Total
31934 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-42925 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-03-20 | N/A | 3.3 LOW |
| The issue was addressed with improved restriction of data container access. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to access Notes attachments. | |||||
| CVE-2023-0141 | 1 Google | 1 Chrome | 2025-03-20 | N/A | 4.3 MEDIUM |
| Insufficient policy enforcement in CORS in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) | |||||
| CVE-2023-0133 | 1 Google | 2 Android, Chrome | 2025-03-20 | N/A | 6.5 MEDIUM |
| Inappropriate implementation in in Permission prompts in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to bypass main origin permission delegation via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2024-22235 | 1 Vmware | 2 Aria Operations, Cloud Foundation | 2025-03-20 | N/A | 6.7 MEDIUM |
| VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'. | |||||
| CVE-2011-0187 | 1 Apple | 3 Mac Os X, Mac Os X Server, Quicktime | 2025-03-20 | 4.3 MEDIUM | N/A |
| The plug-in in QuickTime in Apple Mac OS X before 10.6.7 allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive video data via vectors involving a cross-site redirect. | |||||
| CVE-2024-31399 | 1 Cybozu | 1 Garoon | 2025-03-20 | N/A | 6.5 MEDIUM |
| Excessive platform resource consumption within a loop issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, processing a crafted mail may cause a denial-of-service (DoS) condition. | |||||
| CVE-2023-25758 | 1 Onekey | 4 Onekey Mini, Onekey Mini Firmware, Onekey Touch and 1 more | 2025-03-20 | N/A | 4.2 MEDIUM |
| Onekey Touch devices through 4.0.0 and Onekey Mini devices through 2.10.0 allow man-in-the-middle attackers to obtain the seed phase. The man-in-the-middle access can only be obtained after disassembling a device (i.e., here, "man-in-the-middle" does not refer to the attacker's position on an IP network). NOTE: the vendor states that "our hardware team has updated the security patch without anyone being affected." | |||||
| CVE-2024-27860 | 1 Apple | 1 Macos | 2025-03-20 | N/A | 5.5 MEDIUM |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15. An application may be able to read restricted memory. | |||||
| CVE-2024-38970 | 1 Vaethink | 1 Vaethink | 2025-03-20 | N/A | 4.9 MEDIUM |
| vaeThink 1.0.2 is vulnerable to Information Disclosure via the system backend,access management administrator function. | |||||
| CVE-2024-3174 | 1 Google | 1 Chrome | 2025-03-20 | N/A | 8.8 HIGH |
| Inappropriate implementation in V8 in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2024-40804 | 1 Apple | 1 Macos | 2025-03-20 | N/A | 5.5 MEDIUM |
| The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6. A malicious application may be able to access private information. | |||||
| CVE-2024-44181 | 1 Apple | 1 Macos | 2025-03-20 | N/A | 5.5 MEDIUM |
| An issue was addressed with improved handling of temporary files. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to read sensitive location information. | |||||
| CVE-2024-44139 | 1 Apple | 2 Ipad Os, Iphone Os | 2025-03-20 | N/A | 2.4 LOW |
| The issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18. An attacker with physical access may be able to access contacts from the lock screen. | |||||
| CVE-2024-40843 | 1 Apple | 1 Macos | 2025-03-20 | N/A | 5.5 MEDIUM |
| The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15. An app may be able to modify protected parts of the file system. | |||||
| CVE-2023-52340 | 1 Linux | 1 Linux Kernel | 2025-03-20 | N/A | 7.5 HIGH |
| The IPv6 implementation in the Linux kernel before 6.3 has a net/ipv6/route.c max_size threshold that can be consumed easily, e.g., leading to a denial of service (network is unreachable errors) when IPv6 packets are sent in a loop via a raw socket. | |||||
| CVE-2024-26787 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-03-20 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: mmc: mmci: stm32: fix DMA API overlapping mappings warning Turning on CONFIG_DMA_API_DEBUG_SG results in the following warning: DMA-API: mmci-pl18x 48220000.mmc: cacheline tracking EEXIST, overlapping mappings aren't supported WARNING: CPU: 1 PID: 51 at kernel/dma/debug.c:568 add_dma_entry+0x234/0x2f4 Modules linked in: CPU: 1 PID: 51 Comm: kworker/1:2 Not tainted 6.1.28 #1 Hardware name: STMicroelectronics STM32MP257F-EV1 Evaluation Board (DT) Workqueue: events_freezable mmc_rescan Call trace: add_dma_entry+0x234/0x2f4 debug_dma_map_sg+0x198/0x350 __dma_map_sg_attrs+0xa0/0x110 dma_map_sg_attrs+0x10/0x2c sdmmc_idma_prep_data+0x80/0xc0 mmci_prep_data+0x38/0x84 mmci_start_data+0x108/0x2dc mmci_request+0xe4/0x190 __mmc_start_request+0x68/0x140 mmc_start_request+0x94/0xc0 mmc_wait_for_req+0x70/0x100 mmc_send_tuning+0x108/0x1ac sdmmc_execute_tuning+0x14c/0x210 mmc_execute_tuning+0x48/0xec mmc_sd_init_uhs_card.part.0+0x208/0x464 mmc_sd_init_card+0x318/0x89c mmc_attach_sd+0xe4/0x180 mmc_rescan+0x244/0x320 DMA API debug brings to light leaking dma-mappings as dma_map_sg and dma_unmap_sg are not correctly balanced. If an error occurs in mmci_cmd_irq function, only mmci_dma_error function is called and as this API is not managed on stm32 variant, dma_unmap_sg is never called in this error path. | |||||
| CVE-2024-5691 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2025-03-19 | N/A | 4.7 MEDIUM |
| By tricking the browser with a `X-Frame-Options` header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12. | |||||
| CVE-2023-50780 | 1 Apache | 1 Activemq Artemis | 2025-03-19 | N/A | 8.8 HIGH |
| Apache ActiveMQ Artemis allows access to diagnostic information and controls through MBeans, which are also exposed through the authenticated Jolokia endpoint. Before version 2.29.0, this also included the Log4J2 MBean. This MBean is not meant for exposure to non-administrative users. This could eventually allow an authenticated attacker to write arbitrary files to the filesystem and indirectly achieve RCE. Users are recommended to upgrade to version 2.29.0 or later, which fixes the issue. | |||||
| CVE-2023-28452 | 1 Coredns.io | 1 Coredns | 2025-03-19 | N/A | 7.5 HIGH |
| An issue was discovered in CoreDNS through 1.10.1. There is a vulnerability in DNS resolving software, which triggers a resolver to ignore valid responses, thus causing denial of service for normal resolution. In an exploit, the attacker could just forge a response targeting the source port of a vulnerable resolver without the need to guess the correct TXID. | |||||
| CVE-2023-42957 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-03-19 | N/A | 3.3 LOW |
| A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10. An app may be able to read sensitive location information. | |||||