due to a failure
Multiple directory traversal vulnerabilities in the file-upload feature in IBM PureApplication Syste
cgi-bin/AZ_Retrain.cgi in Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices does not check
run-mailcap in the Debian mime-support package before 3.52-1+deb7u1 allows context-dependent attacke
The backup mechanism in the adb tool in Android might allow attackers to inject additional applicati
SQL injection vulnerability in the Search::setJsonAlert method in OSClass before 3.4.3 allows remote
Directory traversal vulnerability in oc-includes/osclass/controller/ajax.php in OSClass before 3.4.3
The browsing feature in the server in CUPS does not filter ANSI escape sequences from shared printer
An off-by-one error leading to a crash was discovered in openldap 2.4 when processing DNS SRV messag
Stack-based buffer overflow in Schneider Electric Wonderware InTouch Access Anywhere Server 10.6 and
The wfMangleFlashPolicy function in OutputHandler.php in MediaWiki before 1.19.22, 1.20.x through 1.
Directory traversal vulnerability in Sonatype Nexus OSS and Pro before 2.11.1-01 allows remote attac
sapi/cgi/cgi_main.c in the CGI component in PHP through 5.4.36, 5.5.x through 5.5.20, and 5.6.x thro
The batadv_frag_merge_packets function in net/batman-adv/fragmentation.c in the B.A.T.M.A.N. impleme
SQL injection vulnerability in browse.php in phpMyRecipes 1.2.2 allows remote attackers to execute a
SQL injection vulnerability in incl/create.inc.php in Installatron GQ File Manager 0.2.5 allows remo
Buffer overflow in Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 allows remote attackers to execut
Multiple SQL injection vulnerabilities in chart_bar.php in the frontend in Zabbix before 1.8.22, 2.0
Multiple stack-based buffer overflows in the DIVA web service API (/webservice) in VDG Security SENS
SQL injection vulnerability in showads.php in CTS Projects & Software ClassAd 3.0 allows remote atta
Buffer overflow in NotePad++ 6.6.9 allows remote attackers to have unspecified impact via a long Tim
Heap-based buffer overflow in the GDB debugger module in Hex-Rays IDA Pro before 6.6 cumulative fix
SQL injection vulnerability in Category.php in Microweber CMS 0.95 before 20141209 allows remote att
Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before
The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and
SQL injection vulnerability in login.php in InfiniteWP Admin Panel before 2.4.3 allows remote attack
SQL injection vulnerability in execute.php in InfiniteWP Admin Panel before 2.4.4 allows remote atta
Unrestricted file upload vulnerability in uploadScript.php in InfiniteWP Admin Panel before 2.4.4, w
SQL injection vulnerability in the actionIndex function in protected/modules_core/notification/contr
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in sumocoders FrameworkUserBundle up to 1.
A vulnerability has been found in luelista miniConf up to 1.7.6 and classified as problematic. Affec
A vulnerability was found in nym3r0s pplv2. It has been declared as critical. Affected by this vulne
A vulnerability was found in dobos domino. It has been rated as critical. Affected by this issue is
The Google V8 engine, as used in Google Chrome before 44.0.2403.89 and QtWebEngineCore in Qt before
node/utils/ExportEtherpad.js in Etherpad 1.5.x before 1.5.2 might allow remote attackers to obtain s
The TLS stack in Mono before 3.12.1 allows man-in-the-middle attackers to conduct message skipping a
The TLS stack in Mono before 3.12.1 makes it easier for remote attackers to conduct cipher-downgrade
Jolla Sailfish OS before 1.1.2.16 allows remote attackers to spoof phone numbers and trigger calls t
A file upload issue exists in DeDeCMS before 5.7-sp1, which allows malicious users getshell.
An issue was discovered in Skybox Platform before 7.5.201. Directory Traversal exists in /skyboxview
IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-
IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-
Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager (ISIM) Virtual Appl
SQL injection vulnerability in register.php in GeniXCMS before 1.0.0 allows remote attackers to exec
XML External Entity (XXE) Vulnerability in /SSOPOST/metaAlias/%realm%/idpv2 in OpenAM - Access Manag
Insufficient data validation on image data in PDFium in Google Chrome prior to 51.0.2704.63 allowed
A Privilege Escalation vulnerability exists in Symantec Norton Antivirus, Norton AntiVirus with Back
A privilege escalation vulnerability exists when loading DLLs during boot up and reboot in Symantec
A security bypass vulnerability exists in Symantec Norton App Lock 1.0.3.186 and earlier if applicat
A code-execution vulnerability exists during startup in jhi.dll and otpiha.dll in Symantec VIP Acces
In iOS before 9.3.3, a memory corruption issue existed in the kernel. This issue was addressed throu
A missing check for whether a property of a JS object is private in V8 in Google Chrome prior to 55.
An information disclosure vulnerability in the Android framework (clipboardservice). Product: Androi
In MPEG4Extractor.cpp, there are several places where functions return early without cleaning up int
NVIDIA driver contains an integer overflow vulnerability which could cause a use after free and poss
Linaro's open source TEE solution called OP-TEE, version 2.4.0 (and older) is vulnerable to the bell
The WildMidi_Open function in WildMIDI since commit d8a466829c67cacbb1700beded25c448d99514e5 allows
phpBB version 3.2.0 is vulnerable to SSRF in the Remote Avatar function resulting allowing an attack
Syncthing version 0.14.33 and older is vulnerable to symlink traversal resulting in arbitrary file o
Gnome gdk-pixbuf 2.36.8 and older is vulnerable to several integer overflow in the gif_get_lzw funct
Vanilla Forums below 2.1.5 are affected by CSRF leading to Deleting topics and comments from forums
pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This
In OMERO 5.3.3 or earlier a user could create an OriginalFile and adjust its path such that it now p
Structured Data Linter versions 2.4.1 and older are vulnerable to a directory traversal attack in th
In opencv/modules/imgcodecs/src/utils.cpp, functions FillUniColor and FillUniGray do not check the i
fs-git is a file system like api for git repository. The fs-git version 1.0.1 module relies on child
An XML Signature Wrapping vulnerability exists in Samlify 2.2.0 and earlier, and in predecessor Expr
CMS Made Simple 2.1.6, 2.2, 2.2.1 are vulnerable to Smarty Template Injection in some core component
freedesktop.org libpoppler 0.60.1 fails to validate boundaries in TextPool::addWord, leading to over
EmbedThis GoAhead Webserver versions 4.0.0 and earlier is vulnerable to an integer overflow in the H
Linux Dash up to version v2 is vulnerable to multiple command injection vulnerabilities in the way m
XMLBundle version 0.1.7 is vulnerable to XXE attacks which can result in denial of service attacks.
pfSense versions 2.4.1 and lower are vulnerable to clickjacking attacks in the CSRF error page resul
Nylas Mail Lives 2.2.2 uses 0755 permissions for $HOME/.nylas-mail, which allows local users to obta
Uninitialized stack variable vulnerability in NameValueParserEndElt (upnpreplyparse.c) in miniupnpd
Commsy version 9.0.0 is vulnerable to XXE attacks in the configuration import functionality resultin
AndroidSVG version 1.2.2 is vulnerable to XXE attacks in the SVG parsing component resulting in deni
phpMyAdmin versions 4.7.x (prior to 4.7.6.1/4.7.7) are vulnerable to a CSRF weakness. By deceiving a
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Li
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Li
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Li
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Li
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Li
It was found that FreeIPA 4.2.0 and later could disclose password hashes to users having the 'System
It was discovered that the jboss init script as used in Red Hat JBoss Enterprise Application Platfor
When an Apache Geode cluster before v1.3.0 is operating in secure mode and an authenticated user con
An Improper Authentication issue was discovered in General Motors (GM) and Shanghai OnStar (SOS) SOS
In the parseURL function of URLStreamHandler, there is improper input validation of the host field.
In the onQueueFilled function of SoftAVCDec, there is a possible out-of-bounds write due to a use af
In the doGetThumb and getThumbnail functions of MtpServer, there is a possible double free due to no
In the sendFormatChange function of ACodec, there is a possible integer overflow which could lead to
In the OMXNodeInstance::useBuffer and IOMX::freeBuffer functions, there is a possible use after free
In the enableVSyncInjections function of SurfaceFlinger, there is a possible use after free of mVSyn
A vulnerability in the Android media framework (libavc) related to incorrect use of mmco parameters.
A vulnerability in the Android media framework (libavc) related to handling dec_hdl memory allocatio
A vulnerability in the Android media framework (libhevc) related to handling ps_codec_obj memory all
In the ihevcd_decode function of ihevcd_decode.c, there is an infinite loop due to an incomplete fra
In the ihevcd_parse_slice_header function of ihevcd_parse_slice_header.c a slice address of zero aft
In ihevcd_decode.c there is a possible infinite loop due to bytes for an sps of unsupported resoluti
A vulnerability in the Android media framework (libvpx) related to odd frame width. Product: Android
In the ihevcd_parse_sps function of ihevcd_parse_headers.c, several parameter values could be negati
In several places in ihevcd_decode.c, a dead loop could occur due to incomplete frames which could l
In the ihevcd_parse_slice.c function, slave threads are not joined if there is an error. This could
A vulnerability in the Android media framework (ex) related to composition of frames lacking a color
In Bitmap.ccp if Bitmap.nativeCreate fails an out of memory exception is not thrown leading to a jav
An information disclosure vulnerability in the Android media framework (av) related to id3 unsynchro
An information disclosure vulnerability in the Android media framework (mediadrm). Product: Android.
An information disclosure vulnerability in the Android media framework (libeffects). Product: Androi
An information disclosure vulnerability in the Android media framework (aacdec). Product: Android. V
An information disclosure vulnerability in the Android media framework (stagefright mpeg4writer). Pr
In the ServiceManager::add function in the hardware service manager, there is an insecure permission
In CameraDeviceClient::submitRequestList of CameraDeviceClient.cpp, there is an out-of-bounds write
In bta_scan_results_cb_impl of btif_ble_scanner.cc, there is possible resource exhaustion if a large
An elevation of privilege vulnerability in the Android system (systemui). Product: Android. Versions
An elevation of privilege vulnerability in the Broadcom bcmdhd driver. Product: Android. Versions: A
In the hardware HEVC decoder, some media files could cause a page fault. This could lead to a remote
A elevation of privilege vulnerability in the Upstream kernel skcipher. Product: Android. Versions:
In ashmem_ioctl of ashmem.c, there is an out-of-bounds write due to insufficient locking when access
In DisplayFtmItem in the bootloader, there is an out-of-bounds write due to reading a string without
A denial of service vulnerability in the Upstream kernel synaptics touchscreen controller. Product:
An elevation of privilege vulnerability in the Upstream kernel bluez. Product: Android. Versions: An
An elevation of privilege vulnerability in the Upstream kernel wifi driver. Product: Android. Versio
An information disclosure vulnerability in the Upstream kernel kernel. Product: Android. Versions: A
In libMtkOmxVdec.so there is a possible heap buffer overflow. This could lead to a remote elevation
An elevation of privilege vulnerability in the MediaTek mtk. Product: Android. Versions: Android ker
In macOS High Sierra before 10.13.2, a logic issue existed in APFS when deleting keys during hiberna
In iOS before 11.2, a type confusion issue was addressed with improved memory handling.
An issue was discovered in Moxa MXview v2.8 and prior. The unquoted service path escalation vulnerab
Multiple exploitable buffer overflow vulnerabilities exists in the PubNub message handler for the 'c
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Li
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Li
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Li
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Li
xDashboard in OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP
VNC server implementation in Quick Emulator (QEMU) 2.11.0 and older was found to be vulnerable to an
It was found that system umask policy is not being honored when creating XDG user directories, since
A memory corruption bug in WebAssembly could lead to out of bounds read and write through V8 in WebA
Insufficient data validation in crosh could lead to a command injection under chronos privileges in
An ability to process crash dumps under root privileges and inappropriate symlinks handling could le
Inappropriate symlink handling and a race condition in the stateful recovery feature implementation
Insufficient data validation in V8 builtins string generator could lead to out of bounds read and wr
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary comma
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary comma
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary comma
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary comma
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary comma
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary comma
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary comma
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary comma
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary comma
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary comma
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary comma
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary comma
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary comma
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary comma
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary comma
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary comma
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary comma
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary comma
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary comma
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary comma
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary comma
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary comma
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary comma
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary comma
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary comma
In Flexense VX Search Enterprise v10.1.12, the Control Protocol suffers from a denial of service vul
In Flexense Disk Pulse Enterprise v10.1.18, the Control Protocol suffers from a denial of service vu
In Flexense Sync Breeze Enterprise v10.1.16, the Control Protocol suffers from a denial of service v
In Flexense DiskBoss Enterprise 8.5.12, the Control Protocol suffers from a denial of service vulner
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Li
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Li
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Li
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Li
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Li
The Installer in Whale allows DLL hijacking.
IBM WebSphere MQ 7.0, 7.1, 7.5, 8.0, and 9.0 service trace module could be used to execute untrusted
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc
IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 is vulnerable to a XML External Entity Injection
IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 could allow a remote attacker to traverse directo
IBM Tivoli Key Lifecycle Manager 2.6 and 2.7 is vulnerable to cross-site request forgery which could
An Unrestricted Upload Of File With Dangerous Type issue was discovered in Advantech WebAccess versi
An issue was discovered in WECON Technology LEVI Studio HMI Editor v1.8.29 and prior. A specially-cr
An issue was discovered in WECON Technology LEVI Studio HMI Editor v1.8.29 and prior. Specially-craf
The portal on FiberHome Mobile WIFI Device Model LM53Q1 VH519R05C01S38 uses SOAP based web services
Directory traversal in the HTTP server on Yawcam 0.2.6 through 0.6.0 devices allows attackers to rea
Inteno iopsys 2.0-3.14 and 4.0 devices allow remote authenticated users to execute arbitrary OS comm
In OpenCV 3.3.1, a heap-based buffer over-read exists in the function cv::HdrDecoder::checkSignature
In K7 Total Security before 15.1.0.305, user-controlled input to the K7Sentry device is not sufficie
On Samsung mobile devices with L(5.x), M(6.x), and N(7.x) software and Exynos chipsets, attackers ca
Redmine before 3.2.9, 3.3.x before 3.3.6, and 3.4.x before 3.4.4 does not block the --config and --d
When a 3rd party TEE has been loaded it is possible for the non-secure world to create a secure moni
QSEE unload attempt on a 3rd party TEE without previously loading results in a data abort in snapdra
Use after free in QSH client rule processing in snapdragon mobile and snapdragon wear in versions MD
Possible Buffer overflow when transmitting an RTP packet in snapdragon automobile and snapdragon wea
Buffer overflow in AES-CCM and AES-GCM encryption via initialization vector in snapdragon automobile
A vulnerability classified as problematic has been found in rofl0r MacGeiger. Affected is the functi
A vulnerability classified as problematic has been found in debug-js debug up to 3.0.x. This affects
In Enterprise Networking Operating System (ENOS) in Lenovo and IBM RackSwitch and BladeCenter produc
VMware Workstation and Fusion contain a use-after-free vulnerability in VMware NAT service when IPv6
VMware Workstation and Fusion contain an integer overflow vulnerability in VMware NAT service when I
Nexpose and InsightVM virtual appliances downloaded between April 5th, 2017 and May 3rd, 2017 contai
In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it was found that when the securi
An Cleartext Storage of Sensitive Information issue was discovered in General Motors (GM) and Shangh
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Li
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Li
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Li
When an Apache Geode cluster before v1.3.0 is operating in secure mode, a user with read access to s
A privilege escalation vulnerability exists in Schneider Electric's Pelco VideoXpert Enterprise vers
QFX and EX Series switches configured to drop traffic when the MAC move limit is exceeded will forwa
Junos Space is affected by a privilege escalation vulnerability that may allow a local authenticated
A Buffer Overflow vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Forma
A vulnerability in the Cisco node-jose open source library before 0.11.0 could allow an unauthentica
A vulnerability in the Cisco IP Phone 8800 Series Software could allow an unauthenticated, remote at
A vulnerability in the web-based management interface of Cisco Unified Communications Manager could
Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute a
Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute a
Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute a
Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute a
Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary OS
Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary OS
Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary OS
Buffer overflow in Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to ex
Buffer overflow in Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to ex
Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS
Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS
Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS
Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS
Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS
Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS
Buffer overflow in Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to e
Buffer overflow in Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to e
Untrusted search path vulnerability in Installer of INplc SDK Express 3.08 and earlier and Installer
BN-SDWBP3 firmware version 1.0.9 and earlier allows an attacker on the same network segment to bypas
HTTP header injection vulnerability in SEIKO EPSON printers and scanners (DS-570W firmware versions
Directory traversal vulnerability in Cybozu Mailwise 5.0.0 to 5.4.5 allows remote attackers to delet
Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.1 allows remote attackers to delet
Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.1 allows remote attackers to delet
Windows Subsystem for Linux in Windows 10 version 1703, Windows 10 version 1709, and Windows Server,
The Windows kernel in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 160
The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Win
The Microsoft Server Message Block (SMB) Server in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Se
The Windows Kernel API in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511,
The Windows Kernel API in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511,
Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacke
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Window
Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7
Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitrary code in the context of the
Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacke
Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacke
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Window
Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitrary code in the context of the
Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitrary code in the context of the
Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitrary code in the context of the
Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacke
Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacke
Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitrary code in the context of the
Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacke
ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to the ASP.NET Core
Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, .NET Co
The Windows Adobe Type Manager Font Driver (Atmfd.dll) in Windows 7 SP1, Windows 8.1 and RT 8.1, Win
Microsoft SharePoint Foundation 2010, Microsoft SharePoint Server 2013 and Microsoft SharePoint Serv
Microsoft SharePoint Foundation 2010, Microsoft SharePoint Server 2013 and Microsoft SharePoint Serv
Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, and Microsoft Outlook 2016 a
Microsoft Word 2016 in Microsoft Office 2016 allows a remote code execution vulnerability due to the
Microsoft Outlook 2007, Microsoft Outlook 2010 and Microsoft Outlook 2013 allow a remote code execut
Microsoft Word in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft
Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code executio
Microsoft Excel in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsof
Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code executio
Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsof
Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsof
Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsof
Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Of
Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Of
Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Of
Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Of
Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Of
Microsoft ChakraCore allows an attacker to bypass Control Flow Guard (CFG) in conjunction with anoth
An information exposure vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier,
An improper authorization vulnerability exists in Jenkins Jira Plugin 3.0.1 and earlier in JiraSite.
A cross-site request forgery vulnerability exists in Jenkins Config File Provider Plugin 3.1 and ear
A cross-site request forgery vulnerability exists in Jenkins Email Extension Template Plugin 1.0 and
An improper authorization vulnerability exists in Jenkins HipChat Plugin 2.2.0 and earlier in HipCha
An insufficiently protected credentials vulnerability exists in Jenkins Crowd 2 Integration Plugin 2
An insufficiently protected credentials vulnerability exists in Jenkins Artifactory Plugin 2.16.1 an
An insufficiently protected credentials vulnerability exists in Jenkins SonarQube Scanner Plugin 2.8
Jamf Pro 10.x before 10.3.0 has Incorrect Access Control. Jamf Pro user accounts and groups with acc
A Buffer Overflow issue was discovered in K7Computing K7AntiVirus Premium 15.01.00.53.
A Buffer Overflow issue was discovered in K7Computing K7AntiVirus Premium 15.01.00.53.
K7TSMngr.exe in K7Computing K7AntiVirus Premium 15.1.0.53 has a Memory Leak.
Improper directory permissions in the ZeroConfig service in Intel(R) PROSet/Wireless WiFi Software b
Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComple
A vulnerability in the Secure/Multipurpose Internet Mail Extensions (S/MIME) Decryption and Verifica
A vulnerability in the Shell Access Filter feature of Cisco Firepower Management Center (FMC), when
A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Sec
An issue was discovered in ExpressVPN on Windows. The Xvpnd.exe process (which runs as a service wit
A Javascript reentrancy issues that caused a use-after-free in V8 in Google Chrome prior to 69.0.349
A use after free in WebRTC in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to poten
Missing bounds check in PDFium in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to p
Allowing the chrome.debugger API to run on file:// URLs in DevTools in Google Chrome prior to 69.0.3
An out of bounds read in forward error correction code in WebRTC in Google Chrome prior to 69.0.3497
A use after free in ResourceCoordinator in Google Chrome prior to 69.0.3497.81 allowed a remote atta
LogonTracer 1.2.0 and earlier allows remote attackers to conduct XML External Entity (XXE) attacks v
Cybozu Remote Service 3.0.0 to 3.1.0 allows remote authenticated attackers to upload and execute Jav
Directory traversal vulnerability in Cybozu Remote Service 3.0.0 to 3.1.8 for Windows allows remote
Directory traversal vulnerability in Cybozu Remote Service 3.0.0 to 3.1.8 allows remote attackers to
SQL injection vulnerability in the LearnPress prior to version 3.1.0 allows attacker with administra
Untrusted search path vulnerability in Installer of Mapping Tool 2.0.1.6 and 2.0.1.7 allows remote a
Untrusted search path vulnerability in The installer of Windows 10 Fall Creators Update Modify modul
Cybozu Garoon 3.0.0 to 4.10.0 allows remote attackers to bypass access restriction to view informati
Untrusted search path vulnerability in the installer of MARKET SPEED Ver.16.4 and earlier allows an
An unquoted search path vulnerability in some pre-installed applications on Panasonic PC run on Wind
RICOH Interactive Whiteboard D2200 V1.1 to V2.2, D5500 V1.1 to V2.2, D5510 V1.1 to V2.2, the display
RICOH Interactive Whiteboard D2200 V1.1 to V2.2, D5500 V1.1 to V2.2, D5510 V1.1 to V2.2, the display
Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firm
Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firm
Multiple Yokogawa products that contain Vnet/IP Open Communication Driver (CENTUM CS 3000(R3.05.00 -
Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier m
Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier a
Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier u
Directory traversal vulnerability in cordova-plugin-ionic-webview versions prior to 2.2.0 (not inclu
An allocation of memory without limits, that could result in the stack clashing with another memory
An allocation of memory without limits, that could result in the stack clashing with another memory
A use-after-free issue was found in the way the Linux kernel's KVM hypervisor processed posted inter
Prior to CouchDB version 2.3.0, CouchDB allowed for runtime-configuration of key components of the d
An object lifecycle issue in Blink could lead to a use after free in WebAudio in Google Chrome prior
An improper update of the WebAssembly dispatch table in WebAssembly in Google Chrome prior to 69.0.3
An out of bounds read in PDFium in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to
A heap buffer overflow in GPU in Google Chrome prior to 70.0.3538.67 allowed a remote attacker who h
Improper file verification in install routine for Intel(R) SGX SDK and Platform Software for Windows
Kubernetes Dashboard before 1.10.1 allows attackers to bypass authentication and use Dashboard's Ser
An untrusted search path vulnerability in IBM i Access for Windows versions 7.1 and earlier on Windo
The Stripe API v1 allows remote attackers to bypass intended access restrictions by replaying api.st
Foxit PDF ActiveX before 5.5.1 allows remote code execution via command injection because of the lac
An error-based SQL injection vulnerability in product/card.php in Dolibarr version 8.0.2 allows remo
SQL injection vulnerability in user/card.php in Dolibarr version 8.0.2 allows remote authenticated u
Handling of URI action in PDFium in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to
Incorrect object lifecycle in Extensions in Google Chrome prior to 71.0.3578.80 allowed a remote att
The Code42 app before 6.8.4, as used in Code42 for Enterprise, on Linux installs with overly permiss
A file-upload vulnerability exists in Rukovoditel 2.3.1. index.php?module=configuration/save allows
ExifTool 8.32 allows local users to gain privileges by creating a %TEMP%\par-%username%\cache-exifto
Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyGetAppEdition r
Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyDoAction race c
Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyCPDFAction race
Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyDoAction race c
Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyPreviewAction r
Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyCheckLicence ra
Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a race condition that
Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyDoAction race c
The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.
The server in Core FTP 2.0 build 653 on 32-bit platforms allows remote attackers to cause a denial o
An issue was discovered in BusyBox before 1.30.0. An out of bounds read in udhcp components (consume
commands/rsync in Gitolite before 3.6.11, if .gitolite.rc enables rsync, mishandles the rsync comman
In WinSCP before 5.14 beta, due to missing validation, the scp implementation would accept arbitrary
SAP Startup Service, SAP KERNEL 7.45, 7.49, and 7.52, is missing an authentication check for functio
In SAP Solution Manager 7.20, the role SAP_BPO_CONFIG gives the Business Process Operations (BPO) co
SAP NetWeaver, SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52,
A vulnerability classified as problematic has been found in flar2 ElementalX up to 6.x on Nexus 9. A
Improper directory permissions in the installer for the Intel(R) SSD Data Center Tool for Windows be
Craft CMS 2.6.3000 allows remote attackers to execute arbitrary PHP code by using the 'Assets->Uploa
An exploitable buffer overflow vulnerability exists in the HTTP header-parsing function of the Webro
In macOS High Sierra before 10.13.5, an issue existed in CUPS. This issue was addressed with improve
In macOS High Sierra before 10.13.5, an access issue was addressed with additional sandbox restricti
In macOS High Sierra before 10.13.5, an access issue was addressed with additional sandbox restricti
In iOS before 11.3, tvOS before 11.3, watchOS before 4.3, and macOS before High Sierra 10.13.4, an i
In Safari before 11.1, an information leakage issue existed in the handling of downloads in Safari P
In iOS before 11.4, iCloud for Windows before 7.5, watchOS before 4.3.1, iTunes before 12.7.5 for Wi
In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS bef
In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS bef
In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS bef
In iOS before 11.3, Safari before 11.1, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 f
In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS bef
In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS bef
In macOS High Sierra before 10.13.5, a privacy issue in the handling of Open Directory records was a
In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iClo
In iOS before 11.4.1, watchOS before 4.3.2, tvOS before 11.4.1, Safari before 11.1.1, macOS High Sie
In iOS before 11.4, a memory corruption issue exists and was addressed with improved memory handling
In iOS before 11.4 and macOS High Sierra before 10.13.5, a memory corruption issue exists and was ad
In Octopus Deploy versions 3.2.11 - 4.1.5 (fixed in 4.1.6), an authenticated user with ProcessEdit p
An Out-of-bounds Read issue was discovered in Adobe Flash Player before 28.0.0.137. This vulnerabili
In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of se
In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of se
In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of se
In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of se
In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of se
In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of se
In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of se
In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of se
In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of se
In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of se
Race condition in Jungo Windriver 12.5.1 allows local users to cause a denial of service (buffer ove
A vulnerability in the ExtCommon.dll user extension module version 9.2, 9.2.1, 9.2.2 of Xplatform Ac
When using incomplete escape codes, Irssi before 1.0.6 may access data beyond the end of the string.
When using an incomplete variable argument, Irssi before 1.0.6 may access data beyond the end of the
On Samsung mobile devices with N(7.x) software and Exynos chipsets, attackers can conduct a Trustlet
In K7 Antivirus 15.1.0306, the driver file (K7Sentry.sys) allows local users to cause a denial of se
In K7 Antivirus 15.1.0306, the driver file (K7Sentry.sys) allows local users to cause a denial of se
In K7 Antivirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of se
In K7 Antivirus 15.1.0306, the driver file (K7Sentry.sys) allows local users to cause a denial of se
Multiple buffer overflows in BarCodeWiz BarCode before 6.7 ActiveX control (BarcodeWiz.DLL) allow re
The AP4_FtypAtom class in Core/Ap4FtypAtom.cpp in Bento4 1.5.1.0 has an Infinite loop via a crafted
Discuz! DiscuzX X3.4 allows remote authenticated users to bypass intended attachment-deletion restri
Cobham Sea Tel 121 build 222701 devices allow remote attackers to obtain potentially sensitive infor
In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denia
In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denia
In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denia
In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denia
In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denia
In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denia
In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denia
In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denia
In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denia
Kentico 9.0 through 11.0 has a stack-based buffer overflow via the SqlName, SqlPswd, Database, UserN
The Photos in Wifi application 1.0.1 for iOS has directory traversal via the ext parameter to assets
The ImageInject plugin 1.15 for WordPress has CSRF via wp-admin/options-general.php.
The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php pane
The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php pane
The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php pane
The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php pane
In the Procter & Gamble 'Oral-B App' (aka com.pg.oralb.oralbapp) application 5.0.0 for Android, AES
PoDoFo 0.9.5 does not properly validate memcpy arguments in the PdfMemoryOutputStream::Write functio
Cheetah Mobile CM Browser 5.22.06.0012, when installed on unspecified 'older' Android platforms, all
Cheetah Mobile Armorfly Browser & Downloader 1.1.05.0010, when installed on unspecified 'older' Andr
In the Linux kernel through 3.2, the rds_message_alloc_sgs() function does not validate a value that
In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the JSON, XML, NTP, XMPP, and GDB dissectors could
In the Linux kernel through 4.14.13, drivers/block/loop.c mishandles lo_release serialization, which
A stack-based buffer overflow within GNOME gcab through 0.7.4 can be exploited by malicious attacker
The WPGlobus plugin 1.9.6 for WordPress has CSRF via wp-admin/options.php.
The SrbTransLatin plugin 1.46 for WordPress has CSRF via an srbtranslatoptions action to wp-admin/op
diag_ping.cmd on D-Link DSL-2640U devices with firmware IM_1.00 and ME_1.00, and DSL-2540U devices w
The Testimonial Slider plugin through 1.2.4 for WordPress has SQL Injection via settings\sliders.php
The Smooth Slider plugin through 2.8.6 for WordPress has SQL Injection via smooth-slider.php (trid p
The Dbox 3D Slider Lite plugin through 1.2.2 for WordPress has SQL Injection via settings\sliders.ph
Imperva SecureSphere gateway (GW) running v13, for both pre-First Time Login or post-First Time Logi
Dokan, versions between 1.0.0.5000 and 1.2.0.1000, are vulnerable to a stack-based buffer overflow i
Imperva SecureSphere running v12.0.0.50 is vulnerable to local arbitrary code execution, escaping se
Imperva SecureSphere running v13.0, v12.0, or v11.5 allows low privileged users to add SSH login key
OnCommand Unified Manager for 7-Mode (core package) prior to 5.2.4 uses cookies that lack the secure
An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. CSRF exists via
An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. CSRF exists
An issue was discovered in the read-and-understood plugin 2.1 for WordPress. CSRF exists via wp-admi
An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. CSRF exists via wp-admin
Type confusion could lead to a heap out-of-bounds write in V8 in Google Chrome prior to 64.0.3282.16
Insufficiently sanitized distributed objects in Updater in Google Chrome on macOS prior to 66.0.3359
An asynchronous generator may return an incorrect state in V8 in Google Chrome prior to 66.0.3359.11
An object lifetime issue in the developer tools network handler in Google Chrome prior to 66.0.3359.
An integer overflow that could lead to an attacker-controlled heap out-of-bounds write in PDFium in
Type confusion in ReadableStreams in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote a
A precision error in Skia in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perfor
Insufficient target checks on the chrome.debugger API in DevTools in Google Chrome prior to 67.0.339
Allowing the chrome.debugger API to attach to Web UI pages in DevTools in Google Chrome prior to 67.
Insufficient validation of an image filter in Skia in Google Chrome prior to 67.0.3396.62 allowed a
Off-by-one error in PDFium in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perfo
Bad cast in DevTools in Google Chrome on Win, Linux, Mac, Chrome OS prior to 66.0.3359.117 allowed a
A precision error in Skia in Google Chrome prior to 68.0.3440.75 allowed a remote attacker who had c
A race condition in Oilpan in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to poten
Improper deserialization in WebGL in Google Chrome on Mac prior to 68.0.3440.75 allowed a remote att
A bad cast in PDFium in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially
Integer overflows in Swiftshader in Google Chrome prior to 68.0.3440.75 potentially allowed a remote
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580
K7Computing Pvt Ltd K7Antivirus Premium 15.1.0.53 is affected by: Incorrect Access Control. The impa
K7Computing Pvt Ltd K7AntiVirus Premium 15.1.0.53 is affected by: Incorrect Access Control. The impa
K7Computing Pvt Ltd K7AntiVirus Premium 15.01.00.53 is affected by: Buffer Overflow. The impact is:
K7Computing Pvt Ltd K7Antivirus Premium 15.1.0.53 is affected by: Buffer Overflow. The impact is: ex
K7Computing Pvt Ltd K7AntiVirus Premium 15.01.00.53 is affected by: Incorrect Access Control. The im
K7Computing Pvt Ltd K7AntiVirus Premium 15.1.0.53 is affected by: Buffer Overflow. The impact is: ex
Insufficient path checking in Intel(R) System Support Utility for Windows before 2.5.0.15 may allow
A remote code execution vulnerability exists in Xterm.js when the component mishandles special chara
ecstatic have a denial of service vulnerability. Successful exploitation could lead to crash of an a
When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than
Improper refcounting of soft token session objects could cause a use-after-free and crash (likely li
When following the value's prototype chain, it was possible to retain a reference to a locale, delet
Mozilla community member Philipp reported a memory safety bug present in Firefox 68 when 360 Total S
An attacker could have caused 4 bytes of HMAC output to be written past the end of a buffer stored o
A fixed-size stack buffer could overflow in nrappkit when doing WebRTC signaling. This resulted in a
Mozilla developers and community members reported memory safety bugs present in Firefox 69 and Firef
A security vulnerability has been identified in HPE SimpliVity 380 Gen 9, HPE SimpliVity 380 Gen 10,
Use after free in media picker in Google Chrome prior to 79.0.3945.88 allowed a remote attacker who
Use after free in FileAPI in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potent
Ricoh SP C250DN 1.06 devices have Incorrect Access Control (issue 1 of 2).
Ricoh SP C250DN 1.06 devices allow CSRF.
Ricoh SP C250DN 1.06 devices have Incorrect Access Control (issue 2 of 2).
A flaw was found during the upgrade of an existing OpenShift Container Platform 3.x cluster. Using C
A flaw was found in Wildfly Security Manager, running under JDK 11 or 8, that authorized requests fo
In all versions of cpio before 2.13 does not properly validate input files when generating TAR archi
An exposed Telnet Service on the Billion Smart Energy Router SG600R2 with firmware v3.02.rc6 allows
Billion Smart Energy Router SG600R2 Firmware v3.02.rc6 allows an authenticated attacker to gain root
Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM
Multiple vulnerabilities in the REST and SOAP API endpoints of Cisco Data Center Network Manager (DC
Multiple vulnerabilities in the REST and SOAP API endpoints of Cisco Data Center Network Manager (DC
Multiple vulnerabilities in the REST and SOAP API endpoints and the Application Framework feature of
Multiple vulnerabilities in the REST and SOAP API endpoints and the Application Framework feature of
Multiple vulnerabilities in the REST and SOAP API endpoints and the Application Framework feature of
Multiple vulnerabilities in the REST and SOAP API endpoints of Cisco Data Center Network Manager (DC
Multiple vulnerabilities in the REST and SOAP API endpoints of Cisco Data Center Network Manager (DC
The plain text serializer used a fixed-size array for the number of <ol> elements it could process;
When using nested workers, a use-after-free could occur during worker destruction. This resulted in
When running, the updater service wrote status and log files to an unrestricted location; potentiall
Under certain conditions, when checking the Resist Fingerprinting preference during device orientati
Under certain conditions, when retrieving a document from a DocShell in the antitracking code, a rac
Mozilla developers reported memory safety bugs present in Firefox 70 and Firefox ESR 68.2. Some of t
Mozilla developers reported memory safety bugs present in Firefox 70. Some of these bugs showed evid
If an image had not loaded correctly (such as when it is not actually an image), it could be dragged
During the initialization of a new content process, a pointer offset can be manipulated leading to m
Due to a missing case handling object types, a type confusion vulnerability could occur, resulting i
When Python was installed on Windows, a python file being served with the MIME type of text/plain co
Mozilla developers reported memory safety bugs present in Firefox 71 and Firefox ESR 68.3. Some of t
Mozilla developers reported memory safety bugs present in Firefox 71. Some of these bugs showed evid
This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP
This vulnerability allows local attackers to escalate privileges on affected installations of Parall
TotalAV 2020 4.14.31 has a quarantine flaw that allows privilege escalation. Exploitation uses an NT
Systems management on Unisys ClearPath Forward Libra and ClearPath MCP Software Series can fault and
An issue was discovered in Suricata 5.0.0. It was possible to bypass/evade any tcp based signature b
GitLab Enterprise Edition (EE) 6.7 and later through 12.5 allows SSRF.
GitLab EE 12.3 through 12.5, 12.4.3, and 12.3.6 allows Denial of Service. Certain characters were ma
GitLab EE 8.4 through 12.5, 12.4.3, and 12.3.6 stored several tokens in plaintext.
An issue was discovered in ManageEngine Applications Manager 14 with Build 14360. Integrated Postgre
Broadcom based cable modems across multiple vendors are vulnerable to a buffer overflow, which allow
An issue was discovered in rConfig 3.9.3. A remote authenticated user can directly execute system co
CA Automic Dollar Universe 5.3.3 contains a vulnerability, related to the uxdqmsrv binary being setu
An issue was discovered in rConfig 3.9.3. The install script updates the /etc/sudoers file for rconf
In GitLab EE 10.5 through 12.5.3, 12.4.5, and 12.3.8, when transferring a public project to a privat
An invalid pointer vulnerability in IOCTL Handling in the kyrld.sys driver in Kyrol Internet Securit
There is a DoS vulnerability in Pillow before 6.2.2 caused by FpxImagePlugin.py calling the range fu
ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving e
An issue was discovered on Intelbras IWR 3000N 1.8.7 devices. When the administrator password is cha
An issue was discovered in report_edit.jsp in Determine (formerly Selectica) Contract Lifecycle Mana
libsixel 1.8.4 has an integer overflow in sixel_frame_resize in frame.c.
D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUT
selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing
ngiflib 0.4 has a heap-based buffer over-read in GifIndexToTrueColor in ngiflib.c.
netflow_get_stats in functions_netflow.php in Pandora FMS 7.0NG allows remote authenticated users to
OpenLambda 2019-09-10 allows DNS rebinding attacks against the OL server for the REST API on TCP por
In PHP Scripts Mall advanced-real-estate-script 4.0.9, the news_edit.php news_id parameter is vulner
In Netwide Assembler (NASM) 2.15rc0, a heap-based buffer over-read occurs (via a crafted .asm file)
A flaw in Give before 2.5.5, a WordPress plugin, allowed unauthenticated users to bypass API authent
In Teradici PCoIP Agent before 19.08.1 and PCoIP Client before 19.08.3, an unquoted service path can
A mutation cross-site scripting (XSS) issue in Typora through 0.9.9.31.2 on macOS and through 0.9.81
An issue was discovered in Viki Vera 4.9.1.26180. A user without access to a project could download
Simply-Blog through 2019-01-01 has SQL Injection via the admin/deleteCategories.php delete parameter
aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Authentication username and pass
In libsixel v1.8.2, there is a heap-based buffer over-read in the function load_jpeg() in the file l
Sqla_yaml_fixtures 0.9.1 allows local users to execute arbitrary python code via the fixture_text ar
OpenRefine through 3.1 allows arbitrary file write because Directory Traversal can occur during the
Improper input validation in the proxy component of McAfee Web Gateway 7.8.2.0 and later allows remo
Pivotal Concourse, all versions prior to 4.2.2, puts the user access token in a url during the login
IBM QRadar SIEM 7.3.0 through 7.3.3 uses weak credential storage in some instances which could be de
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_2, 6.0.0.0 through 6.0.3.2, and
An issue was discovered in Foxit Reader and PhantomPDF before 9.4 on Windows. It is an Out-of-Bounds
Vtiger CRM 7.1.0 before Hotfix2 allows uploading files with the extension 'php3' in the logo upload
An exploitable heap buffer overflow vulnerability exists in the data structure persistence functiona
An exploitable heap buffer overflow vulnerability exists in the data structure persistence functiona
Some Huawei products have a buffer error vulnerability. An unauthenticated, remote attacker could se
EARCLINK ESPCMS-P8 has SQL injection in the install_pack/index.php?ac=Member&at=verifyAccount verify
An issue was discovered in BusyBox through 1.30.0. An out of bounds read in udhcp components (consum
An issue was discovered in ShopXO 1.2.0. In the UnlinkDir method of the FileUtil.php file, the input
Access analysis CGI An-Analyzer released in 2019 June 24 and earlier allows remote authenticated att
Access analysis CGI An-Analyzer released in 2019 June 24 and earlier allow remote attackers to obtai
The Admin Panel of PHP Scripts Mall Advance Peer to Peer MLM Script v1.7.0 allows remote attackers t
An issue was discovered in XiaoCms 20141229. It allows admin/index.php?c=database table SQL injectio
The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rg
An issue was discovered in Bento4 v1.5.1-627. There is a memory leak in AP4_DescriptorFactory::Creat
An issue has been found in libIEC61850 v1.3.1. Memory_malloc in hal/memory/lib_memory.c has a memory
An issue has been found in libIEC61850 v1.3.1. Ethernet_setProtocolFilter in hal/ethernet/linux/ethe
An issue was discovered in lib60870 2.1.1. LinkLayer_setAddress in link_layer/link_layer.c has a NUL
An issue has been found in libIEC61850 v1.3.1. Memory_malloc and Memory_calloc in hal/memory/lib_mem
An issue was discovered in UsualToolCMS 8.0. cmsadmin/a_sqlbackx.php?t=sql allows CSRF attacks that
An issue was discovered in Anti-Grain Geometry (AGG) 2.4 as used in SVG++ (aka svgpp) 1.2.3. In the
An issue was discovered in Anti-Grain Geometry (AGG) 2.4 as used in SVG++ (aka svgpp) 1.2.3. A heap-
HP DeskJet 3630 All-in-One Printers models F5S43A - F5S57A, K4T93A - K4T99C, K4U00B - K4U03B, and V3
Certain HP DeskJet 3630 All-in-One Printers models F5S43A - F5S57A, K4T93A - K4T99C, K4U00B - K4U03B
A CWE-287: Improper Authentication vulnerability exists in a folder within EcoStruxure Geo SCADA Exp
Incorrect Authorization vulnerability exists in EcoStruxure Control Expert (all versions prior to 14
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580
In getProcessRecordLocked of ActivityManagerService.java isolated apps are not handled correctly. Th
In ih264d_init_decoder of ih264d_api.c, there is a possible out of bounds write due to a use after f
The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains a
An integer overflow due to improper check performed after the address and size passed are aligned in
A directory traversal vulnerability in the Markdown engine of Gotenberg through 6.2.1 allows an atta
An exploitable local privilege elevation vulnerability exists in the file system permissions of the
An exploitable local privilege elevation vulnerability exists in the file system permissions of the
An exploitable local privilege elevation vulnerability exists in the file system permissions of the
An exploitable sign extension vulnerability exists in the TextMaker document parsing functionality o
An exploitable signed conversion vulnerability exists in the TextMaker document parsing functionalit
A denial-of-service vulnerability exists in the traffic-logging functionality of FreyrSCADA IEC-6087
A denial-of-service vulnerability exists in the Ethernet/IP server functionality of Rockwell Automat
Information disclosure vulnerability in HCL Commerce 9.0.1.9 through 9.0.1.14 and 9.1 through 9.1.4
Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.198 allowed a remote attacker
Insufficient data validation in WASM in Google Chrome prior to 87.0.4280.66 allowed a remote attacke
Inappropriate implementation in filesystem in Google Chrome on ChromeOS prior to 87.0.4280.66 allowe
Inappropriate implementation in cryptohome in Google Chrome on ChromeOS prior to 87.0.4280.66 allowe
Race in image burner in Google Chrome on ChromeOS prior to 87.0.4280.66 allowed a remote attacker wh
Insufficient policy enforcement in networking in Google Chrome prior to 87.0.4280.66 allowed a remot
Use after free in WebCodecs in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to pote
Use after free in WebRTC in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to potenti
Heap buffer overflow in WebRTC in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to p
Inappropriate implementation in PDFium in Google Chrome prior to 87.0.4280.66 allowed a remote attac
Insufficient data validation in cros-disks in Google Chrome on ChromeOS prior to 87.0.4280.66 allowe
Use after free in clipboard in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to pote
Use after free in media in Google Chrome on OS X prior to 87.0.4280.88 allowed a remote attacker to
Use after free in extensions in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to pot
Out of bounds read in networking in Google Chrome prior to 87.0.4280.88 allowed a remote attacker wh
Insufficient data validation in networking in Google Chrome prior to 87.0.4280.141 allowed a remote
Espressif ESP-IDF 2.x, 3.0.x through 3.0.9, 3.1.x through 3.1.7, 3.2.x through 3.2.3, 3.3.x through
Barco TransForm N before 3.8 allows Command Injection (issue 2 of 4). The NDN-210 has a web administ
The NDN-210 has a web administration panel which is made available over https. There is a command in
The NDN-210 has a web administration panel which is made available over https. There is a command in
The ATS ESI plugin has a memory disclosure vulnerability. If you are running the plugin please upgra
ATS negative cache option is vulnerable to a cache poisoning attack. If you have this option enabled
Apache Flink 1.5.1 introduced a REST handler that allows you to write an uploaded file to an arbitra
A change introduced in Apache Flink 1.11.0 (and released in 1.11.1 and 1.11.2 as well) allows attack
There exists a race condition between the deletion of the temporary file and the creation of the tem
USG9500 with software of V500R001C30SPC100; V500R001C30SPC200; V500R001C30SPC600; V500R001C60SPC500;
Apache Olingo versions 4.0.0 to 4.7.0 provide the AsyncRequestWrapperImpl class which reads a URL fr
Veno File Manager 3.5.6 is affected by a directory traversal vulnerability. Using the traversal allo
A NULL pointer dereference in the main() function dhry_1.c of dhrystone 2.1 causes a denial of servi
A blind SQL injection vulnerability exists in zzcms ver201910 based on time (cookie injection).
Multiple cross-site request forgery (CSRF) vulnerabilities in the Admin Console in Fork before 5.8.3
An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. The
A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this
Dovecot before 2.3.13 has Improper Input Validation in lda, lmtp, and imap, leading to an applicatio
SaferVPN for Windows Ver 5.0.3.3 through 5.0.4.15 could allow local privilege escalation from low pr
In SmartBear Collaborator Server through 13.3.13302, use of the Google Web Toolkit (GWT) API introdu
Dell EMC Isilon OneFS versions 8.1 and later and Dell EMC PowerScale OneFS version 9.0.0 contain a p
A vulnerability in EbmlTypeDispatcher::send in VideoLAN VLC media player 3.0.11 allows attackers to
Restaurant Reservation System 1.0 suffers from an authenticated SQL injection vulnerability, which a
Certain blit values provided by the user were not properly constrained leading to a heap buffer over
Certain input to the CSS Sanitizer confused it, resulting in incorrect components being removed. Thi
When flex-basis was used on a table wrapper, a StyleGenericFlexBasis object could have been incorrec
A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All
A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All
A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All
A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All
A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All
A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All
A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All
A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All
A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Solid Edge SE2020 (All Vers
A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (A
A vulnerability has been identified in JT2Go (All versions < V13.1.0.2), Teamcenter Visualization (A
A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All
A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All
A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All
A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All
A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All
In onAuthenticated of AuthenticationClient.java, there is a possible tapjacking attack when requesti
The TIBCO EBX Add-on for Oracle Hyperion EPM, TIBCO EBX Data Exchange Add-on, and TIBCO EBX Insight
Delta Electronics DOPSoft Version 4.0.8.21 and prior is vulnerable to an out-of-bounds write while p
Delta Electronics DOPSoft Version 4.0.8.21 and prior has a null pointer dereference issue while proc
A NULL pointer deference vulnerability has been identified in the protocol converter. An attacker co
A stack-based buffer overflow may exist in Delta Electronics CNCSoft ScreenEditor versions 1.01.26 a
Delta Electronics CNCSoft-B Versions 1.0.0.2 and prior is vulnerable to an out-of-bounds write while
Delta Electronics CNCSoft-B Versions 1.0.0.2 and prior has a null pointer dereference issue while pr
Delta Electronics CNCSoft-B Versions 1.0.0.2 and prior is vulnerable to an out-of-bounds read while
Delta Electronics CNCSoft-B Versions 1.0.0.2 and prior has a type confusion issue while processing p
A flaw was found in openjpeg's src/lib/openjp2/t2.c in versions prior to 2.4.0. This flaw allows an
In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier che
A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP12), Solid Edge SE2
A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP12), Solid Edge SE2
A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Solid Edge SE2020 (All Vers
A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP12), Solid Edge SE2
A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP12), Solid Edge SE2
MonoCMS Blog 1.0 is affected by incorrect access control that can lead to remote arbitrary code exec
A vulnerability in the showReports module of Zoho ManageEngine Applications Manager before build 145
In x/text in Go 1.15.4, an 'index out of range' panic occurs in language.ParseAcceptLanguage while p
In x/text in Go before v0.3.5, a 'slice bounds out of range' panic occurs in language.ParseAcceptLan
SphinxSearch in Sphinx Technologies Sphinx through 3.1.1 allows directory traversal (in conjunction
CA Service Catalog 17.2 and 17.3 contain a vulnerability in the default configuration of the Setup U
Dell Wyse ThinOS 8.6 and prior versions contain an insecure default configuration vulnerability. A r
If a user downloaded a file lacking an extension on Windows, and then 'Open'-ed it from the download
Mozilla developers reported memory safety bugs present in Firefox 83 and Firefox ESR 78.5. Some of t
Mozilla developers reported memory safety bugs present in Firefox 83. Some of these bugs showed evid
An issue was discovered in ClusterLabs crmsh through 4.2.1. Local attackers able to call 'crm histor
AnyDesk before 6.1.0 on Windows, when run in portable mode on a system where the attacker has write
The fileop module of the NXLog service in NXLog Community Edition 2.10.2150 allows remote attackers
In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because th
In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr file
An issue was discovered in Cacti 1.2.x through 1.2.16. A SQL injection vulnerability in data_debug.p
PHPGURUKUL Hospital Management System V 4.0 does not properly restrict access to admin/dashboard.php
The sellTokenForLRC function in the vault protocol in the smart contract implementation for Loopring
flb_gzip_compress in flb_gzip.c in Fluent Bit before 1.6.4 has an out-of-bounds write because it doe
decode_frame in libavcodec/exr.c in FFmpeg 4.3.1 has an out-of-bounds write because of errors in cal
Engine.IO before 4.0.0 allows attackers to cause a denial of service (resource consumption) via a PO
socket.io-parser before 3.4.1 allows attackers to cause a denial of service (memory consumption) via
Directory traversal vulnerability in page_edit.php in MiniCMS V1.10 allows remote attackers to read
GJSON <1.6.5 allows attackers to cause a denial of service (remote) via crafted JSON.
GJSON <=v1.6.5 allows attackers to cause a denial of service (panic: runtime error: slice bounds out
The Application Wrapper in Pearson VUE VTS Installer 2.3.1911 has Full Control permissions for Every
An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Authenticated
An issue was discovered in Veritas System Recovery before 21.2. On start-up, it loads the OpenSSL li
An issue was discovered in Veritas APTARE 10.4 before 10.4P9 and 10.5 before 10.5P3. By default, on
An issue was discovered in Veritas CloudPoint before 8.3.0.1+hotfix. The CloudPoint Windows Agent le
An issue was discovered in Veritas NetBackup and OpsCenter through 8.3.0.1. NetBackup processes usin
An issue was discovered in Veritas Enterprise Vault through 14.0. On start-up, it loads the OpenSSL
An issue was discovered in Veritas Desktop and Laptop Option (DLO) before 9.4. On start-up, it loads
An issue was discovered in Veritas InfoScale 7.x through 7.4.2 on Windows, Storage Foundation throug
An issue was discovered in the server in Veritas Backup Exec through 16.2, 20.6 before hotfix 298543
An issue was discovered in Veritas Resiliency Platform 3.4 and 3.5. It leverages OpenSSL on Windows
An issue was discovered in Veritas NetBackup through 8.3.0.1 and OpsCenter through 8.3.0.1. Processe
The iThemes Security (formerly Better WP Security) plugin before 7.7.0 for WordPress does not enforc
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadg
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadg
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadg
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadg
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadg
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadg
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadg
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadg
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadg
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadg
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadg
Combodo iTop is a web based IT Service Management tool. In iTop before versions 2.7.2 and 2.8.0, whe
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_2, 6.0.0.0 through 6.0.3.2, and
IBM Emptoris Strategic Supply Management 10.1.3 uses weaker than expected cryptographic algorithms t
IBM Cloud Pak System 2.3 Self Service Console could allow a privilege escalation by capturing the us
IBM Cloud Pak System 2.3 is vulnerable to cross-site request forgery which could allow an attacker t
IBM Curam Social Program Management 7.0.9 and 7.0.11 is vulnerable to cross-site request forgery whi
IBM Spectrum Protect Plus 10.1.0 through 10.1.6 may include sensitive information in its URLs increa
A vulnerability in SonicWall SMA100 appliance allow an authenticated management-user to perform OS c
Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated administrators to execute arbitrar
FTPGetter Professional 5.97.0.223 is vulnerable to a memory corruption bug when a user sends a speci
PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple SQL injection vulnerabilitie
In uftpd before 2.11, there is a buffer overflow vulnerability in handle_PORT in ftpcmd.c that is ca
libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding integer overflow, related to real
libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow.
Select Dell Client Commercial and Consumer platforms support a BIOS password reset capability that i
FontForge 20190801 has a use-after-free in SFD_GetFontMetaData in sfd.c.
FontForge 20190801 has a heap-based buffer overflow in the Type2NotDefSplines() function in splinesa
PHPGurukul Small CRM v2.0 was found vulnerable to authentication bypass via SQL injection when loggi
Marvell QConvergeConsole GUI <= 5.5.0.74 is affected by a path traversal vulnerability. The deleteEv
In Marvell QConvergeConsole GUI <= 5.5.0.74, credentials are stored in cleartext in tomcat-users.xml
An insecure file upload and code execution issue was discovered in Ahsay Cloud Backup Suite 8.3.0.30
An issue was discovered in SdLegacySmm in Insyde InsydeH2O with kernel 5.1 before 05.15.11, 5.2 befo
A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance Mode through 2.10, allows a CSRF a
A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance Mode through 2.10, allows authenti
Use after free in audio in Google Chrome prior to 79.0.3945.117 allowed a remote attacker to potenti
GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in read_pages_map in decode_r2007.c.
GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in copy_compressed_bytes in decode_r2007.c
GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bit_search_sentinel in bits.c.
GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bfr_read in decode.c.
stb stb_truetype.h through 1.22 has an assertion failure in stbtt__cff_int.
stb stb_truetype.h through 1.22 has a heap-based buffer over-read in stbtt__find_table.
stb stb_truetype.h through 1.22 has an assertion failure in stbtt__buf_seek.
stb stb_truetype.h through 1.22 has a heap-based buffer over-read in stbtt__buf_get8.
stb stb_truetype.h through 1.22 has a heap-based buffer over-read in ttUSHORT.
stb stb_truetype.h through 1.22 has a heap-based buffer over-read in stbtt__buf_peek8.
stb stb_truetype.h through 1.22 has an assertion failure in stbtt__cff_get_index.
jhead through 3.04 has a heap-based buffer over-read in process_DQT in jpgqguess.c.
jhead through 3.04 has a heap-based buffer over-read in Get32s when called from ProcessGpsInfo in gp
Ming (aka libming) 0.4.8 has a heap-based buffer over-read in the function decompile_SWITCH() in dec
The Eaton's easySoft software v7.xx prior to v7.22 are susceptible to Out-of-bounds remote code exec
Eaton's easySoft software v7.xx prior to v7.22 are susceptible to file parsing type confusion remote
contentHostProperties.php in Rasilient PixelStor 5000 K:4.0.1580-20150629 (KDI Version) allows authe
rcdsvc in the Proofpoint Insider Threat Management Windows Agent (formerly ObserveIT Windows Agent)
Z-Wave devices based on Silicon Labs 100, 200, and 300 series chipsets do not support encryption, al
Z-Wave devices based on Silicon Labs 500 series chipsets using CRC-16 encapsulation, including but l
In dispatchGraphTerminationMessage() of packages/services/Car/computepipe/runner/graph/StreamSetObse
In addAllPermissions of PermissionManagerService.java, there is a possible permissions bypass when u
In updatePermissionSourcePackage of PermissionManagerService.java, there is a possible automatic run
In LazyServiceRegistrar of LazyServiceRegistrar.cpp, there is a possible memory corruption due to a
In isWordBreakAfter of LayoutUtils.cpp, there is a possible way to slow or crash a TextView due to i
In onCreate of GrantCredentialsPermissionActivity.java, there is a possible way to convince the user
In createOrUpdate of Permission.java and related code, there is possible permission escalation due t
In appendEventsToCacheLocked of SensorEventConnection.cpp, there is a possible out of bounds write d
In checkCallerIsSystemOr of CompanionDeviceManagerService.java, there is a possible way to get a nea
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sy
NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kerne
NVIDIA GPU Display Driver for Linux, all versions, contains a vulnerability in the kernel mode layer
NVIDIA Virtual GPU Manager NVIDIA vGPU manager contains a vulnerability in the vGPU plugin in which
NVIDIA vGPU software contains a vulnerability in the guest kernel mode driver and vGPU plugin, in wh
NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which an input index is not vali
NVIDIA vGPU software contains a vulnerability in the guest kernel mode driver and vGPU plugin, in wh
NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which an input data length is no
NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which an input offset is not val
NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which it obtains a value from an
NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which input data is not validate
A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software an
Microsoft is aware of the "Impersonation in the Passkey Entry Protocol" vulnerability. For
Windows AppX Deployment Extensions Elevation of Privilege Vulnerability
HEVC Video Extensions Remote Code Execution Vulnerability
HEVC Video Extensions Remote Code Execution Vulnerability
Microsoft Defender Remote Code Execution Vulnerability
Microsoft splwow64 Elevation of Privilege Vulnerability
Active Template Library Elevation of Privilege Vulnerability
Windows Runtime C++ Template Library Elevation of Privilege Vulnerability
Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
Windows CSC Service Elevation of Privilege Vulnerability
Windows CSC Service Elevation of Privilege Vulnerability
Windows CSC Service Elevation of Privilege Vulnerability
Windows CSC Service Elevation of Privilege Vulnerability
Windows Fax Compose Form Remote Code Execution Vulnerability
Remote Procedure Call Runtime Remote Code Execution Vulnerability
Windows CSC Service Elevation of Privilege Vulnerability
Remote Procedure Call Runtime Remote Code Execution Vulnerability
Windows Installer Elevation of Privilege Vulnerability
Windows Event Tracing Elevation of Privilege Vulnerability
Remote Procedure Call Runtime Remote Code Execution Vulnerability
GDI+ Remote Code Execution Vulnerability
Remote Procedure Call Runtime Remote Code Execution Vulnerability
Remote Procedure Call Runtime Remote Code Execution Vulnerability
Microsoft DTV-DVD Video Decoder Remote Code Execution Vulnerability
Windows Remote Desktop Security Feature Bypass Vulnerability
Remote Procedure Call Runtime Remote Code Execution Vulnerability
Remote Procedure Call Runtime Remote Code Execution Vulnerability
Windows Remote Desktop Protocol Core Security Feature Bypass Vulnerability
Windows Print Spooler Spoofing Vulnerability
Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
Windows WalletService Elevation of Privilege Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
Windows AppX Deployment Extensions Elevation of Privilege Vulnerability
Windows WalletService Elevation of Privilege Vulnerability
Windows WalletService Elevation of Privilege Vulnerability
Windows CSC Service Elevation of Privilege Vulnerability
Windows Multipoint Management Elevation of Privilege Vulnerability
Windows WalletService Elevation of Privilege Vulnerability
Windows Hyper-V Denial of Service Vulnerability
Windows Hyper-V Denial of Service Vulnerability
Windows CSC Service Elevation of Privilege Vulnerability
Windows Update Stack Elevation of Privilege Vulnerability
Windows Print Spooler Elevation of Privilege Vulnerability
Windows InstallService Elevation of Privilege Vulnerability
Remote Procedure Call Runtime Remote Code Execution Vulnerability
Remote Procedure Call Runtime Remote Code Execution Vulnerability
Windows Remote Procedure Call Runtime Elevation of Privilege Vulnerability
Windows Event Logging Service Elevation of Privilege Vulnerability
Windows Hyper-V Elevation of Privilege Vulnerability
Windows LUAFV Elevation of Privilege Vulnerability
Microsoft SharePoint Server Remote Code Execution Vulnerability
Windows Win32k Elevation of Privilege Vulnerability
Microsoft Windows Media Foundation Remote Code Execution Vulnerability
Microsoft Office Remote Code Execution Vulnerability
Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Word Remote Code Execution Vulnerability
Microsoft Word Remote Code Execution Vulnerability
Microsoft SharePoint Server Tampering Vulnerability
Microsoft SharePoint Elevation of Privilege Vulnerability
ASP.NET Core and Visual Studio Denial of Service Vulnerability
Improper access control in TrustZone due to improper error handling while handling the signing key i
A Stack-based buffer overflow in the SonicOS HTTP Content-Length response header allows a remote aut
A Stack-based buffer overflow in the SonicOS SessionID HTTP response header allows a remote authenti
Use after free in Blink in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potenti
Heap buffer overflow in Skia in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to po
Use after free in audio in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potenti
Heap buffer overflow in audio in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to p
spring-boot-actuator-logview in a library that adds a simple logfile viewer as spring boot actuator
The Python 'Flask-Security-Too' package is used for adding security features to your Flask applicati
Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from app
SAP NetWeaver AS ABAP, versions 740, 750, 751, 752, 753, 754, 755, allows an unauthenticated attacke
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated IFF file received fr
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PSD file received fr
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated SGI file received fr
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated GIF file received fr
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated RLE file received fr
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated RLE file received fr
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated DIB file received fr
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated DIB file received fr
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated IFF file received fr
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated IFF file received fr
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated IFF file received fr
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated DIB file received fr
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated BMP file received fr
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PCX file received fr
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PCX file received fr
SAP Business Warehouse, versions 700, 701, 702, 711, 730, 731, 740, 750, 782 and SAP BW/4HANA, versi
When security guidelines for SAP NetWeaver Master Data Management running on windows have not been t
MK-AUTH through 19.01 K4.9 allows CSRF for password changes via the central/executar_central.php?aca
VMware ESXi (7.0, 6.7 before ESXi670-202111101-SG and 6.5 before ESXi650-202110101-SG), VMware Works
In Lens prior to 5.3.4, custom helm chart configuration creates helm commands from string concatenat
When running with FIPS mode enabled, Mirantis Container Runtime 20.10.8 leaks memory during TLS Hand
selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain f
The Download Monitor WordPress plugin before 4.4.5 does not properly validate and escape the 'orderb
All AJAX actions of the Tab WordPress plugin before 1.3.2 are available to both unauthenticated and
The RegistrationMagic WordPress plugin before 5.0.1.6 does not escape user input in its rm_chronos_a
The Stars Rating WordPress plugin before 3.5.1 does not validate the submitted rating, allowing subm
The Plus Addons for Elementor - Pro WordPress plugin before 5.0.7 does not validate the qvquery para
The Speed Booster Pack ⚡ PageSpeed Optimization Suite WordPress plugin before 4.3.3.1 does not escap
The Events Made Easy WordPress plugin before 2.2.36 does not sanitise and escape the search_text par
The Modal Window WordPress plugin before 5.2.2 within the wow-company admin menu page allows to incl
The Button Generator WordPress plugin before 2.3.3 within the wow-company admin menu page allows to
The WP Coder WordPress plugin before 2.5.2 within the wow-company admin menu page allows to include(
The WPcalc WordPress plugin through 2.1 does not sanitize user input into the 'did' parameter and us
In Userfrosting, versions v0.3.1 to v4.6.2 are vulnerable to Host Header Injection. By luring a vict
Failure to validate the communication buffer and communication service in the BIOS may allow an atta
Insufficient input validation in SYS_KEY_DERIVE system call in a compromised user application or ABL
Insufficient bounds checking in ASP (AMD Secure Processor) firmware while handling BIOS mailbox comm
Insufficient bounds checking in SEV-ES may allow an attacker to corrupt Reverse Map table (RMP) memo
All request mappings in `StreamingCoordinatorController.java` handling `/kylin/api/streaming_coordin
Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from app
The _deposit function in the smart contract implementation for Stable Yield Credit (yCREDIT), an Eth
The breed function in the smart contract implementation for Farm in Seal Finance (Seal), an Ethereum
ffay lanproxy 0.1 allows Directory Traversal to read /../conf/config.properties to obtain credential
Invision Community IPS Community Suite before 4.5.4.2 allows SQL Injection via the Downloads REST AP
Improper validation of a socket state when socket events are being sent to clients can lead to inval
Possible integer overflow to buffer overflow due to improper input validation in FTM ARA commands in
Possible heap Memory Corruption Issue due to lack of input validation when sending HWTC IQ Capture c
Possible null pointer dereference due to lack of TLB validation for user provided address in Snapdra
Possible null pointer dereference in thread profile trap handler due to lack of thread ID validation
Possible null pointer dereference in trap handler due to lack of thread ID validation before derefer
Possible null pointer dereference in thread cache operation handler due to lack of validation of use
Possible assertion due to improper handling of IPV6 packet with invalid length in destination option
Possible integer overflow in access control initialization interface due to lack and size and addres
Possible integer overflow in page alignment interface due to lack of address and size validation bef
Improper access control while doing XPU re-configuration dynamically can lead to unauthorized access
Possible access control violation while setting current permission for VMIDs due to improper permiss
Possible out of bound write in RAM partition table due to improper validation on number of partition
Possible buffer overflow due to lack of range check while processing a DIAG command for COEX managem
Possible assertion due to lack of input validation in PUSCH configuration in Snapdragon Auto, Snapdr
Possible out of bound access due to improper validation of item size and DIAG memory pools data whil
Possible buffer overflow due to lack of buffer length check when segmented WMI command is received i
Possible assertion in QOS request due to improper validation when multiple add or update request are
Possible out of bound read due to lack of domain input validation while processing APK close session
Possible use after free when process shell memory is freed using IOCTL call and process initializati
Users have access to the directory where the installation repair occurs. Since the MS Installer allo
Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 al
before_upstream_connection in AuthPlugin in http/proxy/auth.py in proxy.py before 2.3.1 accepts inco
An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unmarshal/unmarshal.go lacks certain i
Mubu 2.2.1 allows local users to gain privileges to execute commands, aka CNVD-2020-68878.
Potential product security bypass vulnerability in McAfee Application and Change Control (MACC) prio
MooTools is a collection of JavaScript utilities for JavaScript developers. All known versions inclu
The FANUC R-30iA and R-30iB series controllers are vulnerable to integer coercion errors, which caus
The FANUC R-30iA and R-30iB series controllers are vulnerable to an out-of-bounds write, which may a
In Ultimaker S3 3D printer, Ultimaker S5 3D printer, Ultimaker 3 3D printer S-line through 6.3 and U
In Ultimaker S3 3D printer, Ultimaker S5 3D printer, Ultimaker 3 3D printer S-line through 6.3 and U
A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software an
Apache Geode versions up to 1.12.4 and 1.13.4 are vulnerable to a log file redaction of sensitive in
It was discovered that the eBPF implementation in the Linux kernel did not properly track bounds inf
There is an Assertion `scaling_list_pred_matrix_id_delta==1' failed at sps.cc:925 in libde265 v1.0.8
A heap-based buffer overflow vulnerability exists in MP4Box in GPAC 1.0.1 via the gp_rtp_builder_do_
A heab-based buffer overflow vulnerability exists in MP4Box in GPAC 1.0.1 via media.c, which allows
A heap-based buffer overflow vulnerability exists in GPAC v1.0.1 in the gf_isom_dovi_config_get func
Hilinksvc service exists a Data Processing Errors vulnerability .Successful exploitation of this vul
There is a Timing design defects in Smartphone.Successful exploitation of this vulnerability may aff
There is a Memory leakage vulnerability in Smartphone.Successful exploitation of this vulnerability
There is a Privilege escalation vulnerability with the file system component in Smartphone.Successfu
There is a Service logic vulnerability in Smartphone.Successful exploitation of this vulnerability m
There is a Service logic vulnerability in Smartphone.Successful exploitation of this vulnerability m
Arbitrary file has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability .Succe
Arbitrary file has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability .Succe
There is an Unauthorized file access vulnerability in Smartphones.Successful exploitation of this vu
Location-related APIs exists a Race Condition vulnerability.Successful exploitation of this vulnerab
A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), C
A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), C
nltk is vulnerable to Inefficient Regular Expression Complexity
ws-scrcpy is vulnerable to External Control of File Name or Path
growi is vulnerable to Authorization Bypass Through User-Controlled Key
A BIOS bug in firmware for a particular PC model leaves the Platform authorization value empty. This
IBM PowerVM Hypervisor FW860, FW940, FW950, and FW1010, through a specific sequence of VM management
IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 uses weaker than expected cryptographic algorithm
IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could disclose sensitive information due to hazar
IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in
IBM AIX 7.0, 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerabili
Spinnaker is an open source, multi-cloud continuous delivery platform. A path traversal vulnerabilit
There is an Uninitialized AOD driver structure in Smartphones.Successful exploitation of this vulner
There is a Vulnerability of obtaining broadcast information improperly due to improper broadcast per
Changlian Blocklist has a Business Logic Errors vulnerability .Successful exploitation of this vulne
There is an Unauthorized file access vulnerability in Smartphones.Successful exploitation of this vu
HwPCAssistant has a Improper Input Validation vulnerability.Successful exploitation of this vulnerab
Password vault has a External Control of System or Configuration Setting vulnerability.Successful ex
MyHuawei-App has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability.Successf
There is a Null pointer dereference in Smartphones.Successful exploitation of this vulnerability may
There is an Out-of-bounds read in Smartphones.Successful exploitation of this vulnerability may affe
Hilinksvc has a Data Processing Errors vulnerability.Successful exploitation of this vulnerability m
The HwNearbyMain module has a NULL Pointer Dereference vulnerability.Successful exploitation of this
Telephony application has a SQL Injection vulnerability.Successful exploitation of this vulnerabilit
The HwNearbyMain module has a Data Processing Errors vulnerability.Successful exploitation of this v
Huawei idap module has a Out-of-bounds Read vulnerability.Successful exploitation of this vulnerabil
The HwNearbyMain module has a Improper Validation of Array Index vulnerability.Successful exploitati
The HwNearbyMain module has a Data Processing Errors vulnerability.Successful exploitation of this v
The HwNearbyMain module has a NULL Pointer Dereference vulnerability.Successful exploitation of this
The HwNearbyMain module has a Exposure of Sensitive Information to an Unauthorized Actor vulnerabili
There is Vulnerability of APIs being concurrently called for multiple times in HwConnectivityExServi
The Bluetooth module has an out-of-bounds write vulnerability. Successful exploitation of this vulne
The Bluetooth module has an out-of-bounds write vulnerability. Successful exploitation of this vulne
The cellular module has a vulnerability in permission management. Successful exploitation of this vu
The distributed data service component has a vulnerability in data access control. Successful exploi
There is an uncontrolled resource consumption vulnerability in the display module. Successful exploi
The bone voice ID trusted application (TA) has a heap overflow vulnerability. Successful exploitatio
The eID module has a null pointer reference vulnerability. Successful exploitation of this vulnerabi
There is an Out-of-bounds array read vulnerability in the security storage module in smartphones. Su
The eID module has an out-of-bounds memory write vulnerability,Successful exploitation of this vulne
The weaver module has a vulnerability in parameter type verification,Successful exploitation of this
The eID module has a vulnerability that causes the memory to be used without being initialized,Succe
There is a Heap-based buffer overflow vulnerability in the AOD module in smartphones. Successful exp
The bone voice ID TA has a vulnerability in calculating the buffer length,Successful exploitation of
The eID module has an out-of-bounds memory write vulnerability,Successful exploitation of this vulne
There is a Buffer overflow vulnerability due to a boundary error with the Samba server in the file m
There is a Null pointer dereference vulnerability in the camera module in smartphones. Successful ex
The bone voice ID TA has a vulnerability in information management,Successful exploitation of this v
There is a Buffer overflow vulnerability due to a boundary error with the Samba server in the file m
There is a Double free vulnerability in the AOD module in smartphones. Successful exploitation of th
There is a Null pointer dereference vulnerability in the camera module in smartphones. Successful ex
In Apache James, using Jazzer fuzzer, we identified that an IMAP user can craft IMAP LIST commands t
In Modem EMM, there is a possible information disclosure due to a missing data encryption. This coul
DES cipher, which has inadequate encryption strength, is used Hitachi Energy FOXMAN-UN to encrypt us
In the DES implementation, the affected product versions use a default key for encryption. Successf
A vulnerability has been identified in syngo fastView (All versions). The affected application lacks
crater is vulnerable to Unrestricted Upload of File with Dangerous Type
PJSIP is a free and open source multimedia communication library written in the C language implement
Netskope client prior to 89.x on macOS is impacted by a local privilege escalation vulnerability. Th
SuiteCRM through 7.11.21 is vulnerable to CSRF, with resultant remote code execution, via the Upgrad
A vulnerability has been identified in SIPROTEC 5 6MD85 devices (CPU variant CP300) (All versions <
Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service
CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affe
A vulnerability has been identified in syngo fastView (All versions). The affected application lacks
An issue was discovered in CALDERA 2.8.1. It contains multiple startup 'requirements' that execute c
An issue was discovered in CALDERA 2.9.0. The Debrief plugin receives base64 encoded 'SVG' parameter
An issue was discovered in CALDERA 2.8.1. When activated, the Human plugin passes the unsanitized na
An issue was discovered in CALDERA 2.8.1. It does not properly segregate user privileges, resulting
A vulnerability classified as problematic was found in cronvel string-kit up to 0.12.7. This vulnera
A vulnerability in the .NET SDK of Apache Avro allows an attacker to allocate excessive resources, p
A vulnerability was found in Woorank robots-txt-guard. It has been rated as problematic. Affected by
The Realm Server component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Devel
The Realm Server component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Devel
The eFTL Server component of TIBCO Software Inc.'s TIBCO eFTL - Community Edition, TIBCO eFTL - Deve
The eFTL Server component of TIBCO Software Inc.'s TIBCO eFTL - Community Edition, TIBCO eFTL - Deve
A vulnerability classified as problematic has been found in cronvel terminal-kit up to 2.1.7. Affect
A stack-based buffer overflow in image_load_bmp() in HTMLDOC <= 1.9.13 results in remote code execut
OroPlatform is a PHP Business Application Platform. In affected versions by sending a specially craf
Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.12.3 and 1
Affected versions of Atlassian Jira Server and Data Center allow remote attackers with administrator
A SQL injection vulnerability in /mobile/SelectUsers.jsp in SysAid ITIL 20.4.74 b10 allows a remote
An unrestricted file upload vulnerability in /UploadPsIcon.jsp in SysAid ITIL 20.4.74 b10 allows a r
Apache Guacamole 1.2.0 and 1.3.0 do not properly validate responses received from a SAML identity pr
A link following denial-of-service vulnerability in Trend Micro Apex One (on-prem and SaaS) and Tren
ASUS RT-AX56U Wi-Fi Router is vulnerable to stack-based buffer overflow due to improper validation f
A download of code without integrity check vulnerability in the 'execute restore src-vis' command of
An arbitrary file read vulnerability exists in NavigateCMS 2.9 via /navigate/navigate_download.php i
A security vulnerability originally reported in the SYNC2101 product, and applicable to specific sub
An issue was discovered in dst-admin v1.3.0. The product has an unauthorized arbitrary file download
GNOME gdk-pixbuf 2.42.6 is vulnerable to a heap-buffer overflow vulnerability when decoding the lzw
Zoho ManageEngine M365 Manager Plus before Build 4419 allows remote command execution when updating
Zoho ManageEngine CloudSecurityPlus before Build 4117 allows remote code execution through the updat
Zoho ManageEngine O365 Manager Plus before Build 4416 allows remote code execution via BCP file over
net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the
An issue was discovered in BS_RCIO64.sys in Biostar RACING GT Evo 2.1.1905.1700. A low-integrity pro
If an OpenID Connect provider supports the 'none' algorithm (i.e., tokens with no signature), pac4j
A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C (All versions < V16.
A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C (All versions < V16.
An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. UserAt
An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. Due to
A link following privilege escalation vulnerability in Trend Micro Apex One (on-prem and SaaS) and T
A unnecessary privilege vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business Se
A origin validation error vulnerability in Trend Micro Apex One (on-prem and SaaS) could allow a loc
A link following denial-of-service vulnerability in Trend Micro Worry-Free Business Security (on pre
Unisys ClearPath MCP TCP/IP Networking Services 59.1, 60.0, and 62.0 has an Infinite Loop.
In Apache Kylin, Cross-origin requests with credentials are allowed to be sent from any origin. This
Apache Kylin provides encryption classes PasswordPlaceholderConfigurer to help users encrypt their p
A vulnerability has been identified in SICAM PQ Analyzer (All versions < V3.18). A service is starte
A vulnerability has been identified in syngo fastView (All versions). The affected application lacks
Accu-Time Systems MAXIMUS 1.0 telnet service suffers from a remote buffer overflow which causes the
An unauthenticated Named Pipe channel in Controlup Real-Time Agent (cuAgent.exe) before 8.5 potentia
A hardcoded key in ControlUp Real-Time Agent (cuAgent.exe) before 8.2.5 may allow a potential attack
In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function
An issue was discovered in AhciBusDxe in Insyde InsydeH2O with kernel 5.1 before 05.16.25, 5.2 befor
An issue was discovered in IdeBusDxe in Insyde InsydeH2O with kernel 5.1 before 05.16.25, 5.2 before
An issue was discovered in SdHostDriver in Insyde InsydeH2O with kernel 5.1 before 05.16.25, 5.2 bef
The giftrans function in giftrans 1.12.2 contains a stack-based buffer overflow because a value insi
Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote attackers to execute arbitrary cod
Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote attackers to execute arbitrary cod
Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote attackers to execute arbitrary cod
A Privilege Escalation vulnerability exists in Sourcecodester Vehicle Service Management System 1.0.
Sourcecodester Vehicle Service Management System 1.0 is vulnerable to File upload. An attacker can u
An Unrestricted File Upload vulnerability exists in Sourcecodester Vehicle Service Management System
In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_gro
An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1.
An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1.
Zoho ManageEngine Desktop Central before 10.0.662 allows remote code execution by an authenticated u
Zoho ManageEngine Desktop Central before 10.0.662, during startup, launches an executable file from
A local privilege escalation (PE) vulnerability exists in the Palo Alto Networks Cortex XDR agent th
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i
vim is vulnerable to Out-of-bounds Read
peertube is vulnerable to Server-Side Request Forgery (SSRF)
peertube is vulnerable to Improper Access Control
shelljs is vulnerable to Improper Privilege Management
phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF)
phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF)
In mdp driver, there is a possible memory corruption due to an integer overflow. This could lead to
Jenkins Docker Commons Plugin 1.17 and earlier does not sanitize the name of an image or a tag, resu
A cross-site request forgery (CSRF) vulnerability in Jenkins Bitbucket Branch Source Plugin 737.vdf9
A vulnerability exists in the HCI Modbus TCP function included in the product versions listed above.
A vulnerability exists in the affected versions of Lumada APM’s User Asset Group featuredue to a f
USOC is an open source CMS with a focus on simplicity. In affected versions USOC allows for SQL inje
SpiceDB is a database system for managing security-critical application permissions. Any user making
Shopware is an open source e-commerce software platform. In affected versions shopware would not inv
Jawn is an open source JSON parser. Extenders of the `org.typelevel.jawn.SimpleFacade` and `org.type
WordPress is a free and open-source content management system written in PHP and paired with a Maria
WordPress is a free and open-source content management system written in PHP and paired with a Maria
WordPress is a free and open-source content management system written in PHP and paired with a Maria
Useful Simple Open-Source CMS (USOC) is a content management system (CMS) for programmers. Versions
soketi is an open-source WebSockets server. There is an unhandled case when reading POST requests wh
pipenv is a Python development workflow tool. Starting with version 2018.10.9 and prior to version 2
PuddingBot is a group management bot. In version 0.0.6-b933652 and prior, the bot token is publicly
Bytecode Viewer (BCV) is a Java/Android reverse engineering suite. Versions of the package prior to
Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communi
Virtual Machine IDE Drive Elevation of Privilege Vulnerability
Windows User-mode Driver Framework Reflector Driver Elevation of Privilege Vulnerability
Microsoft Cryptographic Services Elevation of Privilege Vulnerability
Windows Certificate Spoofing Vulnerability
Microsoft SharePoint Server Remote Code Execution Vulnerability
Windows Cleanup Manager Elevation of Privilege Vulnerability
Microsoft Office Remote Code Execution Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Word Remote Code Execution Vulnerability
Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability
Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability
Remote Desktop Client Remote Code Execution Vulnerability
Remote Desktop Client Remote Code Execution Vulnerability
Windows DWM Core Library Elevation of Privilege Vulnerability
Active Directory Domain Services Elevation of Privilege Vulnerability
Windows Bind Filter Driver Elevation of Privilege Vulnerability
Windows Accounts Control Elevation of Privilege Vulnerability
Windows AppContracts API Server Elevation of Privilege Vulnerability
Task Flow Data Engine Elevation of Privilege Vulnerability
Windows Application Model Core API Elevation of Privilege Vulnerability
Windows StateRepository API Server file Elevation of Privilege Vulnerability
Windows UI Immersive Server API Elevation of Privilege Vulnerability
Connected Devices Platform Service Elevation of Privilege Vulnerability
Windows System Launcher Elevation of Privilege Vulnerability
Windows Push Notifications Apps Elevation of Privilege Vulnerability
Windows Devices Human Interface Elevation of Privilege Vulnerability
Clipboard User Service Elevation of Privilege Vulnerability
Tablet Windows User Interface Application Core Elevation of Privilege Vulnerability
Microsoft Diagnostics Hub Standard Collector Runtime Elevation of Privilege Vulnerability
Windows Event Tracing Elevation of Privilege Vulnerability
Tile Data Repository Elevation of Privilege Vulnerability
Windows Storage Elevation of Privilege Vulnerability
Windows Geolocation Service Remote Code Execution Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
Windows GDI+ Information Disclosure Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
Win32k Elevation of Privilege Vulnerability
Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability
Local Security Authority Subsystem Service Elevation of Privilege Vulnerability
Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
Win32k Elevation of Privilege Vulnerability
Windows Modern Execution Server Remote Code Execution Vulnerability
Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability
Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability
Remote Desktop Protocol Remote Code Execution Vulnerability
Windows User Profile Service Elevation of Privilege Vulnerability
Windows DWM Core Library Elevation of Privilege Vulnerability
Windows Common Log File System Driver Elevation of Privilege Vulnerability
Windows Hyper-V Elevation of Privilege Vulnerability
Windows DWM Core Library Elevation of Privilege Vulnerability
Windows GDI Elevation of Privilege Vulnerability
Windows GDI Information Disclosure Vulnerability
Windows Hyper-V Security Feature Bypass Vulnerability
Windows Installer Elevation of Privilege Vulnerability
Microsoft Cluster Port Driver Elevation of Privilege Vulnerability
.NET Framework Denial of Service Vulnerability
DirectX Graphics Kernel Remote Code Execution Vulnerability
Local Security Authority (Domain Policy) Remote Protocol Security Feature Bypass
Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
Windows Common Log File System Driver Elevation of Privilege Vulnerability
HEVC Video Extensions Remote Code Execution Vulnerability
Windows User Profile Service Elevation of Privilege Vulnerability
Windows Kerberos Elevation of Privilege Vulnerability
Remote Procedure Call Runtime Remote Code Execution Vulnerability
A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution atta
Memory corruption in Bluetooth HOST due to buffer overflow while parsing the command response receiv
In Daybyday CRM, versions 1.1 through 2.2.0 enforce weak password requirements in the user update fu
In DayByDay CRM, version 2.2.0 is vulnerable to missing authorization. Any application user in the a
In NocoDB, versions 0.81.0 through 0.83.8 are affected by CSV Injection vulnerability (Formula Injec
Improper sanitization of incoming intent in Dressroom prior to SMR Jan-2022 Release 1 allows local a
An improper check or handling of exceptional conditions in NPU driver prior to SMR Jan-2022 Release
A vulnerability using PendingIntent in Reminder prior to version 12.2.05.0 in Android R(11.0) and 12
A vulnerability using PendingIntent in Bixby Routines prior to version 3.1.21.8 in Android R(11.0) a
Improper authorization vulnerability in Galaxy Store prior to 4.5.36.5 allows remote app installatio
lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
Jenkins Warnings Next Generation Plugin 9.10.2 and earlier does not restrict the name of a file when
Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able
Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able
Jenkins Debian Package Builder Plugin 1.6.11 and earlier implements functionality that allows agents
Spinnaker is an open source, multi-cloud continuous delivery platform for releasing software changes
Spinnaker is an open source, multi-cloud continuous delivery platform for releasing software changes
Weave GitOps is a simple open source developer platform for people who want cloud native application
A vulnerability exists in Nokia’s ASIK AirScale system module (versions 474021A.101 and 474021A.102
The bootloader in the Nokia ASIK AirScale system module (versions 474021A.101 and 474021A.102) load
The signature check in the Nokia ASIK AirScale system module version 474021A.101 can be bypassed
A Server-Side Request Forgery (SSRF) in Rocket TRUfusion Portal v7.9.2.1 allows remote attackers to
The Forgotten Password functionality of Rocket TRUfusion Portal v7.9.2.1 allows remote attackers to
Memory corruption in display driver due to incorrect type casting while accessing the fence structur
Memory corruption in Multimedia Framework due to unsafe access to the data members
Memory corruption in display due to double free while allocating frame buffer memory
Memory corruption in video driver due to type confusion error during video playback
Memory corruption in kernel due to missing checks when updating the access rights of a memextent map
It was discovered that when exec'ing from a non-leader thread, armed POSIX CPU timers would be left
It was discovered that a nft object or expression could reference a nft set on a different nft table
It was discovered that the cls_route filter implementation in the Linux kernel would not remove an o
Versions of the package exec-local-bin before 1.2.0 are vulnerable to Command Injection via the theP
Versions of the package window-control before 1.4.5 are vulnerable to Command Injection via the send
io_uring UAF, Unix SCM garbage collection
Use after free in Exosphere in Google Chrome on Chrome OS and Lacros prior to 104.0.5112.79 allowed
Integer overflow in Window Manager in Google Chrome on Chrome OS and Lacros prior to 104.0.5112.79 a
Prosys OPC UA Simulation Server version prior to v5.3.0-64 and UA Modbus Server versions 1.4.18-5 an
The Priva TopControl Suite contains predictable credentials for the SSH service, based on the Serial
The APDFL.dll contains a stack-based buffer overflow vulnerability that could be triggered while pa
The APDFL.dll contains an out-of-bounds write past the fixed-length heap-based buffer while parsin
The APDFL.dll contains a memory corruption vulnerability while parsing specially crafted PDF file
In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to lo
In Config Manager, there is a possible command injection due to improper input validation. This coul
Memory corruption in Automotive due to improper input validation.
Memory corruption in Automotive due to integer overflow to buffer overflow while registering a new l
Memory corruption in Audio due to integer overflow to buffer overflow while music playback of clips
Memory corruption in android core due to improper validation of array index while returning feature
Memory corruption due to buffer copy without checking size of input in modem while receiving WMI_REQ
Race condition in snap-confine's must_mkdir_and_open_with_perms()
Transient DOS in Bluetooth HOST due to null pointer dereference when a mismatched argument is passed
Transient DOS due to null pointer dereference in Bluetooth HOST while receiving an attribute protoco
Memory corruption in Automotive Android OS due to improper input validation.
The WPtouch WordPress plugin before 4.3.45 does not properly validate images to be uploaded, allowin
The WPtouch WordPress plugin before 4.3.45 unserialises the content of an imported settings file, wh
Multiple SQL injections in Sage XRT Business Exchange 12.4.302 allow an authenticated attacker to in
Missing Authorization vulnerability in Rymera Web Co Wholesale Suite – WooCommerce Wholesale Prices,
Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptogra
Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptogr
In affected versions of Octopus Deploy it is possible for certain types of sensitive variables to in
IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, 7.6.1.3 and the IBM Maximo Manage 8.3, 8.4 application
An authentication bypass vulnerability exists in the get_IFTTTTtoken.cgi functionality of Asus RT-AX
Multiple improper neutralization of special elements used in an OS Command ('OS Command Injection')
An issue has been discovered in GitLab CE/EE affecting all versions before 15.5.7, all versions star
Missing Authorization vulnerability in Profilegrid ProfileGrid – User Profiles, Memberships, Groups
An issue was discovered in Zebra Enterprise Home Screen 4.1.19. The Gboard used by different applica
An issue was discovered in Zebra Enterprise Home Screen 4.1.19. The device allows the administrator
EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable() function, allowing a user to tr
EDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage() function, allowing a user to tri
EDK2 is susceptible to a vulnerability in the CreateHob() function, allowing a user to trigger a in
The Starter Templates by Kadence WP WordPress plugin before 1.2.17 unserialises the content of an im
Zoom Rooms for macOS clients before version 5.11.4 contain an insecure key generation mechanism. The
Zoom Rooms for macOS clients before version 5.11.3 contain a local privilege escalation vulnerabilit
Zoom Rooms for macOS clients before version 5.11.3 contain a local privilege escalation vulnerabilit
Zoom for Android clients before version 5.13.0 contain a path traversal vulnerability. A third party
The Zoom Rooms Installer for Windows prior to 5.12.6 contains a local privilege escalation vulnerabi
Zoom Rooms for Windows installers before version 5.13.0 contain a local privilege escalation vulnera
SSZipArchive versions 2.5.3 and older contain an arbitrary file write vulnerability due to lack of s
A flaw was found in the bash package, where a heap-buffer overflow can occur in valid parameter_tran
An issue was discovered in WeCube Platform 3.2.2. Cleartext passwords are displayed in the configura
A potential security vulnerability has been identified in HPE Superdome Flex and Superdome Flex 280
An information disclosure vulnerability exists in the cm_processREQ_NC opcode of Asus RT-AX82U 3.0.0
A denial of service vulnerability exists in the cfg_server cm_processConnDiagPktList opcode of Asus
Use after free in Passwords in Google Chrome prior to 105.0.5195.125 allowed a remote attacker who h
An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03. Some parameters allow SQL inj
An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03. Part of the application does
An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03. One parameter allows SQL inje
The Visual Email Designer for WooCommerce WordPress plugin before 1.7.2 does not properly sanitise a
Gravitee API Management before 3.15.13 allows path traversal through HTML injection.
The remote keyless system on Renault ZOE 2021 vehicles sends 433.92 MHz RF signals from the same Rol
aEnrich a+HRD log read function has a path traversal vulnerability. An unauthenticated remote attack
The iubenda WordPress plugin before 3.3.3 does does not have authorisation and CSRF in an AJAX actio
H C Mingham-Smith Ltd - Tardis 2000 Privilege escalation.Version 1.6 is vulnerable to privilege esca
The affected products store both public and private key that are used to sign andprotect Custom Pa
Hardcoded credential is found in affected products' message queue. An attacker that manages to expl
Communication between the client and the server application of the affected products is partially d
A use-after-free flaw was found in the Linux kernel MCTP (Management Component Transport Protocol) f
A improper neutralization of special elements used in an os command ('os command injection') in Fort
Bentley Systems MicroStation Connect versions 10.17.0.209 and prior are vulnerable to a Stack-Bas
An issue has been discovered in GitLab CE/EE affecting all versions before 15.5.7, all versions star
The WP Custom Admin Interface WordPress plugin before 7.29 unserialize user input provided via the s
Memory corruption in Core due to stack-based buffer overflow.
Memory corruption in core due to stack-based buffer overflow
Memory corruption due to stack-based buffer overflow in Core
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WP Engine Advanced Custo
Realtek GPON router has insufficient filtering for special characters. A remote attacker authenticat
An integer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A s
The Welcart e-Commerce WordPress plugin before 2.8.5 does not validate user input before using it to
Bentley Systems MicroStation Connect versions 10.17.0.209 and prior are vulnerable to an Out-of-B
Out-of-bounds read vulnerability in V-Server v4.0.12.0 and earlier allows a local attacker to obtain
Incorrect Authorization check affecting all versions of GitLab EE from 13.11 prior to 15.5.7, 15.6 p
Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize user-supplied d
NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer
NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer
NVIDIA BMC contains a vulnerability in libwebsocket, where an authorized attacker can cause a buffer
NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer
NVIDIA BMC IPMI handler allows an unauthenticated host to write to a host SPI flash bypassing secure
NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmiFlash, where a local user with elevated
NVIDIA DGX Station contains a vulnerability in SBIOS in the SmiFlash, where a local user with elevat
NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can read and write
NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject arbitra
NVIDIA BMC contains a vulnerability in SPX REST auth handler, where an un-authorized attacker can ex
NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer
DGX A100 SBIOS contains a vulnerability in the Pre-EFI Initialization (PEI)phase, where a privileged
DGX A100 SBIOS contains a vulnerability in Bds, which may lead to code execution, denial of service,
NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can upload and dow
NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject arbitra
NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject arbitra
The Welcart e-Commerce WordPress plugin before 2.8.6 does not validate user input before using it in
IBM Business Automation Workflow 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20
Norton, Avira, Avast and AVG Antivirus for Windows may be susceptible to a Privilege Escalation vuln
Caret is vulnerable to an XSS attack when the user opens a crafted Markdown file when preview mode i
The White Label CMS WordPress plugin before 2.5 unserializes user input provided via the settings, w
The Custom Field Template WordPress plugin before 2.5.8 unserialises the content of an imported file
A command injection vulnerability in the CGI program of Zyxel NR7101 firmware prior to V1.15(ACCC.3)
An improper check for unusual or exceptional conditions in the HTTP request processing function of Z
The File Upload function of EasyTest has insufficient filtering for special characters and file type
The Download function’s parameter of EasyTest has insufficient validation for user input. A remote a
The Administrator function of EasyTest has an Incorrect Authorization vulnerability. A remote attack
Out-of-bounds write vulnerability in V-SFT v6.1.7.0 and earlier and TELLUS v4.0.12.0 and earlier all
The Qe SEO Handyman WordPress plugin through 1.0 does not properly sanitize and escape a parameter b
A vulnerability has been identified in Automation License Manager V5 (All versions), Automation Lice
A vulnerability has been identified in Automation License Manager V5 (All versions), Automation Lice
Multiple vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orche
The Qe SEO Handyman WordPress plugin through 1.0 does not properly sanitize and escape a parameter b
Multiple vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orche
Multiple vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orche
Multiple vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orche
Multiple vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orche
Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an aut
Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an aut
A vulnerability in the ClearPass OnGuard macOS agent could allow malicious users on a macOS instance
A vulnerability in the ClearPass OnGuard Linux agent could allow malicious users on a Linux instance
A vulnerability in the ClearPass OnGuard Windows agent could allow malicious users on a Windows inst
Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenti
Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenti
Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenti
The LetsRecover WordPress plugin before 1.2.0 does not properly sanitise and escape a parameter befo
The LetsRecover WordPress plugin before 1.2.0 does not properly sanitise and escape a parameter befo
The WP RSS By Publishers WordPress plugin through 0.1 does not properly sanitize and escape a parame
The WP RSS By Publishers WordPress plugin through 0.1 does not properly sanitize and escape a parame
A buffer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A spe
The WP RSS By Publishers WordPress plugin through 0.1 does not properly sanitize and escape a parame
Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in kernel_liteos_a has a kernel stack
The multimedial images WordPress plugin through 1.0b does not properly sanitize and escape a paramet
The Web Invoice WordPress plugin through 2.1.3 does not properly sanitize and escape a parameter bef
The Web Invoice WordPress plugin through 2.1.3 does not properly sanitize and escape a parameter bef
The Quote-O-Matic WordPress plugin through 1.0.5 does not properly sanitize and escape a parameter b
A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain
A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux ker
IBM Robotic Process Automation for Cloud Pak 20.12 through 21.0.3 is vulnerable to broken access con
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 could allow an authenticated us
Improper neutralization of special elements in output used by a downstream component ('Injection') v
A buffer overflow vulnerability exists in Linksys WRT54GL Wireless-G Broadband Router with firmware
An arbitrary code exection vulnerability exists in Linksys WUMC710 Wireless-AC Universal Media Conne
A null pointer dereference vulnerability exists in Linksys WRT54GL Wireless-G Broadband Router with
An arbitrary code execution vulnerability exisits in Linksys WRT54GL Wireless-G Broadband Router wit
In b2evolution 7.2.5, if configured with admins_can_manipulate_sensitive_files, arbitrary file uploa
support_uri parameter in the WARP client local settings file (mdm.xml) lacked proper validation whic
A vulnerability in the Aruba EdgeConnect Enterprise Orchestrator web-based management interface allo
A vulnerability in the Aruba EdgeConnect Enterprise Orchestrator web-based management interface allo
Efs Software Easy Chat Server Version 3.1 was discovered to contain a DLL hijacking vulnerability vi
TP-Link routers, Archer C5 and WR710N-V1, using the latest software, the strcmp function used for ch
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 1). An authenticate
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 1). An authenticate
Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in kernel_liteos_a has a kernel stack
The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not e
An issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPChill Download Monitor
Sysmac Studio installs executables in a directory with poor permissions. This can allow a locally-au
An attacker with network access to the affected PLC (CJ-series and CS-series PLCs, all versions) may
MyBB before 1.8.33 allows Directory Traversal. The Admin CP Languages module allows remote authentic
In Garmin Connect 4.61, terminating a LiveTrack session wouldn't prevent the LiveTrack API from cont
Travel support program is a rails app to support the travel support program of openSUSE (TSP). Sensi
Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch an
ChangingTec ServiSign component has insufficient filtering for special characters in the connection
ChangingTec ServiSign component has a path traversal vulnerability due to insufficient filtering for
Black Box KVM Firmware version 3.4.31307 on models ACR1000A-R-R2, ACR1000A-T-R2, ACR1002A-T, ACR1002
Out-of-bounds read vulnerability in V-SFT v6.1.7.0 and earlier and TELLUS v4.0.12.0 and earlier allo
Rumpus - FTP server Cross-site request forgery (CSRF) – Privilege escalation vulnerability that may
Rumpus - FTP server version 9.0.7.1 Cross-site request forgery (CSRF) – vulnerability may allow unau
Rumpus - FTP server version 9.0.7.1 Improper Token Verification– vulnerability may allow bypassing i
Alotcer - AR7088H-A firmware version 16.10.3 Command execution Improper validation of unspecified in
An issue in MPD (Music Player Daemon) v0.23.10 allows attackers to cause a Denial of Service (DoS) v
An access control issue in Harbor v1.X.X to v2.5.3 allows attackers to access public and private ima
Helmet Store Showroom Site v1.0 was discovered to contain a SQL injection vulnerability via the id p
72crm v9 was discovered to contain an arbitrary file upload vulnerability via the avatar upload func
Judging Management System v1.0.0 was discovered to contain a SQL injection vulnerability via the use
The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13. An a
There exists a use-after-free vulnerability in the Linux kernel through io_uring and the IORING_OP_S
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the
A PHP Object Injection vulnerability in the unserialize() function Spitfire CMS v1.0.475 allows auth
GPAC MP4box 2.1-DEV-rev574-g9d5bb184b has a Buffer overflow in gf_vvc_read_pps_bs_internal function
GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer Overflow.
GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer Overflow via gf_vvc_read_sps_bs_intern
GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer Overflow in gf_text_process_sub functi
GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is contains an Integer overflow vulnerability in gf_hevc_read_
GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to heap use-after-free via filters/dmx_m2ts.c:47
GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Null pointer dereference via filters/dmx_m2ts
GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer overflow in hevc_parse_vps_extension f
Out-of-bounds write vulnerability in V-Server v4.0.12.0 and earlier allows a local attacker to obtai
A potential memory leak issue was discovered in SDL2 in GLES_CreateTexture() function in SDL_render_
M-Link Archive Server in Isode M-Link R16.2v1 through R17.0 before R17.0v24 allows non-administrativ
GPAC MP4box 2.1-DEV-rev593-g007bf61a0 is vulnerable to Buffer Overflow in eac3_update_channels funct
GPAC MP4box 2.1-DEV-rev593-g007bf61a0 is vulnerable to Buffer Overflow in gf_hevc_read_sps_bs_intern
Libde265 1.0.9 is vulnerable to Buffer Overflow in function void put_qpel_fallback<unsigned short>
GPAC MP4box 2.1-DEV-rev617-g85ce76efd is vulnerable to Buffer Overflow in gf_hevc_read_sps_bs_intern
GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to buffer overflow in function hevc_parse_vps_ex
GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to buffer overflow in function gf_hevc_read_vps_
GPAC MP4box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to Buffer Overflow in gf_bs_read_data
GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is has an integer overflow in isomedia/isom_write.c
GPAC MP4Box 2.1-DEV-rev649-ga8f438d20 is vulnerable to Buffer Overflow via media_tools/av_parsers.c:
GPAC MP4box 2.1-DEV-rev649-ga8f438d20 is vulnerable to buffer overflow in h263dmx_process filters/re
Stack-based buffer overflow vulnerability in V-Server v4.0.12.0 and earlier allows a local attacker
The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13. An a
A vulnerability has been identified in JT Open (All versions < V11.1.1.0), JT Utilities (All version
The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13. An a
A vulnerability has been identified in Solid Edge (All versions < V2023 MP1). The DOCMGMT.DLL contai
The tf_remapper_node component 1.1.1 for Robot Operating System (ROS) allows attackers, who control
Technitium DNS Server before 10.0 allows a self-CNAME denial-of-service attack in which a CNAME loop
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.1, watchOS 9.2
A vulnerability was found in Evolution Events Artaxerxes. It has been declared as problematic. This
A vulnerability classified as problematic was found in ummmmm nflpick-em.com up to 2.2.x. This vulne
A vulnerability was found in Forged Alliance Forever up to 3746. It has been declared as critical. A
SAP BusinessObjects Business Intelligence Analysis edition for OLAP allows an authenticated attacker
A vulnerability was found in Multilaser RE708 RE1200R4GC-2T2R-V3_v3411b_MUL029B. It has been rated a
softbus_client_stub in communication subsystem within OpenHarmony-v3.0.5 and prior versions has an a
platform_callback_stub in misc subsystem within OpenHarmony-v3.0.5 and prior versions has an authent
Improper Restriction of Names for Files and Other Resources in GitHub repository lirantal/daloradius
Code Injection in GitHub repository lirantal/daloradius prior to master-branch.
Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.1143.
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1144.
Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1145.
The Swifty Page Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions
A vulnerability was found in Netis Netcore Router up to 2.2.6. It has been declared as problematic.
Use after free in Overview Mode in Google Chrome on Chrome OS prior to 109.0.5414.74 allowed a remot
Heap buffer overflow in Network Service in Google Chrome prior to 109.0.5414.74 allowed an attacker
Use after free in Cart in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a u
Use after free in Cart in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a u
Inappropriate implementation in in Fullscreen API in Google Chrome on Android prior to 109.0.5414.74
Heap buffer overflow in Platform Apps in Google Chrome on Chrome OS prior to 109.0.5414.74 allowed a
Heap buffer overflow in libphonenumber in Google Chrome prior to 109.0.5414.74 allowed a remote atta
Uncontrolled Search Path Element in GitHub repository bits-and-blooms/bloom prior to 3.3.1.
When calling bson_utf8_validate on some inputs a loop with an exit condition that cannot be reached
Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability
Windows iSCSI Service Denial of Service Vulnerability
Azure Service Fabric Container Elevation of Privilege Vulnerability
Windows GDI Elevation of Privilege Vulnerability
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability
.NET Denial of Service Vulnerability
Windows Authentication Remote Code Execution Vulnerability
Windows Task Scheduler Elevation of Privilege Vulnerability
Windows Installer Elevation of Privilege Vulnerability
Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability
Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability
Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
Windows SMB Witness Service Elevation of Privilege Vulnerability
Microsoft Cryptographic Services Elevation of Privilege Vulnerability
Windows GDI Elevation of Privilege Vulnerability
Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability
Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability
Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability
Windows Error Reporting Service Elevation of Privilege Vulnerability
Microsoft Cryptographic Services Elevation of Privilege Vulnerability
Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability
Windows Print Spooler Elevation of Privilege Vulnerability
Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability
Windows Win32k Elevation of Privilege Vulnerability
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability
Microsoft DWM Core Library Elevation of Privilege Vulnerability
Windows Credential Manager User Interface Elevation of Privilege Vulnerability
Windows Netlogon Denial of Service Vulnerability
Microsoft Cryptographic Services Elevation of Privilege Vulnerability
Microsoft ODBC Driver Remote Code Execution Vulnerability
Windows Bind Filter Driver Elevation of Privilege Vulnerability
Microsoft Office Remote Code Execution Vulnerability
Microsoft Office Remote Code Execution Vulnerability
Microsoft Office Visio Remote Code Execution Vulnerability
Microsoft Office Visio Remote Code Execution Vulnerability
Microsoft Office Visio Remote Code Execution Vulnerability
Windows Bluetooth Driver Elevation of Privilege Vulnerability
Microsoft Office Visio Information Disclosure Vulnerability
Microsoft SharePoint Server Remote Code Execution Vulnerability
Microsoft SharePoint Server Remote Code Execution Vulnerability
Microsoft Exchange Server Spoofing Vulnerability
Windows NTLM Elevation of Privilege Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
Windows Backup Service Elevation of Privilege Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
Windows Layer 2 Tunneling Protocol (L2TP) Denial of Service Vulnerability
Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability
Windows Print Spooler Elevation of Privilege Vulnerability
Microsoft Exchange Server Information Disclosure Vulnerability
Microsoft Exchange Server Spoofing Vulnerability
Microsoft Exchange Server Elevation of Privilege Vulnerability
Microsoft Exchange Server Elevation of Privilege Vulnerability
Windows Print Spooler Elevation of Privilege Vulnerability
Windows Overlay Filter Elevation of Privilege Vulnerability
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Windows Local Session Manager (LSM) Elevation of Privilege Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
Visual Studio Code Remote Code Execution Vulnerability
3D Builder Remote Code Execution Vulnerability
3D Builder Remote Code Execution Vulnerability
3D Builder Remote Code Execution Vulnerability
3D Builder Remote Code Execution Vulnerability
3D Builder Remote Code Execution Vulnerability
3D Builder Remote Code Execution Vulnerability
3D Builder Remote Code Execution Vulnerability
3D Builder Remote Code Execution Vulnerability
3D Builder Remote Code Execution Vulnerability
3D Builder Remote Code Execution Vulnerability
3D Builder Remote Code Execution Vulnerability
3D Builder Remote Code Execution Vulnerability
3D Builder Remote Code Execution Vulnerability
3D Builder Remote Code Execution Vulnerability
OpenAM Web Policy Agent (OpenAM Consortium Edition) provided by OpenAM Consortium parses URLs improp
A vulnerability in class-of-service (CoS) queue management in Juniper Networks Junos OS on the ACX2K
An Improper Check for Unusual or Exceptional Conditions vulnerability in BGP route processing of Jun
An Improper Handling of Unexpected Data Type vulnerability in the handling of SIP calls in Juniper N
An Uncontrolled Resource Consumption vulnerability in TCP processing on the Routing Engine (RE) of J
When sFlow is enabled and it monitors a packet forwarded via ECMP, a buffer management vulnerability
An Uncontrolled Resource Consumption vulnerability in the PFE management daemon (evo-pfemand) of Jun
An Improper Validation of Array Index vulnerability in the Advanced Forwarding Toolkit Manager daemo
An Allocation of Resources Without Limits or Throttling vulnerability in the Packet Forwarding Engi
An Improper Validation of Array Index vulnerability in the SIP ALG of Juniper Networks Junos OS on S
An Out-of-Bounds Write vulnerability in Flow Processing Daemon (flowd) of Juniper Networks Junos OS
An Improper Locking vulnerability in the SIP ALG of Juniper Networks Junos OS on MX Series with MS-M
An Improper Check or Handling of Exceptional Conditions vulnerability in the IPsec library of Junipe
An Out-of-Bounds Write vulnerability in the H.323 ALG of Juniper Networks Junos OS allows an unauthe
A Buffer Overflow vulnerability in SIP ALG of Juniper Networks Junos OS allows a network-based, unau
A Missing Release of Memory after Effective Lifetime vulnerability in the Flow Processing Daemon (fl
Kiwi TCMS is an open source test management system. In version 11.6 and prior, when users register n
Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch an
go-ipld-prime is an implementation of the InterPlanetary Linked Data (IPLD) spec interfaces, a batte
The `sanitize-svg` package, a small SVG sanitizer to prevent cross-site scripting attacks, uses a de
Luxon is a library for working with dates and times in JavaScript. On the 1.x branch prior to 1.38.1
Deck is a kanban style organization tool aimed at personal planning and project organization for tea
Mercurius is a GraphQL adapter for Fastify. Any users of Mercurius until version 10.5.0 are subjecte
The FTP (aka 'Implementation of a simple FTP client and server') project through 96c1a35 allows remo
InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version In
InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version In
InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version In
Insecure folder permissions in the Windows installation path of Shibboleth Service Provider (SP) bef
WebChess through 0.9.0 and 1.0.0.rc2 allows SQL injection: mainmenu.php, chess.php, and opponentspas
In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is
Versions of the package libredwg before 0.12.5.6384 are vulnerable to Denial of Service (DoS) due to
TP-Link Tapo APK up to v2.12.703 uses hardcoded credentials for access to the login panel.
Memory corruption when IPv6 prefix timer object`s lifetime expires which are created while Netmgr da
A component for parsing OXMF templates could be abused to execute arbitrary system commands that wou
User-defined OXMF templates could be used to access a limited part of the internal OX App Suite Java
An uncontrolled search path element vulnerability (DLL hijacking) has been discovered that could all
An uncontrolled search path element vulnerability (DLL hijacking) has been discovered that could all
AMI’s SPx containsa vulnerability in the BMC where an Attacker maycause a stack-based buf
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.
NVIDIA DGX A100 BMC contains a vulnerability where an attacker may cause an LDAP user injection. A s
NVIDIA DGX A100 SBIOS contains a vulnerability where a user may cause a heap-based buffer overflow b
NVIDIA DGX A100 BMC contains a vulnerability where a user may cause a missing authentication issue f
NVIDIA DGX A100 SBIOS contains a vulnerability where a local attacker can cause input validation che
NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may cause an SMI callout vulnerabil
NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where, when it is laun
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in ma
A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS V
This issue was addressed by forcing hardened runtime on the affected binaries at the system level. T
A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Monterey
The issue was addressed with improved bounds checks. This issue is fixed in macOS Ventura 13.3. An a
An integer overflow vulnerability exists in the FST_BL_GEOM parsing maxhandle functionality of GTKWa
In Modem IMS SMS UA, there is a possible out of bounds write due to a missing bounds check. This cou
In Modem IMS Stack, there is a possible system crash due to a missing bounds check. This could lead
In Modem IMS Call UA, there is a possible out of bounds write due to a missing bounds check. This co
In Modem IMS Call UA, there is a possible out of bounds write due to a missing bounds check. This co
In modem EMM, there is a possible system crash due to improper input validation. This could lead to
Memory corruption in HLOS while running playready use-case.
Memory corruption in TZ Secure OS while requesting a memory allocation from TA region.
Memory corruption in Audio during playback with speaker protection.
Memory corruption while receiving a message in Bus Socket Transport Server.
Transient DOS in Data Modem during DTLS handshake.
Transient DOS in WLAN Firmware while parsing a BTM request.
Memory corruption in wearables while processing data from AON.
Memory corruption while running VK synchronization with KASAN enabled.
Memory corruption in Graphics Driver when destroying a context with KGSL_GPU_AUX_COMMAND_TIMELINE ob
Transient DOS while processing a WMI P2P listen start command (0xD00A) sent from host.
The session index variable in PCM host voice audio driver initialized before PCM open, accessed duri
Transient DOS when WLAN firmware receives 'reassoc response' frame including RIC_DATA element.
Memory corruption when resource manager sends the host kernel a reply message with multiple fragment
Memory corruption while running NPU, when NETWORK_UNLOAD and (NETWORK_UNLOAD or NETWORK_EXECUTE_V2)
Transient DOS while parsing ieee80211_parse_mscs_ie in WIN WLAN driver.
Memory corruption when HLOS allocates the response payload buffer to copy the data received from ADS
Memory corruption while processing Listen Sound Model client payload buffer when there is a request
Memory corruption in Audio when memory map command is executed consecutively in ADSP.
An issue was discovered in Scada-LTS v2.7.5.2 build 4551883606 and before, allows remote attackers w
Cloud Foundry routing release versions from v0.163.0 to v0.283.0 are vulnerable to a DOS attack. An
An improper array index validation vulnerability exists in the EVCD var len parsing functionality of
For migration as well as to work around kernels unaware of L1TF (seeXSA-273), PV guests may be run
libfsimage contains parsing code for several filesystems, most of them based ongrub-legacy code.
The caching invalidation guidelines from the AMD-Vi specification (48882—Rev3.07-PUB—Oct 2022) is i
AMI’s SPx containsa vulnerability in the BMC where an Attackermay cause an untrusted po
AMI’s SPx containsa vulnerability in the BMC where an Attacker may cause anuntrusted po
An out-of-bounds write vulnerability exists in the LXT2 num_time_table_entries functionality of GTKW
An integer overflow vulnerability exists in the VZT longest_len value allocation functionality of GT
An integer overflow vulnerability exists in the LXT2 lxt2_rd_trace value elements allocation functio
An integer overflow vulnerability exists in the fstReaderIterBlocks2 time_table tsec_nitems function
Multiple stack-based buffer overflow vulnerabilities exist in the FST LEB128 varint functionality of
Multiple stack-based buffer overflow vulnerabilities exist in the FST LEB128 varint functionality of
Multiple stack-based buffer overflow vulnerabilities exist in the FST LEB128 varint functionality of
Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 VCDATA parsing
Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 VCDATA parsing
Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 VCDATA parsing
Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 VCDATA parsing
Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.
Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.
Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.
Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.
Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.
Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.
Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 chain_table pa
Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 chain_table pa
An integer overflow vulnerability exists in the LXT2 zlib block allocation functionality of GTKWave
An integer overflow vulnerability exists in the FST fstReaderIterBlocks2 vesc allocation functionali
Multiple improper array index validation vulnerabilities exist in the fstReaderIterBlocks2 tdelta fu
Multiple improper array index validation vulnerabilities exist in the fstReaderIterBlocks2 tdelta fu
Multiple improper array index validation vulnerabilities exist in the fstReaderIterBlocks2 tdelta fu
Multiple improper array index validation vulnerabilities exist in the fstReaderIterBlocks2 tdelta fu
Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 fstWritex len
Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 fstWritex len
An out-of-bounds write vulnerability exists in the VZT LZMA_read_varint functionality of GTKWave 3.3
An integer overflow vulnerability exists in the fstReaderIterBlocks2 temp_signal_value_buf allocatio
Multiple integer overflow vulnerabilities exist in the FST fstReaderIterBlocks2 chain_table allocati
Multiple integer overflow vulnerabilities exist in the FST fstReaderIterBlocks2 chain_table allocati
An out-of-bounds write vulnerability exists in the VZT LZMA_Read dmem extraction functionality of GT
AMI’s SPx containsa vulnerability in the BMC where an Attacker may cause astack-based buffer overf
AMI’sSPx contains a vulnerability in the BMC where an Attacker maycause a heap memory corru
AMI’sSPx contains a vulnerability in the BMC where an Attacker maycause a heap memory corrupt
AMI’sSPx contains a vulnerability in the BMC where an Attacker maycause a stack memory corrupti
AMI’sSPx contains a vulnerability in the BMC where an Attacker maycause a heap memory corruption
Multiple out-of-bounds write vulnerabilities exist in the VCD parse_valuechange portdump functionali
Multiple out-of-bounds write vulnerabilities exist in the VCD parse_valuechange portdump functionali
Multiple out-of-bounds write vulnerabilities exist in the VCD parse_valuechange portdump functionali
Multiple out-of-bounds write vulnerabilities exist in the VCD parse_valuechange portdump functionali
Multiple out-of-bounds write vulnerabilities exist in the VCD parse_valuechange portdump functionali
Multiple out-of-bounds read vulnerabilities exist in the VCD var definition section functionality of
Multiple out-of-bounds read vulnerabilities exist in the VCD var definition section functionality of
Multiple out-of-bounds read vulnerabilities exist in the VCD var definition section functionality of
Multiple out-of-bounds read vulnerabilities exist in the VCD var definition section functionality of
Multiple out-of-bounds read vulnerabilities exist in the VCD var definition section functionality of
Multiple out-of-bounds read vulnerabilities exist in the VCD var definition section functionality of
Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc functionality of GTKWa
Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc functionality of GTKWa
Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc functionality of GTKWa
Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc functionality of GTKWa
Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc functionality of GTKWa
Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc functionality of GTKWa
Directory Traversal in Automatic-Systems SOC FL9600 FastLine lego_T04E00 allows a remote attacker to
An issue in Automatic Systems SOC FL9600 FastLine v.lego_T04E00 allows a remote attacker to obtain s
Multiple arbitrary write vulnerabilities exist in the VCD sorted bsearch functionality of GTKWave 3.
Multiple arbitrary write vulnerabilities exist in the VCD sorted bsearch functionality of GTKWave 3.
Multiple arbitrary write vulnerabilities exist in the VCD sorted bsearch functionality of GTKWave 3.
A stack-based buffer overflow vulnerability exists in the LXT2 lxt2_rd_expand_integer_to_bits functi
A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in macO
Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing functionality of GTKW
Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing functionality of GTKW
Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing functionality of GTKW
Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing functionality of GTKW
Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing functionality of GTKW
Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing functionality of GTKW
Multiple out-of-bounds write vulnerabilities exist in the VZT vzt_rd_get_facname decompression funct
Multiple out-of-bounds write vulnerabilities exist in the VZT vzt_rd_get_facname decompression funct
Multiple integer overflow vulnerabilities exist in the VZT vzt_rd_block_vch_decode times parsing fun
Multiple integer overflow vulnerabilities exist in the VZT vzt_rd_block_vch_decode times parsing fun
Multiple integer overflow vulnerabilities exist in the VZT vzt_rd_block_vch_decode dict parsing func
Multiple integer overflow vulnerabilities exist in the VZT vzt_rd_block_vch_decode dict parsing func
An out-of-bounds write vulnerability exists in the LXT2 zlib block decompression functionality of GT
FPE in paddle.nanmedian in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a deni
FPE in paddle.linalg.matrix_rank in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash a
Nullptr in paddle.dot in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial
FPE in paddle.linalg.eig in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a den
OOB access in paddle.mode in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a de
Multiple out-of-bounds write vulnerabilities exist in the VZT vzt_rd_process_block autosort function
Multiple out-of-bounds write vulnerabilities exist in the VZT vzt_rd_process_block autosort function
Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTK
Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTK
Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTK
Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTK
Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTK
Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTK
An OS command injection vulnerability has been reported to affect several QNAP operating system vers
A prototype pollution vulnerability has been reported to affect several QNAP operating system versio
Multiple integer overflow vulnerabilities exist in the LXT2 num_dict_entries functionality of GTKWav
Multiple integer overflow vulnerabilities exist in the LXT2 num_dict_entries functionality of GTKWav
An unspecified SQL Injection vulnerability in Ivanti Endpoint Manager released prior to 2022 SU 5 al
Multiple integer underflow vulnerabilities exist in the LXT2 lxt2_rd_iter_radix shift operation func
Multiple integer underflow vulnerabilities exist in the LXT2 lxt2_rd_iter_radix shift operation func
Multiple out-of-bounds write vulnerabilities exist in the LXT2 parsing functionality of GTKWave 3.3.
Multiple out-of-bounds write vulnerabilities exist in the LXT2 parsing functionality of GTKWave 3.3.
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Hancom HCell
An authentication issue was addressed with improved state management. This issue is fixed in macOS S
Redis is an in-memory database that persists on disk. Redis incorrectly handles resizing of memory b
A type confusion issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14, i
A type confusion issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.7
A SQL injection vulnerability has been reported to affect Video Station. If exploited, the vulnerabi
An OS command injection vulnerability has been reported to affect Video Station. If exploited, the v
An OS command injection vulnerability has been reported to affect QcalAgent. If exploited, the vulne
There is a local privilege escalation vulnerability of ZTE's ZXCLOUD iRAI.Attackers with regular use
There is an unsafe DLL loading vulnerability in ZTE ZXCLOUD iRAI. Due to the program failed to ade
There is a command injection vulnerability of ZTE's ZXCLOUD iRAI. Due to the program failed to ade
A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17
An issue was discovered in O-RAN Software Community ric-plt-e2mgr in the G-Release environment, allo
Wazuh is a free and open source platform used for threat prevention, detection, and response. This b
A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05.20), CP-8050
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing a f
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.5.
A race condition was addressed with improved state handling. This issue is fixed in macOS Big Sur 11
A correctness issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14, Safa
The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.5, iO
Multiple memory corruption issues were addressed with improved input validation. This issue is fixed
A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS S
The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14, iOS 1
The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14. Process
This issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. An app may be
Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that co
Transient DOS while parsing GATT service data when the total amount of memory that is required by th
Memory corruption while invoking IOCTLs calls from user space for internal mem MAP and internal mem
A vulnerability has been identified in Spectrum Power 7 (All versions < V23Q4). The affected product
An improper privilege management vulnerability in a Fortinet FortiOS HA cluster version 7.4.0 throu
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP
fontTools is a library for manipulating fonts, written in Python. The subsetting module has a XML Ex
An issue in Tamaki_hamanoki Line v.13.6.1 allows attackers to send crafted notifications via leakage
An issue discovered in the Order and Invoice pages in Floorsight Insights Q3 2023 allows an unauthen
An indirect Object Reference (IDOR) in the Order and Invoice pages in Floorsight Customer Portal Q3
File Upload vulnerability PMB v.7.4.8 allows a remote attacker to execute arbitrary code and escalat
A improper access control in Fortinet FortiPortal version 7.0.0 through 7.0.6, Fortinet FortiPortal
An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Polic
An issue discovered in GPAC 2.3-DEV-rev605-gfc9e29089-master in MP4Box in gf_avc_change_vui /afltest
Lack of authentication in NPM's package @evershop/evershop before version 1.0.0-rc.8, allows remote
A vulnerability was found in Perl. This security issue occurs while Perl for Windows relies on the s
IBM CICS Transaction Gateway 9.3 could allow a user to transfer or view files due to improper access
IBM Db2 for Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow a local user to e
A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager
A SQL injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability c
Directory Traversal vulnerability in fuwushe.org iFair versions 23.8_ad0 and before allows an attack
An OS command injection vulnerability has been reported to affect QuMagie. If exploited, the vulnera
pyLoad 0.5.0 is vulnerable to Unrestricted File Upload.
An integer overflow vulnerability in FreeImageIO.cpp::_MemoryReadProc in FreeImage 3.18.0 allows att
An integer overflow vulnerability in LoadPixelDataRLE4 function in PluginBMP.cpp in Freeimage 3.18.0
A directory traversal vulnerability in the SOAP Server integrated in Atos Unify OpenScape Voice V10
The vulnerability allows a remote attacker to upload arbitrary files in all paths of the system unde
The vulnerability allows an unauthenticated remote attacker to read arbitrary files under the contex
The vulnerability allows an authenticated remote attacker to perform actions exceeding their authori
The vulnerability allows a remote authenticated attacker to read or update arbitrary content of the
The vulnerability allows a remote attacker to access sensitive data inside exported packages or obta
The vulnerability allows a remote attacker to delete arbitrary files on the file system via a crafte
The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results
The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results
The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results
Discourse is a platform for community discussion. The message serializer uses the full list of expan
In checkDebuggingDisallowed of DeviceVersionFragment.java, there is a possible way to access ad
SEMCMS v4.8 was discovered to contain a SQL injection vulnerability via the languageID parameter in
An issue was discovered in Jave2 version 3.3.1, allows attackers to execute arbitrary code via the F
A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affe
A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affe
A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affe
A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affe
A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affe
A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affe
A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affe
A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affe
A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affe
A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affe
A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affe
A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.7). The affected applicati
Authenticated user can execute arbitrary commands in the context of the root user by providing paylo
It is possible to download the configuration backup without authorization and decrypt included passw
An authenticated user is able to upload an arbitrary CGI-compatible file using the certificate uploa
The authentication cookies are generated using an algorithm based on the username, hardcoded secret
The 'tokenKey' value used in user authorization is visible in the HTML source of the login page.
Buffer Overflow vulnerability in Tenda AX12 V22.03.01.46, allows remote attackers to cause a denial
Blind Server-Side Request Forgery (SSRF) vulnerability in karlomikus Bar Assistant before version 3.
An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_get
An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs+0x4
An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_op_
An Out of Bounds Write in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service v
An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_des
A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.11. This vulne
An insufficient entropy vulnerability exists in the userRecoverPass.php recoverPass generation funct
Improper access control in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SD
A unrestricted php file upload vulnerability exists in the import.json.php temporary copy functional
An information disclosure vulnerability exists in the image404Raw.php functionality of WWBN AVideo d
KernelSU is a Kernel-based root solution for Android devices. In versions 0.7.1 and prior, the logic
Lif Auth Server is a server for validating logins, managing information, and account recovery for Li
WALLIX Bastion 7.x, 8.x, 9.x and 10.x and WALLIX Access Manager 3.x and 4.x have Incorrect Access Co
An issue was discovered in open5gs v2.6.6. SIGPIPE can be used to crash AMF.
Aoyun Technology pbootcms V3.1.2 is vulnerable to Incorrect Access Control, allows remote attackers
reNgine before 2.1.2 allows OS Command Injection if an adversary has a valid session ID. The attack
STMicroelectronics STSAFE-A1xx middleware before 3.3.7 allows MCU code execution if an adversary has
The number of attempts to bring the Hozard Alarm system (alarmsystemen) v1.0 to a disarmed state is
In ScaleFusion (Windows Desktop App) agent 10.5.2, Kiosk mode application restrictions can be bypass
SQL injection vulnerability in EmpireCMS v7.5, allows remote attackers to execute arbitrary code and
Froxlor is open source server administration software. Prior to version 2.1.2, it was possible to su
HCL DRYiCE MyXalytics is impacted by Improper Access Control (Obsolete web pages) vulnerability. Dis
HCL DRYiCE MyXalytics is impacted by the use of a broken cryptographic algorithm for encryption, pot
Insecure Permissions vulnerability in fit2cloud Cloud Explorer Lite version 1.4.1, allow local attac
In exiftags 1.01, nikon_prop1 in nikon.c has a heap-based buffer overflow (write of size 28) because
Online Notice Board System v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'f' pa
Kyocera Device Manager before 3.1.1213.0 allows NTLM credential exposure during UNC path authenticat
An issue was discovered on GL.iNet devices through 4.5.0. Attackers who are able to steal the AdminT
An issue was discovered in savignano S/Notify before 4.0.2 for Jira. While an administrative user is
An issue was discovered in savignano S/Notify before 2.0.1 for Bitbucket. While an administrative us
An issue was discovered in savignano S/Notify before 4.0.2 for Confluence. While an administrative u
Buffer Overflow vulnerability in Tenda i29 versions 1.0 V1.0.0.5 and 1.0 V1.0.0.2, allows remote att
QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 was discovered to contain a DOM Based Re
Incorrect access control in QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 allows unaut
An authenticated remote code execution vulnerability in QStar Archive Solutions Release RELEASE_3-0
An issue in Buffalo LS210D v.1.78-0.03 allows a remote attacker to execute arbitrary code via the Fi
FLIR AX8 thermal sensor cameras up to and including 1.46.16 are vulnerable to Directory Traversal du
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ninja Team FastDup – Fas
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in StudioWombat WP Optin Wh
A vulnerability has been identified in JT2Go (All versions < V14.3.0.6), Teamcenter Visualization V1
** UNSUPPORTED WHEN ASSIGNED ** Improper Input Validation vulnerability in Apache Axis allowed users
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPMU DEV Defender Securi
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Jordy Meow Database Clea
Cross-Site Request Forgery (CSRF) vulnerability in СleanTalk - Anti-Spam Protection Spam protection,
Cross-Site Request Forgery (CSRF) vulnerability in Awesome Support Team Awesome Support – WordPress
Cross-Site Request Forgery (CSRF) vulnerability in Apollo13Themes Apollo13 Framework Extensions.This
Cross-Site Request Forgery (CSRF) vulnerability in WP Zone Inline Image Upload for BBPress.This issu
Atril is a simple multi-page document viewer. Atril is vulnerable to a critical Command Injection Vu
fastify-reply-from is a Fastify plugin to forward the current HTTP request to another server. A reve
A vulnerability has been identified in JT2Go (All versions < V14.3.0.6), Teamcenter Visualization V1
A vulnerability has been identified in JT2Go (All versions < V14.3.0.6), Teamcenter Visualization V1
ScaleFusion 10.5.2 does not properly limit users to the Edge application because Ctrl-O and Ctrl-S c
ScaleFusion 10.5.2 does not properly limit users to the Edge application because a search can be mad
An issue was discovered in the Linux kernel before 6.6.8. do_vcc_ioctl in net/atm/ioctl.c has a use-
An issue was discovered in the Linux kernel before 6.6.8. atalk_ioctl in net/appletalk/ddp.c has a u
An issue was discovered in the Linux kernel before 6.6.8. rose_ioctl in net/rose/af_rose.c has a use
Deserialization of Untrusted Data vulnerability in Apache InLong.This issue affects Apache InLong: f
An issue in rymcu forest v.0.02 allows a remote attacker to obtain sensitive information via manipul
Verydows v2.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /prote
FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /system/
FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /system/
FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component system/s
Cross-Site Request Forgery (CSRF) vulnerability in Icegram Icegram Engage – WordPress Lead Generatio
Cross-Site Request Forgery (CSRF) vulnerability in Basix NEX-Forms – Ultimate Form Builder – Contact
Cross-Site Request Forgery (CSRF) vulnerability in NitroPack Inc. NitroPack – Cache & Speed Optimiza
Cross-Site Request Forgery (CSRF) vulnerability in PressTigers Simple Job Board.This issue affects S
Cross-Site Request Forgery (CSRF) vulnerability in WPChill Strong Testimonials.This issue affects St
Cross-Site Request Forgery (CSRF) vulnerability in WPClever WPC Product Bundles for WooCommerce.This
Cross-Site Request Forgery (CSRF) vulnerability in WhiteWP White Label – WordPress Custom Admin, Cus
Cross-Site Request Forgery (CSRF) vulnerability in Michael Winkler teachPress.This issue affects tea
Cross-Site Request Forgery (CSRF) vulnerability in wp.Insider, wpaffiliatemgr Affiliates Manager.Thi
Cross-Site Request Forgery (CSRF) vulnerability in Smash Balloon Custom Twitter Feeds – A Tweets Wid
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Naa986 WP Stripe Checkou
Cross-Site Request Forgery (CSRF) vulnerability in Marios Alexandrou Republish Old Posts.This issue
Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Floating Button.This issue affects Fl
Cross-Site Request Forgery (CSRF) vulnerability in Ovation S.R.L. Dynamic Content for Elementor.This
Cross-Site Request Forgery (CSRF) vulnerability in WP Job Portal WP Job Portal – A Complete Job Boar
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WP Swings Coupon Referra
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i
Deserialization of Untrusted Data vulnerability in SVNLabs Softwares HTML5 MP3 Player with Folder Fe
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i
Deserialization of Untrusted Data vulnerability in SVNLabs Softwares HTML5 SoundCloud Player with Pl
Deserialization of Untrusted Data vulnerability in Live Composer Team Page Builder: Live Composer li
Deserialization of Untrusted Data vulnerability in SVNLabs Softwares HTML5 MP3 Player with Playlist
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Constant Contact Constan
Cross-Site Request Forgery (CSRF) vulnerability in Yevhen Kotelnytskyi JS & CSS Script Optimizer.Thi
Deserialization of Untrusted Data vulnerability in Gecka Gecka Terms Thumbnails.This issue affects G
Cross-Site Request Forgery (CSRF) vulnerability in Automattic WooCommerce.This issue affects WooComm
Nullptr in paddle.nextafter in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a
Nullptr in paddle.put_along_axis in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash a
FPE in paddle.topk in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of
FPE in paddle.lerp in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of
FPE in paddle.amin in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of
Nullptr dereference in paddle.crop in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash
FPE in paddle.argmin and paddle.argmax in PaddlePaddle before 2.6.0. This flaw can cause a runtime c
The Ovic Responsive WPBakery WordPress plugin before 1.2.9 does not limit which options can be updat
Incorrect authorization checks in GitLab CE/EE from all versions starting from 8.13 before 16.5.6, a
The WP Register Profile With Shortcode plugin for WordPress is vulnerable to Cross-Site Request Forg
The BackWPup plugin for WordPress is vulnerable to Directory Traversal in versions up to, and includ
When the Genie Company Aladdin Connect garage door opener (Retrofit-Kit Model ALDCM) is placed into
Unauthenticated access permitted to web interface page The Genie Company Aladdin Connect (Retrofit-K
The Ni Purchase Order(PO) For WooCommerce WordPress plugin through 1.2.1 does not validate logo and
An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 (n
Any unauthenticated user may send e-mail from the site with any title or content to the admin
The PayHere Payment Gateway WordPress plugin before 2.2.12 automatically creates publicly-accessible
The WP STAGING WordPress Backup Plugin before 3.1.3 and WP STAGING Pro WordPress Backup Plugin befor
The Essential Real Estate WordPress plugin before 4.4.0 does not prevent users with limited privileg
The Backup Migration plugin for WordPress is vulnerable to unauthorized access of data due to insuff
A flaw was found in the ATA over Ethernet (AoE) driver in the Linux kernel. The aoecmd_cfg_pkts() fu
The Backup Migration WordPress plugin before 1.3.6 stores in-progress backups information in easy to
Uncontrolled search path vulnerabilities were reported in the Lenovo Universal Device Client (UDC) t
The Debug Log Manager WordPress plugin before 2.3.0 contains a Directory listing vulnerability was d
The Download Manager WordPress plugin before 3.2.83 does not protect file download's passwords, leak
A flaw was found in CRI-O that involves an experimental annotation leading to a container being unco
The Migrate WordPress Website & Backups WordPress plugin before 1.9.3 does not prevent directory lis
The Slider Revolution WordPress plugin before 6.6.19 does not prevent users with at least the Author
The WP Blogs' Planetarium WordPress plugin through 1.0 does not have CSRF check in place when updati
A vulnerability was reported in the Lenovo Browser Mobile and Lenovo Browser HD Apps for Android tha
The Export and Import Users and Customers plugin for WordPress is vulnerable to arbitrary file uploa
The LearnPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order_by’ par
The Import and export users and customers plugin for WordPress is vulnerable to Directory Traversal
PowerSYSTEM Center versions 2020 Update 16 and prior contain a vulnerability that may allow an autho
The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to arbitrary f
The WP Compress – Image Optimizer plugin for WordPress is vulnerable to Directory Traversal in all
Privilege escalation in mk_tsm agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows
Privilege escalation in jar_signature agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39
The Clone WordPress plugin before 2.4.3 uses buffer files to store in-progress backup informations,
The CommentTweets WordPress plugin through 0.6 does not have CSRF checks in some places, which could
The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads du
A CWE-502: Deserialization of untrusted data vulnerability exists that could allow an attackerlogg
A vulnerability was found in Uniway Router up to 2.0. It has been rated as critical. Affected by thi
A vulnerability was found in Uniway Router 2.0. It has been declared as critical. This vulnerability
A vulnerability classified as critical was found in Totolink N350RT 9.3.5u.6139_B20201216. Affected
A vulnerability, which was classified as critical, has been found in Totolink N350RT 9.3.5u.6139_B20
A vulnerability, which was classified as critical, was found in Totolink N350RT 9.3.5u.6139_B202012.
OpenVPN Connect version 3.0 through 3.4.6 on macOS allows local users to execute code in external th
Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnera
A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been rated as critic
A vulnerability classified as problematic has been found in HuiRan Host Reseller System up to 2.0.0.
A vulnerability, which was classified as problematic, was found in RRJ Nueva Ecija Engineer Online P
A vulnerability has been found in Magic-Api up to 2.0.1 and classified as critical. Affected by this
A symbolic link manipulation vulnerability in Trellix Anti-Malware Engine prior to the January 2024
HTTP3 dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted ca
GVCP dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of servi
IEEE 1609.2 dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial o
Zigbee TLV dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or craft
DOCSIS dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted c
A buffer overflow vulnerability in TA for Linux and TA for MacOS prior to 5.8.1 allows a local user
Use after free in ANGLE in Google Chrome prior to 120.0.6099.199 allowed a remote attacker who had c
Heap buffer overflow in ANGLE in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to
Use after free in WebAudio in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to pot
Use after free in WebGPU in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to poten
encoded_id-rails versions before 1.0.0.beta2 are affected by an uncontrolled resource consumption vu
ManageEngine ADSelfService Plus versions 6401 and below are vulnerable to the remote code execution
A vulnerability, which was classified as problematic, was found in SourceCodester Engineers Online P
A vulnerability has been found in Sentex FTPDMIN 0.96 and classified as problematic. Affected by thi
A vulnerability was found in ACME Ultra Mini HTTPd 1.21. It has been classified as problematic. This
A vulnerability was found in SourceCodester Clinic Queuing System 1.0. It has been rated as critical
A vulnerability was found in Totolink LR1200GB 9.1.0u.6619_B20230130. It has been rated as critical.
A vulnerability was found in Guangzhou Yingke Electronic Technology Ncast up to 2017 and classified
A vulnerability was found in Kashipara Dynamic Lab Management System up to 1.0. It has been classifi
A vulnerability was found in Kashipara Dynamic Lab Management System up to 1.0. It has been declared
A vulnerability was found in Inis up to 2.0.1. It has been rated as critical. This issue affects som
A vulnerability was found in Inis up to 2.0.1. It has been rated as problematic. This issue affects
A vulnerability, which was classified as critical, has been found in unknown-o download-station up t
A vulnerability has been found in Mandelo ssm_shiro_blog 1.0 and classified as problematic. Affected
A vulnerability was found in DeShang DSO2O up to 4.1.0. It has been classified as critical. This aff
A vulnerability was found in DeShang DSMall up to 6.1.0. It has been classified as problematic. This
A vulnerability has been found in iSharer and upRedSun File Sharing Wizard up to 1.5.0 and classifie
A vulnerability was found in Jasper httpdx up to 1.5.4 and classified as problematic. This issue aff
A vulnerability classified as critical was found in ForU CMS up to 2020-06-23. This vulnerability af
A vulnerability has been found in Blood Bank & Donor Management 5.6 and classified as critical. This
A vulnerability was found in code-projects Dormitory Management System 1.0. It has been rated as pro
Windows HTML Platforms Security Feature Bypass Vulnerability
Microsoft Common Log File System Elevation of Privilege Vulnerability
Microsoft ODBC Driver Remote Code Execution Vulnerability
Visual Studio Elevation of Privilege Vulnerability
Windows Group Policy Elevation of Privilege Vulnerability
Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability
Microsoft Message Queuing Denial of Service Vulnerability
.NET Denial of Service Vulnerability
Windows Kerberos Security Feature Bypass Vulnerability
Azure Storage Mover Remote Code Execution Vulnerability
A security vulnerability exists in FBX that could lead to remote code execution. To mitigate this vu
Windows Subsystem for Linux Elevation of Privilege Vulnerability
Windows Cryptographic Services Remote Code Execution Vulnerability
Win32k Elevation of Privilege Vulnerability
Win32k Elevation of Privilege Vulnerability
Microsoft AllJoyn API Denial of Service Vulnerability
Windows Libarchive Remote Code Execution Vulnerability
Windows Libarchive Remote Code Execution Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
Windows Hyper-V Remote Code Execution Vulnerability
Remote Desktop Client Remote Code Execution Vulnerability
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
.NET Framework Denial of Service Vulnerability
Microsoft SharePoint Server Remote Code Execution Vulnerability
Microsoft Printer Metadata Troubleshooter Tool Remote Code Execution Vulnerability
An Improper Access Control vulnerability in the Juniper Networks Paragon Active Assurance Control C
An Improper Validation of Syntactic Correctness of Input vulnerability in the Packet Forwarding Eng
An Exposure of Resource to Wrong Sphere vulnerability in the Packet Forwarding Engine (PFE) of Juni
A NULL Pointer Dereference vulnerability in Juniper Networks Junos OS Evolved on ACX7024, ACX7100-3
An Allocation of Resources Without Limits or Throttling vulnerability in the kernel of Juniper Netw
A Double Free vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on S
A Missing Release of Memory after Effective Lifetime vulnerability in the Routing Protocol Daemon (
An Improper Handling of Syntactically Invalid Structure vulnerability in Object Flooding Protoc
An Improper Check for Unusual or Exceptional Conditions vulnerability in Routing Protocol Daemon (R
An Improper Validation of Syntactic Correctness of Input vulnerability in Packet Forwarding Engine
Craft is a content management system. This is a potential moderate impact, low complexity privilege
SideQuest is a place to get virtual reality applications for Oculus Quest. The SideQuest desktop app
Rust EVM is an Ethereum Virtual Machine interpreter. In `rust-evm`, a feature called `record_externa
Apktool is a tool for reverse engineering Android APK files. In versions 2.9.1 and prior, Apktool in
Amazon Ion is a Java implementation of the Ion data notation. Prior to version 1.10.5, a potential d
D-Tale is a visualizer for Pandas data structures. Users hosting versions D-Tale prior to 3.9.0 publ
IdentityModel Extensions for .NET provide assemblies for web developers that wish to use federated i
pyLoad is the free and open-source Download Manager written in pure Python. Any unauthenticated user
Puma is a web server for Ruby/Rack applications built for parallelism. Prior to version 6.4.2, puma
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of
Discord-Recon is a Discord bot created to automate bug bounty recon, automated scans and information
jwx is a Go module implementing various JWx (JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE) technolog
Hyperledger Aries Cloud Agent Python (ACA-Py) is a foundation for building decentralized identity ap
SAP LT Replication Server - version S4CORE 103, S4CORE 104, S4CORE 105, S4CORE 106, S4CORE 107, S4CO
Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the produ
Multiple TP-LINK products allow a network-adjacent authenticated attacker with access to the product
Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the produ
Newtonsoft.Json before version 13.0.1 is affected by a mishandling of exceptional conditions vulnera
PeterO.Cbor versions 4.0.0 through 4.5.0 are vulnerable to a denial of service vulnerability. An at
Path traversal in the static file service in Iodine less than 0.7.33 allows an unauthenticated, remo
Under certain conditions, Internet Communication Manager (ICM) or SAP Web Dispatcher - versions KERN
Under certain conditions the Microsoft Edge browser extension (SAP GUI connector for Microsoft Edge)
GitPython is a python library used to interact with Git repositories. There is an incomplete fix for
Nginx-ui is online statistics for Server Indicators Monitor CPU usage, memory usage, load average,
Nginx-UI is a web interface to manage Nginx configurations. It is vulnerable to arbitrary command ex