Total
35577 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-21176 | 1 Oracle | 1 Mysql Server | 2025-03-25 | 5.3 Medium |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling). Supported versions that are affected are 8.4.0 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H). | ||||
| CVE-2024-8033 | 2 Google, Microsoft | 2 Chrome, Windows | 2025-03-25 | 4.3 Medium |
| Inappropriate implementation in WebApp Installs in Google Chrome on Windows prior to 128.0.6613.84 allowed an attacker who convinced a user to install a malicious application to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2024-20990 | 1 Oracle | 2 Applications Technology Stack, E-business Suite Technology Stack | 2025-03-25 | 5.3 Medium |
| Vulnerability in the Oracle Applications Technology product of Oracle E-Business Suite (component: Templates). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Technology. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Applications Technology accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). | ||||
| CVE-2022-45192 | 1 Microchip | 2 Rn4870, Rn4870 Firmware | 2025-03-25 | 6.5 Medium |
| An issue was discovered on Microchip RN4870 1.43 devices. An attacker within BLE radio range can cause a denial of service by sending a cleartext encryption pause request. | ||||
| CVE-2022-40480 | 2 Microchip, Nordicsemi | 4 Dt100112, Dt100112 Firmware, Nrf5340-dk and 1 more | 2025-03-25 | 6.5 Medium |
| Nordic Semiconductor, Microchip Technology NRF5340-DK DT100112 was discovered to contain an issue which allows attackers to cause a Denial of Service (DoS) via a crafted ConReq packet. | ||||
| CVE-2022-3229 | 2 Microsoft, Unifiedremote | 2 Windows, Unified Remote | 2025-03-25 | 9.8 Critical |
| Because the web management interface for Unified Intents' Unified Remote solution does not itself require authentication, a remote, unauthenticated attacker can change or disable authentication requirements for the Unified Remote protocol, and leverage this now-unauthenticated access to run code of the attacker's choosing. | ||||
| CVE-2024-32167 | 1 Oretnom23 | 1 Online Medicine Ordering System | 2025-03-25 | 9.1 Critical |
| Sourcecodester Online Medicine Ordering System 1.0 is vulnerable to Arbitrary file deletion vulnerability as the backend settings have the function of deleting pictures to delete any files. | ||||
| CVE-2024-34737 | 1 Google | 1 Android | 2025-03-25 | 7.7 High |
| In ensureSetPipAspectRatioQuotaTracker of ActivityClientController.java, there is a possible way to generate unmovable and undeletable pip windows due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-21115 | 1 Oracle | 1 Vm Virtualbox | 2025-03-25 | 8.8 High |
| Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). | ||||
| CVE-2024-45653 | 1 Ibm | 1 Sterling Connect Direct Web Services | 2025-03-25 | 4.3 Medium |
| IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could disclose sensitive IP address information to authenticated users in responses that could be used in further attacks against the system. | ||||
| CVE-2021-39016 | 3 Ibm, Linux, Microsoft | 4 Engineering Lifecycle Optimization - Publishing, Engineering Lifecycle Optimization Publishing, Linux Kernel and 1 more | 2025-03-25 | 4.3 Medium |
| IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 does not sufficiently monitor or control transmitted network traffic volume, so that an actor can cause the software to transmit more traffic than should be allowed for that actor. IBM X-Force ID: 213722. | ||||
| CVE-2023-0751 | 1 Freebsd | 1 Freebsd | 2025-03-25 | 6.5 Medium |
| When GELI reads a key file from standard input, it does not reuse the key file to initialize multiple providers at once resulting in the second and subsequent devices silently using a NULL key as the user key file. If a user only uses a key file without a user passphrase, the master key is encrypted with an empty key file allowing trivial recovery of the master key. | ||||
| CVE-2022-48286 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-25 | 7.5 High |
| The multi-screen collaboration module has a privilege escalation vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. | ||||
| CVE-2022-30564 | 1 Dahuasecurity | 194 Ipc-hf5241f-ze, Ipc-hf5241f-ze Firmware, Ipc-hf5442f-ze and 191 more | 2025-03-25 | 5.3 Medium |
| Some Dahua embedded products have a vulnerability of unauthorized modification of the device timestamp. By sending a specially crafted packet to the vulnerable interface, an attacker can modify the device system time. | ||||
| CVE-2023-25396 | 1 Caphyon | 1 Advanced Installer | 2025-03-25 | 7.8 High |
| Privilege escalation in the MSI repair functionality in Caphyon Advanced Installer 20.0 and below allows attackers to access and manipulate system files. | ||||
| CVE-2022-42436 | 4 Ibm, Linux, Microsoft and 1 more | 7 Aix, I, Linux On Ibm Z and 4 more | 2025-03-25 | 4 Medium |
| IBM MQ 8.0.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0 Managed File Transfer could allow a local user to obtain sensitive information from diagnostic files. IBM X-Force ID: 238206. | ||||
| CVE-2023-28207 | 1 Apple | 1 Macos | 2025-03-25 | 5.5 Medium |
| The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. A plug-in may be able to inherit app permissions and access user data. | ||||
| CVE-2024-42398 | 2 Arubanetworks, Hp | 3 Arubaos, Instant, Instantos | 2025-03-24 | 5.3 Medium |
| Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point. | ||||
| CVE-2022-48290 | 1 Huawei | 1 Harmonyos | 2025-03-24 | 9.1 Critical |
| The phone-PC collaboration module has a logic bypass vulnerability. Successful exploitation of this vulnerability may affect data confidentiality and integrity. | ||||
| CVE-2022-48287 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-24 | 7.5 High |
| The HwContacts module has a logic bypass vulnerability. Successful exploitation of this vulnerability may affect data integrity. | ||||