Total
35577 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-21261 | 1 Oracle | 1 Application Express | 2025-02-10 | 4.9 Medium |
| Vulnerability in Oracle Application Express (component: General). Supported versions that are affected are 23.2 and 24.1. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Application Express. While the vulnerability is in Oracle Application Express, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express accessible data as well as unauthorized read access to a subset of Oracle Application Express accessible data. CVSS 3.1 Base Score 4.9 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N). | ||||
| CVE-2024-21286 | 1 Oracle | 2 Peoplesoft Enterprise, Peoplesoft Enterprise Elm Enterprise Learning Management | 2025-02-10 | 5.4 Medium |
| Vulnerability in the PeopleSoft Enterprise ELM Enterprise Learning Management product of Oracle PeopleSoft (component: Enterprise Learning Management). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise ELM Enterprise Learning Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise ELM Enterprise Learning Management, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise ELM Enterprise Learning Management accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise ELM Enterprise Learning Management accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). | ||||
| CVE-2024-20881 | 1 Samsung | 1 Android | 2025-02-10 | 6.4 Medium |
| Improper input validation vulnerability in chnactiv TA prior to SMR Jun-2024 Release 1 allows local privileged attackers lead to potential arbitrary code execution. | ||||
| CVE-2024-20879 | 1 Samsung | 1 Android | 2025-02-10 | 4 Medium |
| Improper input validation vulnerability in libsavscmn.so prior to SMR Jun-2024 Release 1 allows local attackers to write out-of-bounds memory. | ||||
| CVE-2023-27645 | 1 Powerampapp | 1 Poweramp | 2025-02-10 | 9.8 Critical |
| An issue found in POWERAMP audioplayer build 925 bundle play and build 954 allows a remote attacker to gain privileges via the reverb and EQ preset parameters. | ||||
| CVE-2022-3375 | 1 Gitlab | 1 Gitlab | 2025-02-10 | 3.1 Low |
| An issue has been discovered in GitLab affecting all versions starting from 11.10 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. It was possible to disclose the branch names when attacker has a fork of a project that was switched to private. | ||||
| CVE-2024-20835 | 1 Samsung | 1 Android | 2025-02-10 | 4 Medium |
| Improper access control vulnerability in CustomFrequencyManagerService prior to SMR Mar-2024 Release 1 allows local attackers to execute privileged behaviors. | ||||
| CVE-2024-20834 | 1 Samsung | 1 Android | 2025-02-10 | 3.3 Low |
| The sensitive information exposure vulnerability in WlanTest prior to SMR Mar-2024 Release 1 allows local attackers to access MAC address without proper permission. | ||||
| CVE-2024-20875 | 1 Samsung | 1 Android | 2025-02-10 | 4 Medium |
| Improper caller verification vulnerability in SemClipboard prior to SMR June-2024 Release 1 allows local attackers to access arbitrary files. | ||||
| CVE-2024-20876 | 1 Samsung | 1 Android | 2025-02-10 | 6.1 Medium |
| Improper input validation in libsheifdecadapter.so prior to SMR Jun-2024 Release 1 allows local attackers to lead to memory corruption. | ||||
| CVE-2024-20874 | 1 Samsung | 1 Android | 2025-02-10 | 7.9 High |
| Improper access control vulnerability in SmartManagerCN prior to SMR Jun-2024 Release 1 allows local attackers to launch privileged activities. | ||||
| CVE-2024-20866 | 1 Samsung | 1 Android | 2025-02-10 | 5.7 Medium |
| Authentication bypass vulnerability in Setupwizard prior to SMR May-2024 Release 1 allows physical attackers to skip activation step. | ||||
| CVE-2024-20865 | 1 Samsung | 1 Android | 2025-02-10 | 6.6 Medium |
| Authentication bypass in bootloader prior to SMR May-2024 Release 1 allows physical attackers to flash arbitrary images. | ||||
| CVE-2023-27496 | 2 Envoyproxy, Redhat | 2 Envoy, Service Mesh | 2025-02-10 | 6.5 Medium |
| Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, the OAuth filter assumes that a `state` query param is present on any response that looks like an OAuth redirect response. Sending it a request with the URI path equivalent to the redirect path, without the `state` parameter, will lead to abnormal termination of Envoy process. Versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9 contain a patch. The issue can also be mitigated by locking down OAuth traffic, disabling the filter, or by filtering traffic before it reaches the OAuth filter (e.g. via a lua script). | ||||
| CVE-2024-20859 | 1 Samsung | 1 Android | 2025-02-10 | 5.5 Medium |
| Improper access control vulnerability in FactoryCamera prior to SMR May-2024 Release 1 allows local attackers to take pictures without privilege. | ||||
| CVE-2023-28368 | 1 Tp-link | 2 T2600g-28sq, T2600g-28sq Firmware | 2025-02-10 | 5.7 Medium |
| TP-Link L2 switch T2600G-28SQ firmware versions prior to 'T2600G-28SQ(UN)_V1_1.0.6 Build 20230227' uses vulnerable SSH host keys. A fake device may be prepared to spoof the affected device with the vulnerable host key.If the administrator may be tricked to login to the fake device, the credential information for the affected device may be obtained. | ||||
| CVE-2023-1787 | 1 Gitlab | 1 Gitlab | 2025-02-10 | 4.3 Medium |
| An issue has been discovered in GitLab affecting all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. A search timeout could be triggered if a specific HTML payload was used in the issue description. | ||||
| CVE-2023-1733 | 1 Gitlab | 1 Gitlab | 2025-02-10 | 5.8 Medium |
| A denial of service condition exists in the Prometheus server bundled with GitLab affecting all versions from 11.10 to 15.8.5, 15.9 to 15.9.4 and 15.10 to 15.10.1. | ||||
| CVE-2023-1710 | 1 Gitlab | 1 Gitlab | 2025-02-10 | 5.3 Medium |
| A sensitive information disclosure vulnerability in GitLab affecting all versions from 15.0 prior to 15.8.5, 15.9 prior to 15.9.4 and 15.10 prior to 15.10.1 allows an attacker to view the count of internal notes for a given issue. | ||||
| CVE-2023-1098 | 1 Gitlab | 1 Gitlab | 2025-02-10 | 5.8 Medium |
| An information disclosure vulnerability has been discovered in GitLab EE/CE affecting all versions starting from 11.5 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1 will allow an admin to leak password from repository mirror configuration. | ||||