Total
35574 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-20584 | 2 Amd, Redhat | 135 Epyc 7203, Epyc 7203 Firmware, Epyc 7203p and 132 more | 2024-12-12 | 5.3 Medium |
| IOMMU improperly handles certain special address ranges with invalid device table entries (DTEs), which may allow an attacker with privileges and a compromised Hypervisor to induce DTE faults to bypass RMP checks in SEV-SNP, potentially leading to a loss of guest integrity. | ||||
| CVE-2023-20510 | 1 Amd | 32 Radeon Pro W6300, Radeon Pro W6400, Radeon Pro W6600 and 29 more | 2024-12-12 | 4.7 Medium |
| An insufficient DRAM address validation in PMFW may allow a privileged attacker to read from an invalid DRAM address to SRAM, potentially resulting in data corruption or denial of service. | ||||
| CVE-2024-54117 | 1 Huawei | 1 Harmonyos | 2024-12-12 | 6.2 Medium |
| Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2024-54111 | 1 Huawei | 1 Harmonyos | 2024-12-12 | 5.7 Medium |
| Read/Write vulnerability in the image decoding module Impact: Successful exploitation of this vulnerability will affect availability. | ||||
| CVE-2024-54104 | 1 Huawei | 1 Harmonyos | 2024-12-12 | 6.2 Medium |
| Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2023-3441 | 1 Gitlab | 1 Gitlab | 2024-12-12 | 6.6 Medium |
| An issue has been discovered in GitLab EE/CE affecting all versions starting from 8.0 before 16.4. The product did not sufficiently warn about security implications of granting merge rights to protected branches. | ||||
| CVE-2024-5005 | 1 Gitlab | 1 Gitlab | 2024-12-12 | 4.3 Medium |
| An issue has been discovered discovered in GitLab EE/CE affecting all versions starting from 11.4 before 17.2.9, all versions starting from 17.3 before 17.3.5, all versions starting from 17.4 before 17.4.2 It was possible for guest users to disclose project templates using the API. | ||||
| CVE-2023-29711 | 1 Interlink | 2 Psg-5124, Psg-5124 Firmware | 2024-12-12 | 9.8 Critical |
| An incorrect access control issue was discovered in Interlink PSG-5124 version 1.0.4, allows attackers to execute arbitrary code via crafted GET request. | ||||
| CVE-2024-32049 | 1 F5 | 1 Big-ip Next Central Manager | 2024-12-12 | 7.4 High |
| BIG-IP Next Central Manager (CM) may allow an unauthenticated, remote attacker to obtain the BIG-IP Next LTM/WAF instance credentials. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2024-43052 | 1 Qualcomm | 185 205 Mobile Platform, 205 Mobile Platform Firmware, 215 Mobile Platform and 182 more | 2024-12-12 | 7.8 High |
| Memory corruption while processing API calls to NPU with invalid input. | ||||
| CVE-2023-32438 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2024-12-12 | 5.5 Medium |
| This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in tvOS 16.3, macOS Ventura 13.2, watchOS 9.3, iOS 16.3 and iPadOS 16.3. An app may be able to bypass Privacy preferences. | ||||
| CVE-2023-38136 | 1 Apple | 3 Ipados, Iphone Os, Watchos | 2024-12-12 | 7.8 High |
| The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16.6, watchOS 9.6. An app may be able to execute arbitrary code with kernel privileges. | ||||
| CVE-2023-38261 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2024-12-12 | 7.8 High |
| The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges. | ||||
| CVE-2023-28208 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2024-12-12 | 4.3 Medium |
| A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. A user may send a text from a secondary eSIM despite configuring a contact to use a primary eSIM. | ||||
| CVE-2024-12355 | 1 Razormist | 1 Phone Contact Manager System | 2024-12-12 | 3.3 Low |
| A vulnerability has been found in SourceCodester Phone Contact Manager System 1.0 and classified as problematic. Affected by this vulnerability is the function ContactBook::adding of the file ContactBook.cpp. The manipulation leads to improper input validation. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-12353 | 1 Razormist | 1 Phone Contact Manager System | 2024-12-12 | 3.3 Low |
| A vulnerability, which was classified as problematic, has been found in SourceCodester Phone Contact Manager System 1.0. This issue affects the function UserInterface::MenuDisplayStart of the component User Menu. The manipulation of the argument name leads to improper input validation. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-35846 | 1 Virtualsquare | 1 Picotcp | 2024-12-12 | 7.5 High |
| VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not check the transport layer length in a frame before performing port filtering. | ||||
| CVE-2023-34642 | 1 Kioware | 1 Kioware | 2024-12-12 | 7.8 High |
| KioWare for Windows through v8.33 was discovered to contain an incomplete blacklist filter for blocked dialog boxes on Windows 10. This issue can allow attackers to open a file dialog box via the function showDirectoryPicker() which can then be used to open an unprivileged command prompt. | ||||
| CVE-2023-34641 | 1 Kioware | 1 Kioware | 2024-12-12 | 7.8 High |
| KioWare for Windows through v8.33 was discovered to contain an incomplete blacklist filter for blocked dialog boxes on Windows 10. This issue can allow attackers to open a file dialog box via the function window.print() which can then be used to open an unprivileged command prompt. | ||||
| CVE-2023-34162 | 1 Huawei | 1 Emui | 2024-12-12 | 7.5 High |
| Version update determination vulnerability in the user profile module.Successful exploitation of this vulnerability may cause repeated HMS Core updates and cause services to fail. | ||||