Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-20934 | 1 Google | 1 Android | 2025-03-21 | N/A | 7.8 HIGH |
|
In resolveAttributionSource of ServiceUtilities.cpp, there is a possible way to disable the microphone privacy indicator due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-258672042
|
|||||
| CVE-2022-48638 | 1 Linux | 1 Linux Kernel | 2025-03-21 | N/A | 5.3 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
cgroup: cgroup_get_from_id() must check the looked-up kn is a directory
cgroup has to be one kernfs dir, otherwise kernel panic is caused,
especially cgroup id is provide from userspace.
|
|||||
| CVE-2024-30542 | 1 Wpxpo | 1 Wholesalex | 2025-03-21 | N/A | 9.8 CRITICAL |
|
Improper Privilege Management vulnerability in Wholesale WholesaleX allows Privilege Escalation.This issue affects WholesaleX: from n/a through 1.3.2.
|
|||||
| CVE-2023-1809 | 1 W3eden | 1 Download Manager | 2025-03-21 | N/A | 7.5 HIGH |
|
The Download Manager WordPress plugin before 6.3.0 leaks master key information without the need for a password, allowing attackers to download arbitrary password-protected package files.
|
|||||
| CVE-2022-20551 | 1 Google | 1 Android | 2025-03-21 | N/A | 6.7 MEDIUM |
|
In createTrack of AudioFlinger.cpp, there is a possible way to record audio without a privacy indicator due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-243376549
|
|||||
| CVE-2022-20481 | 1 Google | 1 Android | 2025-03-21 | N/A | 5.5 MEDIUM |
|
In multiple files, there is a possible way to preserve WiFi settings due to residual data after a reset. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-241927115
|
|||||
| CVE-2022-2362 | 1 W3eden | 1 Download Manager | 2025-03-21 | N/A | 7.5 HIGH |
|
The Download Manager WordPress plugin before 3.2.50 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based download blocking restrictions.
|
|||||
| CVE-2022-3891 | 1 Pixelite | 1 Wp Fullcalendar | 2025-03-21 | N/A | 5.3 MEDIUM |
|
The WP FullCalendar WordPress plugin before 1.5 does not ensure that the post retrieved via an AJAX action is public and can be accessed by the user making the request, allowing unauthenticated attackers to get the content of arbitrary posts, including draft/private as well as password-protected ones.
|
|||||
| CVE-2021-47197 | 1 Linux | 1 Linux Kernel | 2025-03-21 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5e: nullify cq->dbg pointer in mlx5_debug_cq_remove()
Prior to this patch in case mlx5_core_destroy_cq() failed it proceeds
to rest of destroy operations. mlx5_core_destroy_cq() could be called again
by user and cause additional call of mlx5_debug_cq_remove().
cq->dbg was not nullify in previous call and cause the crash.
Fix it by nullify cq->dbg pointer after removal.
Also proceed to destroy operations only if FW ret ...
Show More |
|||||
| CVE-2021-47187 | 1 Linux | 1 Linux Kernel | 2025-03-21 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
arm64: dts: qcom: msm8998: Fix CPU/L2 idle state latency and residency
The entry/exit latency and minimum residency in state for the idle
states of MSM8998 were ..bad: first of all, for all of them the
timings were written for CPU sleep but the min-residency-us param
was miscalculated (supposedly, while porting this from downstream);
Then, the power collapse states are setting PC on both the CPU
cluster *and* the L2 cache, whi ...
Show More |
|||||
| CVE-2024-26940 | 1 Linux | 1 Linux Kernel | 2025-03-20 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
drm/vmwgfx: Create debugfs ttm_resource_manager entry only if needed
The driver creates /sys/kernel/debug/dri/0/mob_ttm even when the
corresponding ttm_resource_manager is not allocated.
This leads to a crash when trying to read from this file.
Add a check to create mob_ttm, system_mob_ttm, and gmr_ttm debug file
only when the corresponding ttm_resource_manager is allocated.
crash> bt
PID: 3133409 TASK: ffff8fe4834a5000 CP ...
Show More |
|||||
| CVE-2024-8908 | 1 Google | 1 Chrome | 2025-03-20 | N/A | 4.3 MEDIUM |
|
Inappropriate implementation in Autofill in Google Chrome prior to 129.0.6668.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
|
|||||
| CVE-2024-7981 | 1 Google | 1 Chrome | 2025-03-20 | N/A | 4.3 MEDIUM |
|
Inappropriate implementation in Views in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
|
|||||
| CVE-2023-42925 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-03-20 | N/A | 3.3 LOW |
|
The issue was addressed with improved restriction of data container access. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to access Notes attachments.
|
|||||
| CVE-2023-31346 | 1 Amd | 123 Epyc 7203 Firmware, Epyc 7203p, Epyc 7203p Firmware and 120 more | 2025-03-20 | N/A | 6.0 MEDIUM |
|
Failure to initialize
memory in SEV Firmware may allow a privileged attacker to access stale data
from other guests.
|
|||||
| CVE-2023-0141 | 1 Google | 1 Chrome | 2025-03-20 | N/A | 4.3 MEDIUM |
|
Insufficient policy enforcement in CORS in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
|
|||||
| CVE-2023-0133 | 1 Google | 2 Android, Chrome | 2025-03-20 | N/A | 6.5 MEDIUM |
|
Inappropriate implementation in in Permission prompts in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to bypass main origin permission delegation via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2023-0132 | 2 Google, Microsoft | 2 Chrome, Windows | 2025-03-20 | N/A | 6.5 MEDIUM |
|
Inappropriate implementation in in Permission prompts in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to force acceptance of a permission prompt via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2023-0131 | 1 Google | 1 Chrome | 2025-03-20 | N/A | 6.5 MEDIUM |
|
Inappropriate implementation in in iframe Sandbox in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to bypass file download restrictions via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2023-0130 | 1 Google | 2 Android, Chrome | 2025-03-20 | N/A | 6.5 MEDIUM |
|
Inappropriate implementation in in Fullscreen API in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2022-41564 | 1 Tibco | 2 Hawk, Operational Intelligence Hawk Redtail | 2025-03-20 | N/A | 6.8 MEDIUM |
|
The Hawk Console component of TIBCO Software Inc.'s TIBCO Hawk and TIBCO Operational Intelligence Hawk RedTail contains a vulnerability that will return the EMS transport password and EMS SSL password to a privileged user. Affected releases are TIBCO Software Inc.'s TIBCO Hawk: versions 6.1.0 through 6.2.1 and TIBCO Operational Intelligence Hawk RedTail: versions 7.0.0 through 7.2.0.
|
|||||
| CVE-2024-22235 | 1 Vmware | 2 Aria Operations, Cloud Foundation | 2025-03-20 | N/A | 6.7 MEDIUM |
|
VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'.
|
|||||
| CVE-2024-31399 | 1 Cybozu | 1 Garoon | 2025-03-20 | N/A | 6.5 MEDIUM |
|
Excessive platform resource consumption within a loop issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, processing a crafted mail may cause a denial-of-service (DoS) condition.
|
|||||
| CVE-2023-25758 | 1 Onekey | 4 Onekey Mini, Onekey Mini Firmware, Onekey Touch and 1 more | 2025-03-20 | N/A | 4.2 MEDIUM |
|
Onekey Touch devices through 4.0.0 and Onekey Mini devices through 2.10.0 allow man-in-the-middle attackers to obtain the seed phase. The man-in-the-middle access can only be obtained after disassembling a device (i.e., here, "man-in-the-middle" does not refer to the attacker's position on an IP network). NOTE: the vendor states that "our hardware team has updated the security patch without anyone being affected."
|
|||||
| CVE-2024-3174 | 1 Google | 1 Chrome | 2025-03-20 | N/A | 8.8 HIGH |
|
Inappropriate implementation in V8 in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2024-38970 | 1 Vaethink | 1 Vaethink | 2025-03-20 | N/A | 4.9 MEDIUM |
|
vaeThink 1.0.2 is vulnerable to Information Disclosure via the system backend,access management administrator function.
|
|||||
| CVE-2024-26787 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-03-20 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
mmc: mmci: stm32: fix DMA API overlapping mappings warning
Turning on CONFIG_DMA_API_DEBUG_SG results in the following warning:
DMA-API: mmci-pl18x 48220000.mmc: cacheline tracking EEXIST,
overlapping mappings aren't supported
WARNING: CPU: 1 PID: 51 at kernel/dma/debug.c:568
add_dma_entry+0x234/0x2f4
Modules linked in:
CPU: 1 PID: 51 Comm: kworker/1:2 Not tainted 6.1.28 #1
Hardware name: STMicroelectronics STM32MP257F-EV1 Ev ...
Show More |
|||||
| CVE-2024-5691 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2025-03-19 | N/A | 4.7 MEDIUM |
|
By tricking the browser with a `X-Frame-Options` header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.
|
|||||
| CVE-2023-50780 | 1 Apache | 1 Activemq Artemis | 2025-03-19 | N/A | 8.8 HIGH |
|
Apache ActiveMQ Artemis allows access to diagnostic information and controls through MBeans, which are also exposed through the authenticated Jolokia endpoint. Before version 2.29.0, this also included the Log4J2 MBean. This MBean is not meant for exposure to non-administrative users. This could eventually allow an authenticated attacker to write arbitrary files to the filesystem and indirectly achieve RCE.
Users are recommended to upgrade to version 2.29.0 or later, which fixes the issue.
|
|||||
| CVE-2023-42957 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-03-19 | N/A | 3.3 LOW |
|
A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10. An app may be able to read sensitive location information.
|
|||||
| CVE-2023-28452 | 1 Coredns.io | 1 Coredns | 2025-03-19 | N/A | 7.5 HIGH |
|
An issue was discovered in CoreDNS through 1.10.1. There is a vulnerability in DNS resolving software, which triggers a resolver to ignore valid responses, thus causing denial of service for normal resolution. In an exploit, the attacker could just forge a response targeting the source port of a vulnerable resolver without the need to guess the correct TXID.
|
|||||
| CVE-2023-23458 | 1 Sunellsecurity | 14 Sn-adr3804e1, Sn-adr3804e1 Firmware, Sn-adr3808e1 and 11 more | 2025-03-19 | N/A | 6.5 MEDIUM |
|
Sunell DVR, latest version, CWE-200: Exposure of Sensitive Information to an Unauthorized Actor through an unspecified request.
|
|||||
| CVE-2024-54658 | 1 Apple | 7 Ipados, Iphone Os, Macos and 4 more | 2025-03-19 | N/A | 6.5 MEDIUM |
|
The issue was addressed with improved memory handling. This issue is fixed in iOS 17.4 and iPadOS 17.4, Safari 17.4, tvOS 17.4, watchOS 10.4, visionOS 1.1, macOS Sonoma 14.4. Processing web content may lead to a denial-of-service.
|
|||||
| CVE-2024-33880 | 2 Microsoft, Virtosoftware | 2 Sharepoint Server, Sharepoint Bulk File Download | 2025-03-19 | N/A | 5.3 MEDIUM |
|
An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. It discloses full pathnames via Virto.SharePoint.FileDownloader/Api/Download.ashx?action=archive.
|
|||||
| CVE-2024-31315 | 1 Google | 1 Android | 2025-03-19 | N/A | 7.8 HIGH |
|
In multiple functions of ManagedServices.java, there is a possible way to hide an app with notification access in the Device & app notifications settings due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
|
|||||
| CVE-2024-0034 | 1 Google | 1 Android | 2025-03-19 | N/A | 7.8 HIGH |
|
In BackgroundLaunchProcessController, there is a possible way to launch arbitrary activity from the background due to BAL Bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2023-20927 | 1 Google | 1 Android | 2025-03-19 | N/A | 7.8 HIGH |
|
In permissions of AndroidManifest.xml, there is a possible way to grant signature permissions due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-244216503
|
|||||
| CVE-2022-42455 | 1 Asus | 1 Armoury Crate | 2025-03-19 | N/A | 7.8 HIGH |
|
ASUS EC Tool driver (aka d.sys) 1beb15c90dcf7a5234ed077833a0a3e900969b60be1d04fcebce0a9f8994bdbb, as signed by ASUS and shipped with multiple ASUS software products, contains multiple IOCTL handlers that provide raw read and write access to port I/O and MSRs via unprivileged IOCTL calls. Local users can gain privileges.
|
|||||
| CVE-2022-38935 | 1 Niter | 1 Niterforum | 2025-03-19 | N/A | 8.8 HIGH |
|
An issue was discovered in NiterForum version 2.5.0-beta in /src/main/java/cn/niter/forum/api/SsoApi.java and /src/main/java/cn/niter/forum/controller/AdminController.java, allows attackers to gain escalated privileges.
|
|||||
| CVE-2018-9412 | 1 Google | 1 Android | 2025-03-19 | N/A | 5.5 MEDIUM |
|
In removeUnsynchronization of ID3.cpp there is a possible resource exhaustion due to improper input validation. This could lead to denial of service with no additional execution privileges needed. User interaction is needed for exploitation.
|
|||||