Total
31934 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-4206 | 1 Gitlab | 1 Dast Api Scanner | 2025-03-27 | N/A | 6.5 MEDIUM |
| A sensitive information leak issue has been discovered in all versions of DAST API scanner from 1.6.50 prior to 2.0.102, exposing the Authorization header in the vulnerability report | |||||
| CVE-2023-42853 | 1 Apple | 1 Macos | 2025-03-27 | N/A | 5.5 MEDIUM |
| A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to access user-sensitive data. | |||||
| CVE-2024-20943 | 1 Oracle | 1 Knowledge Management | 2025-03-27 | N/A | N/A |
| Vulnerability in the Oracle Knowledge Management product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Knowledge Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Knowledge Management, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Knowledge Management accessible data as well as unauthorized read access to a subset of Oracle Knowledge Management accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). | |||||
| CVE-2024-1549 | 2 Debian, Mozilla | 3 Debian Linux, Firefox, Thunderbird | 2025-03-27 | N/A | N/A |
| If a website set a large custom cursor, portions of the cursor could have overlapped with the permission dialog, potentially resulting in user confusion and unexpected granted permissions. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8. | |||||
| CVE-2024-1548 | 2 Debian, Mozilla | 3 Debian Linux, Firefox, Thunderbird | 2025-03-27 | N/A | N/A |
| A website could have obscured the fullscreen notification by using a dropdown select input element. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8. | |||||
| CVE-2023-29552 | 4 Netapp, Service Location Protocol Project, Suse and 1 more | 5 Smi-s Provider, Service Location Protocol, Linux Enterprise Server and 2 more | 2025-03-27 | N/A | 7.5 HIGH |
| The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated, remote attacker to register arbitrary services. This could allow the attacker to use spoofed UDP traffic to conduct a denial-of-service attack with a significant amplification factor. | |||||
| CVE-2024-20923 | 1 Oracle | 3 Graalvm, Jdk, Jre | 2025-03-26 | N/A | N/A |
| Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u391; Oracle GraalVM Enterprise Edition: 20.3.12 and 21.3.8. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). | |||||
| CVE-2024-27913 | 1 Frrouting | 1 Frrouting | 2025-03-26 | N/A | 6.5 MEDIUM |
| ospf_te_parse_te in ospfd/ospf_te.c in FRRouting (FRR) through 9.1 allows remote attackers to cause a denial of service (ospfd daemon crash) via a malformed OSPF LSA packet, because of an attempted access to a missing attribute field. | |||||
| CVE-2023-42836 | 1 Apple | 3 Ipad Os, Iphone Os, Macos | 2025-03-26 | N/A | 5.3 MEDIUM |
| A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.3, macOS Sonoma 14.1, macOS Monterey 12.7.2. An attacker may be able to access connected network volumes mounted in the home directory. | |||||
| CVE-2023-42873 | 1 Apple | 4 Ipad Os, Iphone Os, Macos and 1 more | 2025-03-26 | N/A | 7.8 HIGH |
| The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14.1, tvOS 17.1, macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.1. An app may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2023-45874 | 1 Couchbase | 1 Couchbase Server | 2025-03-26 | N/A | 4.3 MEDIUM |
| An issue was discovered in Couchbase Server through 7.2.2. A data reader may cause a denial of service (outage of reader threads). | |||||
| CVE-2024-34738 | 1 Google | 1 Android | 2025-03-26 | N/A | 7.8 HIGH |
| In multiple functions of AppOpsService.java, there is a possible way for unprivileged apps to read their own restrictRead app-op states due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-42920 | 2 Apple, Claris | 3 Macos, Claris Pro, Filemaker Pro | 2025-03-26 | N/A | 7.8 HIGH |
| Claris International has fixed a dylib hijacking vulnerability in the FileMaker Pro.app and Claris Pro.app versions on macOS. | |||||
| CVE-2023-52375 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-26 | N/A | 7.5 HIGH |
| Permission control vulnerability in the WindowManagerServices module.Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2024-40552 | 1 Publiccms | 1 Publiccms | 2025-03-26 | N/A | 8.8 HIGH |
| PublicCMS v4.0.202302.e was discovered to contain a remote commande execution (RCE) vulnerability via the cmdarray parameter at /site/ScriptComponent.java. | |||||
| CVE-2024-23247 | 1 Apple | 1 Macos | 2025-03-26 | N/A | 7.8 HIGH |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. Processing a file may lead to unexpected app termination or arbitrary code execution. | |||||
| CVE-2024-27818 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-03-26 | N/A | 7.8 HIGH |
| The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. An attacker may be able to cause unexpected app termination or arbitrary code execution. | |||||
| CVE-2024-45236 | 1 Nicmx | 1 Fort-validator | 2025-03-26 | N/A | 7.5 HIGH |
| An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) a signed object containing an empty signedAttributes field. Fort accesses the set's elements without sanitizing it first. Because Fort is an RPKI Relying Party, a crash can lead to Route Origin Validation unavailability, which can lead to compromised routing. | |||||
| CVE-2024-21082 | 1 Oracle | 1 Bi Publisher | 2025-03-26 | N/A | N/A |
| Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: XML Services). Supported versions that are affected are 7.0.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in takeover of Oracle BI Publisher. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). | |||||
| CVE-2022-32656 | 1 Mediatek | 60 Mt5221, Mt5221 Firmware, Mt7603 and 57 more | 2025-03-26 | N/A | 6.7 MEDIUM |
| In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220705035; Issue ID: GN20220705035. | |||||