Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-20937 | 1 Oracle | 1 Jd Edwards Enterpriseone Tools | 2025-03-27 | N/A | 4.3 MEDIUM |
|
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Monitoring and Diagnostics SEC). Supported versions that are affected are Prior to 9.2.8.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 4.3 (Confi ...
Show More |
|||||
| CVE-2024-27437 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-03-27 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
vfio/pci: Disable auto-enable of exclusive INTx IRQ
Currently for devices requiring masking at the irqchip for INTx, ie.
devices without DisINTx support, the IRQ is enabled in request_irq()
and subsequently disabled as necessary to align with the masked status
flag. This presents a window where the interrupt could fire between
these events, resulting in the IRQ incrementing the disable depth twice.
This would be unrecoverable ...
Show More |
|||||
| CVE-2024-28154 | 1 Jenkins | 1 Mq Notifier | 2025-03-27 | N/A | 6.5 MEDIUM |
|
Jenkins MQ Notifier Plugin 1.4.0 and earlier logs potentially sensitive build parameters as part of debug information in build logs by default.
|
|||||
| CVE-2024-21073 | 1 Oracle | 1 Trade Management | 2025-03-27 | N/A | 7.5 HIGH |
|
Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: Claim LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Trade Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Trade Management accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality imp ...
Show More |
|||||
| CVE-2024-21039 | 1 Oracle | 1 Complex Maintenance Repair And Overhaul | 2025-03-27 | N/A | 6.1 MEDIUM |
|
Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Ove ...
Show More |
|||||
| CVE-2024-0022 | 1 Google | 1 Android | 2025-03-27 | N/A | 5.5 MEDIUM |
|
In multiple functions of CompanionDeviceManagerService.java, there is a possible launch NotificationAccessConfirmationActivity of another user profile due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2023-52359 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-27 | N/A | 7.5 HIGH |
|
Vulnerability of permission verification in some APIs in the ActivityTaskManagerService module.
Impact: Successful exploitation of this vulnerability will affect availability.
|
|||||
| CVE-2022-25967 | 1 Eta.js | 1 Eta | 2025-03-27 | N/A | 8.1 HIGH |
|
Versions of the package eta before 2.0.0 are vulnerable to Remote Code Execution (RCE) by overwriting template engine configuration variables with view options received from The Express render API.
**Note:** This is exploitable only for users who are rendering templates with user-defined data.
|
|||||
| CVE-2021-47201 | 1 Linux | 1 Linux Kernel | 2025-03-27 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
iavf: free q_vectors before queues in iavf_disable_vf
iavf_free_queues() clears adapter->num_active_queues, which
iavf_free_q_vectors() relies on, so swap the order of these two function
calls in iavf_disable_vf(). This resolves a panic encountered when the
interface is disabled and then later brought up again after PF
communication is restored.
|
|||||
| CVE-2024-26820 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-03-27 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed
If hv_netvsc driver is unloaded and reloaded, the NET_DEVICE_REGISTER
handler cannot perform VF register successfully as the register call
is received before netvsc_probe is finished. This is because we
register register_netdevice_notifier() very early( even before
vmbus_driver_register()).
To fix this, we try to register each such matching VF( if it is visib ...
Show More |
|||||
| CVE-2024-26818 | 1 Linux | 1 Linux Kernel | 2025-03-27 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
tools/rtla: Fix clang warning about mount_point var size
clang is reporting this warning:
$ make HOSTCC=clang CC=clang LLVM_IAS=1
[...]
clang -O -g -DVERSION=\"6.8.0-rc3\" -flto=auto -fexceptions
-fstack-protector-strong -fasynchronous-unwind-tables
-fstack-clash-protection -Wall -Werror=format-security
-Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS
$(pkg-config --cflags libtracefs) -c -o src/utils.o src/utils.c
s ...
Show More |
|||||
| CVE-2021-47215 | 1 Linux | 1 Linux Kernel | 2025-03-27 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5e: kTLS, Fix crash in RX resync flow
For the TLS RX resync flow, we maintain a list of TLS contexts
that require some attention, to communicate their resync information
to the HW.
Here we fix list corruptions, by protecting the entries against
movements coming from resync_handle_seq_match(), until their resync
handling in napi is fully completed.
|
|||||
| CVE-2021-47212 | 1 Linux | 1 Linux Kernel | 2025-03-27 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5: Update error handler for UCTX and UMEM
In the fast unload flow, the device state is set to internal error,
which indicates that the driver started the destroy process.
In this case, when a destroy command is being executed, it should return
MLX5_CMD_STAT_OK.
Fix MLX5_CMD_OP_DESTROY_UCTX and MLX5_CMD_OP_DESTROY_UMEM to return OK
instead of EIO.
This fixes a call trace in the umem release process -
[ 2633.536695] Call ...
Show More |
|||||
| CVE-2024-26826 | 1 Linux | 1 Linux Kernel | 2025-03-27 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
mptcp: fix data re-injection from stale subflow
When the MPTCP PM detects that a subflow is stale, all the packet
scheduler must re-inject all the mptcp-level unacked data. To avoid
acquiring unneeded locks, it first try to check if any unacked data
is present at all in the RTX queue, but such check is currently
broken, as it uses TCP-specific helper on an MPTCP socket.
Funnily enough fuzzers and static checkers are happy, as ...
Show More |
|||||
| CVE-2024-26824 | 1 Linux | 1 Linux Kernel | 2025-03-27 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
crypto: algif_hash - Remove bogus SGL free on zero-length error path
When a zero-length message is hashed by algif_hash, and an error
is triggered, it tries to free an SG list that was never allocated
in the first place. Fix this by not freeing the SG list on the
zero-length error path.
|
|||||
| CVE-2024-26823 | 1 Linux | 1 Linux Kernel | 2025-03-27 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
irqchip/gic-v3-its: Restore quirk probing for ACPI-based systems
While refactoring the way the ITSs are probed, the handling of quirks
applicable to ACPI-based platforms was lost. As a result, systems such as
HIP07 lose their GICv4 functionnality, and some other may even fail to
boot, unless they are configured to boot with DT.
Move the enabling of quirks into its_probe_one(), making it common to all
firmware implementations.
|
|||||
| CVE-2024-25249 | 1 He3app | 1 He3 App | 2025-03-27 | N/A | 9.8 CRITICAL |
|
An issue in He3 App for macOS version 2.0.17, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings.
|
|||||
| CVE-2024-23236 | 1 Apple | 1 Macos | 2025-03-27 | N/A | 5.5 MEDIUM |
|
A correctness issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.5. An app may be able to read arbitrary files.
|
|||||
| CVE-2024-1671 | 1 Google | 1 Chrome | 2025-03-27 | N/A | 6.5 MEDIUM |
|
Inappropriate implementation in Site Isolation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2024-5692 | 2 Microsoft, Mozilla | 3 Windows, Firefox, Thunderbird | 2025-03-27 | N/A | 6.5 MEDIUM |
|
On Windows 10, when using the 'Save As' functionality, an attacker could have tricked the browser into saving the file with a disallowed extension such as `.url` by including an invalid character in the extension. *Note:* This issue only affected Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.
|
|||||
| CVE-2024-36735 | 1 Oneflow | 1 Oneflow | 2025-03-27 | N/A | 5.3 MEDIUM |
|
OneFlow-Inc. Oneflow v0.9.1 does not display an error or warning when the oneflow.eye parameter is floating.
|
|||||
| CVE-2022-47697 | 1 Comfast Project | 2 Cf-wr623n, Cf-wr623n Firmware | 2025-03-27 | N/A | 9.8 CRITICAL |
|
COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR623N Router firmware V2.3.0.1 and before is vulnerable to Account takeover. Anyone can reset the password of the admin accounts.
|
|||||
| CVE-2022-32984 | 1 Btcpayserver | 1 Btcpay Server | 2025-03-27 | N/A | 7.5 HIGH |
|
BTCPay Server 1.3.0 through 1.5.3 allows a remote attacker to obtain sensitive information when a public Point of Sale app is exposed. The sensitive information, found in the HTML source code, includes the xpub of the store. Also, if the store isn't using the internal lightning node, the credentials of a lightning node are exposed.
|
|||||
| CVE-2022-23455 | 1 Hp | 1 Support Assistant | 2025-03-27 | N/A | 7.8 HIGH |
|
Potential security vulnerabilities have been identified in HP Support Assistant. These vulnerabilities include privilege escalation, compromise of integrity, allowed communication with untrusted clients, and unauthorized modification of files.
|
|||||
| CVE-2021-3809 | 1 Hp | 362 Elite Dragonfly, Elite Dragonfly Firmware, Elite Slice and 359 more | 2025-03-27 | N/A | 7.8 HIGH |
|
Potential security vulnerabilities have been identified in the BIOS (UEFI Firmware) for certain HP PC products, which might allow arbitrary code execution. HP is releasing firmware updates to mitigate these potential vulnerabilities.
|
|||||
| CVE-2021-3808 | 1 Hp | 362 Elite Dragonfly, Elite Dragonfly Firmware, Elite Slice and 359 more | 2025-03-27 | N/A | 7.8 HIGH |
|
Potential security vulnerabilities have been identified in the BIOS (UEFI Firmware) for certain HP PC products, which might allow arbitrary code execution. HP is releasing firmware updates to mitigate these potential vulnerabilities.
|
|||||
| CVE-2021-3439 | 1 Hp | 754 200 G3 All-in-one \(rom Family Ssid 8431\), 200 G3 All-in-one \(rom Family Ssid 8431\) Firmware, 200 G3 All-in-one \(rom Family Ssid 84de\) and 751 more | 2025-03-27 | N/A | 7.8 HIGH |
|
HP has identified a potential vulnerability in BIOS firmware of some Workstation products. Firmware updates are being released to mitigate these potential vulnerabilities.
|
|||||
| CVE-2024-30233 | 1 Wpxpo | 1 Wholesalex | 2025-03-27 | N/A | 6.5 MEDIUM |
|
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wholesale Team WholesaleX.This issue affects WholesaleX: from n/a through 1.3.1.
|
|||||
| CVE-2024-20911 | 1 Oracle | 1 Audit Vault And Database Firewall | 2025-03-27 | N/A | 2.6 LOW |
|
Vulnerability in Oracle Audit Vault and Database Firewall (component: Firewall). Supported versions that are affected are 20.1-20.9. Difficult to exploit vulnerability allows high privileged attacker with network access via Oracle Net to compromise Oracle Audit Vault and Database Firewall. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Audit Vault and Database Firewall, attacks may significantly impact additional prod ...
Show More |
|||||
| CVE-2024-31004 | 1 Axiosys | 1 Bento4 | 2025-03-27 | N/A | 9.8 CRITICAL |
|
An issue in Bento4 Bento v.1.6.0-641 allows a remote attacker to execute arbitrary code via the Ap4StsdAtom.cpp,AP4_StsdAtom::AP4_StsdAtom,mp4fragment.
|
|||||
| CVE-2023-52363 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-27 | N/A | 5.3 MEDIUM |
|
Vulnerability of defects introduced in the design process in the Control Panel module.Successful exploitation of this vulnerability may cause app processes to be started by mistake.
|
|||||
| CVE-2024-39945 | 1 Dahuasecurity | 112 Nvr4104-4ks2\/l, Nvr4104-4ks2\/l Firmware, Nvr4104-4ks3 and 109 more | 2025-03-27 | N/A | 4.9 MEDIUM |
|
A vulnerability has been found in Dahua products. After
obtaining the administrator's username and password, the attacker can send a
carefully crafted data packet to the interface with vulnerabilities, causing
the device to crash.
|
|||||
| CVE-2024-31310 | 1 Google | 1 Android | 2025-03-27 | N/A | 7.8 HIGH |
|
In newServiceInfoLocked of AutofillManagerServiceImpl.java, there is a possible way to hide an enabled Autofill service app in the Autofill service settings due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
|
|||||
| CVE-2024-25063 | 1 Hikvision | 1 Hikcentral Professional | 2025-03-27 | N/A | 7.5 HIGH |
|
Due to insufficient server-side validation, a successful exploit of this vulnerability could allow an attacker to gain access to certain URLs that the attacker should not have access to.
|
|||||
| CVE-2024-21993 | 1 Netapp | 1 Snapcenter | 2025-03-27 | N/A | 5.7 MEDIUM |
|
SnapCenter versions prior to 5.0p1 are susceptible to a vulnerability
which could allow an authenticated attacker to discover plaintext
credentials.
|
|||||
| CVE-2024-20986 | 1 Oracle | 1 Weblogic Server | 2025-03-27 | N/A | 6.1 MEDIUM |
|
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products (sco ...
Show More |
|||||
| CVE-2024-0047 | 1 Google | 1 Android | 2025-03-27 | N/A | 5.5 MEDIUM |
|
In writeUserLP of UserManagerService.java, device policies are serialized with an incorrect tag due to a logic error in the code. This could lead to local denial of service when policies are deserialized on reboot with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2023-50811 | 1 Seling | 1 Visual Access Manager | 2025-03-27 | N/A | 6.5 MEDIUM |
|
An issue discovered in SELESTA Visual Access Manager 4.38.6 allows attackers to modify the “computer” POST parameter related to the ID of a specific reception by POST HTTP request interception. Iterating that parameter, it has been possible to access to the application and take control of many other receptions in addition the assigned one.
|
|||||
| CVE-2023-26323 | 1 Mi | 1 App Market | 2025-03-27 | N/A | 7.6 HIGH |
|
A code execution vulnerability exists in the Xiaomi App market product. The vulnerability is caused by unsafe configuration and can be exploited by attackers to execute arbitrary code.
|
|||||
| CVE-2022-27537 | 1 Hp | 654 Dragonfly Folio G3 2-in-1, Dragonfly Folio G3 2-in-1 Firmware, Elite Dragonfly and 651 more | 2025-03-27 | N/A | 7.8 HIGH |
|
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate these potential vulnerabilities.
|
|||||