Total
12087 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-52616 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-03-10 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: crypto: lib/mpi - Fix unexpected pointer access in mpi_ec_init When the mpi_ec_ctx structure is initialized, some fields are not cleared, causing a crash when referencing the field when the structure was released. Initially, this issue was ignored because memory for mpi_ec_ctx is allocated with the __GFP_ZERO flag. For example, this error will be triggered when calculating the Za value for SM2 separately. | ||||
| CVE-2025-27253 | 2025-03-10 | 6.1 Medium | ||
| An improper input validation in GE Vernova UR IED family devices from version 7.0 up to 8.60 allows an attacker to provide input that enstablishes a TCP connection through a port forwarding. The lack of the IP address and port validation may allow the attacker to bypass firewall rules or to send malicious traffic in the network | ||||
| CVE-2023-27373 | 1 Insyde | 1 Insydeh2o | 2025-03-07 | 5.5 Medium |
| An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. Due to insufficient input validation, an attacker can tamper with a runtime-accessible EFI variable to cause a dynamic BAR setting to overlap SMRAM. | ||||
| CVE-2022-3294 | 2 Kubernetes, Redhat | 2 Kubernetes, Openshift | 2025-03-07 | 6.6 Medium |
| Users may have access to secure endpoints in the control plane network. Kubernetes clusters are only affected if an untrusted user can modify Node objects and send proxy requests to them. Kubernetes supports node proxying, which allows clients of kube-apiserver to access endpoints of a Kubelet to establish connections to Pods, retrieve container logs, and more. While Kubernetes already validates the proxying address for Nodes, a bug in kube-apiserver made it possible to bypass this validation. Bypassing this validation could allow authenticated requests destined for Nodes to to the API server's private network. | ||||
| CVE-2021-36402 | 1 Moodle | 1 Moodle | 2025-03-07 | 5.3 Medium |
| In Moodle, Users' names required additional sanitizing in the account confirmation email, to prevent a self-registration phishing risk. | ||||
| CVE-2009-0927 | 2 Adobe, Redhat | 2 Acrobat Reader, Rhel Extras | 2025-03-07 | 8.8 High |
| Stack-based buffer overflow in Adobe Reader and Adobe Acrobat 9 before 9.1, 8 before 8.1.3 , and 7 before 7.1.1 allows remote attackers to execute arbitrary code via a crafted argument to the getIcon method of a Collab object, a different vulnerability than CVE-2009-0658. | ||||
| CVE-2024-53031 | 1 Qualcomm | 52 Qam8255p, Qam8255p Firmware, Qam8295p and 49 more | 2025-03-07 | 7.8 High |
| Memory corruption while reading a type value from a buffer controlled by the Guest Virtual Machine. | ||||
| CVE-2024-53030 | 1 Qualcomm | 88 Msm8996au, Msm8996au Firmware, Qam8255p and 85 more | 2025-03-07 | 7.8 High |
| Memory corruption while processing input message passed from FE driver. | ||||
| CVE-2025-2043 | 2025-03-06 | 4.7 Medium | ||
| A vulnerability was found in LinZhaoguan pb-cms 1.0.0 and classified as critical. This issue affects some unknown processing of the file /admin#themes of the component Add New Topic Handler. The manipulation of the argument Topic Key leads to deserialization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2022-3075 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-03-06 | 9.6 Critical |
| Insufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | ||||
| CVE-2020-5002 | 1 Ibm | 1 Financial Transaction Manager | 2025-03-06 | 4.3 Medium |
| IBM Financial Transaction Manager 3.2.0 through 3.2.10 could allow an authenticated user to perform unauthorized actions due to improper validation. IBM X-Force ID: 192954. | ||||
| CVE-2023-20644 | 2 Google, Mediatek | 33 Android, Mt6580, Mt6739 and 30 more | 2025-03-06 | 4.4 Medium |
| In ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628603; Issue ID: ALPS07628603. | ||||
| CVE-2023-20643 | 2 Google, Mediatek | 26 Android, Mt6739, Mt6761 and 23 more | 2025-03-06 | 6.7 Medium |
| In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628584; Issue ID: ALPS07628584. | ||||
| CVE-2023-20642 | 2 Google, Mediatek | 14 Android, Mt6879, Mt6895 and 11 more | 2025-03-06 | 6.7 Medium |
| In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628586; Issue ID: ALPS07628586. | ||||
| CVE-2023-20641 | 2 Google, Mediatek | 7 Android, Mt6879, Mt6895 and 4 more | 2025-03-06 | 6.7 Medium |
| In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629574; Issue ID: ALPS07629574. | ||||
| CVE-2023-20640 | 2 Google, Mediatek | 7 Android, Mt6879, Mt6895 and 4 more | 2025-03-06 | 6.7 Medium |
| In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629573; Issue ID: ALPS07629573. | ||||
| CVE-2023-20639 | 2 Google, Mediatek | 14 Android, Mt6879, Mt6895 and 11 more | 2025-03-06 | 6.7 Medium |
| In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628587; Issue ID: ALPS07628587. | ||||
| CVE-2023-20638 | 2 Google, Mediatek | 38 Android, Mt6739, Mt6753 and 35 more | 2025-03-06 | 6.7 Medium |
| In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628537; Issue ID: ALPS07628537. | ||||
| CVE-2023-20637 | 2 Google, Mediatek | 14 Android, Mt6879, Mt6895 and 11 more | 2025-03-06 | 6.7 Medium |
| In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628588; Issue ID: ALPS07628588. | ||||
| CVE-2023-20636 | 2 Google, Mediatek | 5 Android, Mt6895, Mt6985 and 2 more | 2025-03-06 | 6.7 Medium |
| In display drm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07292593; Issue ID: ALPS07292593. | ||||