Export limit exceeded: 35577 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (35577 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-45003 | 1 Getgophish | 1 Gophish | 2025-02-25 | 7.5 High |
| Gophish through 0.12.1 allows attackers to cause a Denial of Service (DoS) via a crafted payload involving autofocus. | ||||
| CVE-2023-28758 | 1 Veritas | 1 Netbackup | 2025-02-25 | 7.1 High |
| An issue was discovered in Veritas NetBackup before 8.3.0.2. BPCD allows an unprivileged user to specify a log file path when executing a NetBackup command. This can be used to overwrite existing NetBackup log files. | ||||
| CVE-2024-2424 | 1 Rockwellautomation | 2 5015-aenftxt, 5015-aenftxt Firmware | 2025-02-25 | 7.5 High |
| An input validation vulnerability exists in the Rockwell Automation 5015-AENFTXT that causes the secondary adapter to result in a major nonrecoverable fault (MNRF) when malicious input is entered. If exploited, the availability of the device will be impacted, and a manual restart is required. Additionally, a malformed PTP packet is needed to exploit this vulnerability. | ||||
| CVE-2022-25899 | 1 Intel | 1 Open Active Management Technology Cloud Toolkit | 2025-02-25 | 9.8 Critical |
| Authentication bypass for the Open AMT Cloud Toolkit software maintained by Intel(R) before versions 2.0.2 and 2.2.2 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | ||||
| CVE-2023-20962 | 1 Google | 1 Android | 2025-02-25 | 5.5 Medium |
| In getSliceEndItem of MediaVolumePreferenceController.java, there is a possible way to start foreground activity from the background due to an unsafe PendingIntent. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-256590210 | ||||
| CVE-2023-20559 | 1 Amd | 178 Athlon Gold 3150u, Athlon Gold 3150u Firmware, Athlon Silver 3050u and 175 more | 2025-02-25 | 8.8 High |
| Insufficient control flow management in AmdCpmGpioInitSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to escalation of privileges. | ||||
| CVE-2024-28072 | 1 Solarwinds | 1 Serv-u | 2025-02-25 | 5.7 Medium |
| A highly privileged account can overwrite arbitrary files on the system with log output. The log file path tags were not sanitized properly. | ||||
| CVE-2023-21027 | 1 Google | 1 Android | 2025-02-25 | 7.5 High |
| In multiple functions of PasspointXmlUtils.java, there is a possible authentication misconfiguration due to a logic error in the code. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-216854451 | ||||
| CVE-2023-21026 | 1 Google | 1 Android | 2025-02-25 | 5.5 Medium |
| In updateInputChannel of WindowManagerService.java, there is a possible way to set a touchable region beyond its own SurfaceControl due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-254681548 | ||||
| CVE-2023-21024 | 1 Google | 1 Android | 2025-02-25 | 7.8 High |
| In maybeFinish of FallbackHome.java, there is a possible delay of lockdown screen due to logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246543238 | ||||
| CVE-2023-20971 | 1 Google | 1 Android | 2025-02-25 | 7.8 High |
| In removePermission of PermissionManagerServiceImpl.java, there is a possible way to obtain dangerous permissions without user consent due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-20861 | 2 Redhat, Vmware | 8 Amq Broker, Camel Spring Boot, Jboss Enterprise Bpms Platform and 5 more | 2025-02-25 | 6.5 Medium |
| In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition. | ||||
| CVE-2022-28492 | 1 Totolink | 2 Cp900, Cp900 Firmware | 2025-02-25 | 9.8 Critical |
| TOTOLINK Technology CPE with firmware V6.3c.566 ,allows remote attackers to bypass Login. | ||||
| CVE-2022-28493 | 1 Totolink | 2 Cp900, Cp900 Firmware | 2025-02-25 | 9.8 Critical |
| A vulnerability in TOTOLINK CP900 V6.3c.566 allows attackers to start the Telnet service, | ||||
| CVE-2023-21040 | 1 Google | 1 Android | 2025-02-25 | 7.8 High |
| In buildCommand of bluetooth_ccc.cc, there is a possible out of bounds write due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238420277References: N/A | ||||
| CVE-2023-21036 | 1 Google | 1 Android | 2025-02-25 | 5.5 Medium |
| In BitmapExport.java, there is a possible failure to truncate images due to a logic error in the code.Product: AndroidVersions: Android kernelAndroid ID: A-264261868References: N/A | ||||
| CVE-2023-20995 | 1 Google | 1 Android | 2025-02-25 | 7.8 High |
| In captureImage of CustomizedSensor.cpp, there is a possible way to bypass the fingerprint unlock due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-241910279 | ||||
| CVE-2022-42528 | 1 Google | 1 Android | 2025-02-25 | 5.5 Medium |
| In ffa_mrd_prot of shared_mem.c, there is a possible ID due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-242203672References: N/A | ||||
| CVE-2023-25169 | 1 Discourse | 1 Discourse Yearly Review | 2025-02-25 | 3.1 Low |
| discourse-yearly-review is a discourse plugin which publishes an automated Year in Review topic. In affected versions a user present in a yearly review topic that is then anonymised will still have some data linked to its original account. This issue has been patched in commit `b3ab33bbf7` which is included in the latest version of the Discourse Yearly Review plugin. Users are advised to upgrade. Users unable to upgrade may disable the `yearly_review_enabled` setting to fully mitigate the issue. Also, it's possible to edit the anonymised user's old data in the yearly review topics manually. | ||||
| CVE-2023-26054 | 2 Mobyproject, Redhat | 3 Buildkit, Openshift, Service Mesh | 2025-02-25 | 6.5 Medium |
| BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In affected versions when the user sends a build request that contains a Git URL that contains credentials and the build creates a provenance attestation describing that build, these credentials could be visible from the provenance attestation. Git URL can be passed in two ways: 1) Invoking build directly from a URL with credentials. 2) If the client sends additional version control system (VCS) info hint parameters on builds from a local source. Usually, that would mean reading the origin URL from `.git/config` file. When a build is performed under specific conditions where credentials were passed to BuildKit they may be visible to everyone who has access to provenance attestation. Provenance attestations and VCS info hints were added in version v0.11.0. Previous versions are not vulnerable. In v0.10, when building directly from Git URL, the same URL could be visible in `BuildInfo` structure that is a predecessor of Provenance attestations. Previous versions are not vulnerable. This bug has been fixed in v0.11.4. Users are advised to upgrade. Users unable to upgrade may disable VCS info hints by setting `BUILDX_GIT_INFO=0`. `buildctl` does not set VCS hints based on `.git` directory, and values would need to be passed manually with `--opt`. | ||||