CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2014-9196 Eaton Cooper Power Systems ProView 4.0 and 5.0 before 5.0 11 on Form 6 controls and Idea and IdeaPLUS relays generates TCP initial sequence number (ISN) values linearly, which makes it easier for remo... | N/A | NONE | — | 0 |
| CVE-2021-34185 Miniaudio 0.10.35 has an integer-based buffer overflow caused by an out-of-bounds left shift in drwav_bytes_to_u32 in miniaudio.h | 7.8 | HIGH | — | 0 |
| CVE-2015-8095 The recycle bin feature in the Monster Menus module 7.x-1.21 before 7.x-1.24 for Drupal does not properly remove nodes from view, which allows remote attackers to obtain sensitive information via an u... | N/A | NONE | — | 0 |
| CVE-2015-3418 The ProcPutImage function in dix/dispatch.c in X.Org Server (aka xserver and xorg-server) before 1.16.4 allows attackers to cause a denial of service (divide-by-zero and crash) via a zero-height PutIm... | N/A | NONE | — | 0 |
| CVE-2015-7313 LibTIFF before 4.0.7 allows remote attackers to cause a denial of service (memory consumption and crash) via a crafted tiff file. | 5.5 | MEDIUM | — | 0 |
| CVE-2017-10971 In the X.Org X server before 2017-06-19, a user authenticated to an X Session could crash or execute code in the context of the X Server by exploiting a stack overflow in the endianness conversion of ... | N/A | NONE | — | 0 |
| CVE-2017-10972 Uninitialized data in endianness conversion in the XEvent handling of the X.Org X Server before 2017-06-19 allowed authenticated malicious users to access potentially privileged data from the X server... | N/A | NONE | — | 0 |
| CVE-2017-13721 In X.Org Server (aka xserver and xorg-server) before 1.19.4, an attacker authenticated to an X server with the X shared memory extension enabled can cause aborts of the X server or replace shared memo... | N/A | NONE | — | 0 |
| CVE-2017-13723 In X.Org Server (aka xserver and xorg-server) before 1.19.4, a local attacker authenticated to the X server could overflow a global buffer, causing crashes of the X server or potentially other problem... | N/A | NONE | — | 0 |
| CVE-2017-3892 In BlackBerry QNX Software Development Platform (SDP) 6.6.0, an information disclosure vulnerability in the default configuration of the QNX SDP could allow an attacker to gain information relating to... | 3.8 | LOW | — | 0 |
| CVE-2017-9369 In BlackBerry QNX Software Development Platform (SDP) 6.6.0 and 6.5.0 SP1 and earlier, an information disclosure vulnerability in the default configuration of the QNX SDP could allow an attacker to ga... | 3.8 | LOW | — | 0 |
| CVE-2017-1000190 SimpleXML (latest version 2.7.1) is vulnerable to an XXE vulnerability resulting SSRF, information disclosure, DoS and so on. | 9.1 | CRITICAL | — | 0 |
| CVE-2017-12180 xorg-x11-server before 1.19.5 was missing length validation in XFree86 VidModeExtension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | N/A | NONE | — | 0 |
| CVE-2017-17485 FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploita... | 9.8 | CRITICAL | — | 0 |
| CVE-2017-12176 xorg-x11-server before 1.19.5 was missing extra length validation in ProcEstablishConnection function allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | N/A | NONE | — | 0 |
| CVE-2017-12177 xorg-x11-server before 1.19.5 was vulnerable to integer overflow in ProcDbeGetVisualInfo function allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | N/A | NONE | — | 0 |
| CVE-2017-12178 xorg-x11-server before 1.19.5 had wrong extra length check in ProcXIChangeHierarchy function allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | N/A | NONE | — | 0 |
| CVE-2017-12179 xorg-x11-server before 1.19.5 was vulnerable to integer overflow in (S)ProcXIBarrierReleasePointer functions allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | N/A | NONE | — | 0 |
| CVE-2017-12181 xorg-x11-server before 1.19.5 was missing length validation in XFree86 DGA extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | N/A | NONE | — | 0 |
| CVE-2017-12182 xorg-x11-server before 1.19.5 was missing length validation in XFree86 DRI extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | N/A | NONE | — | 0 |
| CVE-2017-12183 xorg-x11-server before 1.19.5 was missing length validation in XFIXES extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | N/A | NONE | — | 0 |
| CVE-2017-12184 xorg-x11-server before 1.19.5 was missing length validation in XINERAMA extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | N/A | NONE | — | 0 |
| CVE-2018-10631 The 8840 Clinician Programmer executes the application program from the 8870 Application Card. An attacker with physical access to an 8870 Application Card and sufficient technical capability can modi... | 6.3 | MEDIUM | — | 0 |
| CVE-2017-12185 xorg-x11-server before 1.19.5 was missing length validation in MIT-SCREEN-SAVER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | N/A | NONE | — | 0 |
| CVE-2017-12186 xorg-x11-server before 1.19.5 was missing length validation in X-Resource extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | N/A | NONE | — | 0 |
| CVE-2017-12187 xorg-x11-server before 1.19.5 was missing length validation in RENDER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | N/A | NONE | — | 0 |
| CVE-2018-1274 Spring Data Commons, versions 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property path parser vulnerability caused by unlimited resource allocation. An unauthenticated re... | 7.5 | HIGH | — | 0 |
| CVE-2021-32024 A remote code execution vulnerability in the BMP image codec of BlackBerry QNX SDP version(s) 6.4 to 7.1 could allow an attacker to potentially execute code in the context of the affected process. | 9.8 | CRITICAL | — | 0 |
| CVE-2017-2624 It was found that xorg-x11-server before 1.19.0 including uses memcmp() to check the received MIT cookie against a series of valid cookies. If the cookie is correct, it is allowed to attach to the Xor... | N/A | NONE | — | 0 |
| CVE-2018-18307 A Stored XSS vulnerability has been discovered in version 4.1.0 of AlchemyCMS via the /admin/pictures image field. NOTE: the vendor's position is that this is not a valid report: "The researcher used ... | N/A | NONE | — | 0 |
| CVE-2018-18434 An issue was discovered in litemall 0.9.0. Arbitrary file download is possible via ../ directory traversal in linlinjava/litemall/wx/web/WxStorageController.java in the litemall-wx-api component. | N/A | NONE | — | 0 |
| CVE-2018-14665 A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in ... | N/A | NONE | — | 0 |
| CVE-2019-5312 An issue was discovered in weixin-java-tools v3.3.0. There is an XXE vulnerability in the getXmlDoc method of the BaseWxPayResult.java file. NOTE: this issue exists because of an incomplete fix for CV... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-1761 A vulnerability in the Hot Standby Router Protocol (HSRP) subsystem of Cisco IOS and IOS XE Software could allow an unauthenticated, adjacent attacker to receive potentially sensitive information from... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-51516 Permission control vulnerability in the ability module Impact: Successful exploitation of this vulnerability may cause features to function abnormally. | 6.2 | MEDIUM | — | 0 |
| CVE-2019-5427 c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration. | 7.5 | HIGH | — | 0 |
| CVE-2018-20655 When receiving calls using WhatsApp for iOS, a missing size check when parsing a sender-provided packet allowed for a stack-based overflow. This issue affects WhatsApp for iOS prior to v2.18.90.24 and... | 9.8 | CRITICAL | — | 0 |
| CVE-2018-6339 When receiving calls using WhatsApp on Android, a stack allocation failed to properly account for the amount of data being passed in. An off-by-one error meant that data was written beyond the allocat... | N/A | NONE | — | 0 |
| CVE-2018-6349 When receiving calls using WhatsApp for Android, a missing size check when parsing a sender-provided packet allowed for a stack-based overflow. This issue affects WhatsApp for Android prior to 2.18.24... | 9.8 | CRITICAL | — | 0 |
| CVE-2018-6350 An out-of-bounds read was possible in WhatsApp due to incorrect parsing of RTP extension headers. This issue affects WhatsApp for Android prior to 2.18.276, WhatsApp Business for Android prior to 2.18... | N/A | NONE | — | 0 |
| CVE-2024-50947 An issue in kmqtt v0.2.7 allows attackers to cause a Denial of Service (DoS) via a crafted request. | 7.5 | HIGH | — | 0 |
| CVE-2019-12814 A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x through 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON en... | 5.9 | MEDIUM | — | 0 |
| CVE-2019-11272 Spring Security, versions 4.2.x up to 4.2.12, and older unsupported versions support plain text passwords using PlaintextPasswordEncoder. If an application using an affected version of Spring Security... | 7.3 | HIGH | — | 0 |
| CVE-2020-14061 FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnection... | 8.1 | HIGH | — | 0 |
| CVE-2020-14347 A flaw was found in the way xserver memory was not properly initialized. This could leak parts of server memory to the X client. In cases where Xorg server runs with elevated privileges, this could re... | 5.5 | MEDIUM | — | 0 |
| CVE-2020-16959 Windows Backup Engine Elevation of Privilege Vulnerability | 7.8 | HIGH | — | 0 |
| CVE-2020-14346 A flaw was found in xorg-x11-server before 1.20.9. An integer underflow in the X input extension protocol decoding in the X server may lead to arbitrary access of memory contents. The highest threat f... | 7.8 | HIGH | — | 0 |
| CVE-2020-14361 A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Integer underflow leading to heap-buffer overflow may lead to a privilege escalation vulnerability. The highest threat from this vuln... | 7.8 | HIGH | — | 0 |
| CVE-2020-14362 A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Integer underflow leading to heap-buffer overflow may lead to a privilege escalation vulnerability. The highest threat from this vuln... | 7.8 | HIGH | — | 0 |
| CVE-2020-16958 Windows Backup Engine Elevation of Privilege Vulnerability | 7.8 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.