Search Results (35577 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-5002 2 Fedoraproject, Pgadmin 2 Fedora, Pgadmin 4 2025-03-17 6 Medium
A flaw was found in pgAdmin. This issue occurs when the pgAdmin server HTTP API validates the path a user selects to external PostgreSQL utilities such as pg_dump and pg_restore. Versions of pgAdmin prior to 7.6 failed to properly control the server code executed on this API, allowing an authenticated user to run arbitrary commands on the server.
CVE-2024-8909 2 Apple, Google 2 Iphone Os, Chrome 2025-03-17 4.3 Medium
Inappropriate implementation in UI in Google Chrome on iOS prior to 129.0.6668.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
CVE-2024-21014 1 Oracle 1 Hospitality Simphony 2025-03-17 9.8 Critical
Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (component: Simphony Enterprise Server). Supported versions that are affected are 19.1.0-19.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality Simphony. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
CVE-2024-45230 2 Djangoproject, Redhat 2 Django, Ansible Automation Platform 2025-03-17 7.5 High
An issue was discovered in Django 5.1 before 5.1.1, 5.0 before 5.0.9, and 4.2 before 4.2.16. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters.
CVE-2024-21685 1 Atlassian 3 Jira Core, Jira Data Center, Jira Server 2025-03-17 6.5 Medium
This High severity Information Disclosure vulnerability was introduced in versions 9.4.0, 9.12.0, and 9.15.0 of Jira Core Data Center. This Information Disclosure vulnerability, with a CVSS Score of 7.4, allows an unauthenticated attacker to view sensitive information via an Information Disclosure vulnerability which has high impact to confidentiality, no impact to integrity, no impact to availability, and requires user interaction. Atlassian recommends that Jira Core Data Center customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Jira Core Data Center 9.4: Upgrade to a release greater than or equal to 9.4.21 Jira Core Data Center 9.12: Upgrade to a release greater than or equal to 9.12.8 Jira Core Data Center 9.16: Upgrade to a release greater than or equal to 9.16.0 See the release notes. You can download the latest version of Jira Core Data Center from the download center. This vulnerability was found internally.
CVE-2024-21083 1 Oracle 1 Bi Publisher 2025-03-17 7.2 High
Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Script Engine). Supported versions that are affected are 7.0.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in takeover of Oracle BI Publisher. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
CVE-2024-21010 1 Oracle 1 Hospitality Simphony 2025-03-17 9.9 Critical
Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (component: Simphony Enterprise Server). Supported versions that are affected are 19.1.0-19.5.4. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Simphony. While the vulnerability is in Oracle Hospitality Simphony, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Hospitality Simphony. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
CVE-2024-20999 1 Oracle 2 Solaris, Solaris Operating System 2025-03-17 8.2 High
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Zones). The supported version that is affected is 11. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).
CVE-2023-52360 1 Huawei 2 Emui, Harmonyos 2025-03-17 7.5 High
Logic vulnerabilities in the baseband.Successful exploitation of this vulnerability may affect service integrity.
CVE-2023-5680 2 Isc, Netapp 2 Bind, Active Iq Unified Manager 2025-03-17 5.3 Medium
If a resolver cache has a very large number of ECS records stored for the same name, the process of cleaning the cache database node for this name can significantly impair query performance. This issue affects BIND 9 versions 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.
CVE-2024-12602 1 Huawei 1 Harmonyos 2025-03-17 6.2 Medium
Identity verification vulnerability in the ParamWatcher module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2024-57960 1 Huawei 2 Emui, Harmonyos 2025-03-17 7.7 High
Input verification vulnerability in the ExternalStorageProvider module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2024-29508 1 Artifex 1 Ghostscript 2025-03-17 3.3 Low
Artifex Ghostscript before 10.03.0 has a heap-based pointer disclosure (observable in a constructed BaseFont name) in the function pdf_base_font_alloc.
CVE-2024-57962 1 Huawei 1 Harmonyos 2025-03-17 6.1 Medium
Vulnerability of incomplete verification information in the VPN service module Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2023-42943 1 Apple 1 Macos 2025-03-15 5.5 Medium
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14. An app may be able to read sensitive location information.
CVE-2024-45506 1 Haproxy 1 Haproxy 2025-03-14 7.5 High
HAProxy 2.9.x before 2.9.10, 3.0.x before 3.0.4, and 3.1.x through 3.1-dev6 allows a remote denial of service for HTTP/2 zero-copy forwarding (h2_send loop) under a certain set of conditions, as exploited in the wild in 2024.
CVE-2024-45384 1 Apache 1 Druid 2025-03-14 5.3 Medium
Padding Oracle vulnerability in Apache Druid extension, druid-pac4j. This could allow an attacker to manipulate a pac4j session cookie. This issue affects Apache Druid versions 0.18.0 through 30.0.0. Since the druid-pac4j extension is optional and disabled by default, Druid installations not using the druid-pac4j extension are not affected by this vulnerability. While we are not aware of a way to meaningfully exploit this flaw, we nevertheless recommend upgrading to version 30.0.1 or higher which fixes the issue and ensuring you have a strong druid.auth.pac4j.cookiePassphrase as a precaution.
CVE-2023-7261 1 Google 3 Chrome, Omaha, Updater 2025-03-14 7.3 High
Inappropriate implementation in Google Updator prior to 1.3.36.351 in Google Chrome allowed a local attacker to perform privilege escalation via a malicious file. (Chromium security severity: High)
CVE-2023-48957 1 Purevpn 1 Purevpn 2025-03-14 5.3 Medium
PureVPN Linux client 2.0.2-Productions fails to properly handle DNS queries, allowing them to bypass the VPN tunnel and be sent directly to the ISP or default DNS servers.
CVE-2024-5836 2 Fedoraproject, Google 2 Fedora, Chrome 2025-03-14 8.8 High
Inappropriate Implementation in DevTools in Google Chrome prior to 126.0.6478.54 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: High)