Total
183 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-48298 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-25 | N/A | 7.5 HIGH |
| The geofencing kernel code does not verify the length of the input data. Successful exploitation of this vulnerability may cause out-of-bounds memory access. | |||||
| CVE-2022-48297 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-25 | N/A | 7.5 HIGH |
| The geofencing kernel code has a vulnerability of not verifying the length of the input data. Successful exploitation of this vulnerability may cause out-of-bounds memory access. | |||||
| CVE-2022-3411 | 1 Gitlab | 1 Gitlab | 2025-03-21 | N/A | 6.5 MEDIUM |
| A lack of length validation in GitLab CE/EE affecting all versions from 12.4 before 15.6.7, 15.7 before 15.7.6, and 15.8 before 15.8.1 allows an authenticated attacker to create a large Issue description via GraphQL which, when repeatedly requested, saturates CPU usage. | |||||
| CVE-2024-27362 | 1 Samsung | 10 Exynos 1280, Exynos 1280 Firmware, Exynos 1330 and 7 more | 2025-03-20 | N/A | 4.4 MEDIUM |
| A vulnerability was discovered in Samsung Mobile Processors Exynos 1280, Exynos 2200, Exynos 1330, Exynos 1380, and Exynos 2400 where they do not properly check the length of the data, which can lead to a Information disclosure. | |||||
| CVE-2022-20699 | 1 Cisco | 8 Rv340, Rv340 Firmware, Rv340w and 5 more | 2025-03-13 | 10.0 HIGH | 10.0 CRITICAL |
| Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2024-8000 | 2025-03-04 | N/A | 5.3 MEDIUM | ||
| On affected platforms running Arista EOS with 802.1X configured, certain conditions may occur where a dynamic ACL is received from the AAA server resulting in only the first line of the ACL being installed after an Accelerated Software Upgrade (ASU) restart. Note: supplicants with pending captive-portal authentication during ASU would be impacted with this bug. | |||||
| CVE-2023-34188 | 1 Cesanta | 1 Mongoose | 2025-02-28 | N/A | 7.5 HIGH |
| The HTTP server in Mongoose before 7.10 accepts requests containing negative Content-Length headers. By sending a single attack payload over TCP, an attacker can cause an infinite loop in which the server continuously reparses that payload, and does not respond to any other requests. | |||||
| CVE-2024-53879 | 2025-02-25 | N/A | 2.8 LOW | ||
| NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in the cuobjdump binary, where a user could cause a crash by passing a malformed ELF file to cuobjdump. A successful exploit of this vulnerability might lead to a partial denial of service. | |||||
| CVE-2024-53878 | 2025-02-25 | N/A | 2.8 LOW | ||
| NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in the cuobjdump binary, where a user could cause a crash by passing a malformed ELF file to cuobjdump. A successful exploit of this vulnerability might lead to a partial denial of service. | |||||
| CVE-2024-7316 | 2025-02-21 | N/A | 5.9 MEDIUM | ||
| Improper Validation of Specified Quantity in Input vulnerability in Mitsubishi Electric CNC Series allows a remote unauthenticated attacker to cause Denial of Service (DoS) condition on the product by sending specially crafted packets to TCP port 683, causing an emergency stop. | |||||
| CVE-2023-20508 | 2025-02-12 | N/A | 5.0 MEDIUM | ||
| Improper access control in the ASP could allow a privileged attacker to perform an out-of-bounds write to a memory location not controlled by the attacker, potentially leading to loss of confidentiality, integrity, or availability. | |||||
| CVE-2023-31331 | 2025-02-11 | N/A | 3.0 LOW | ||
| Improper access control in the DRTM firmware could allow a privileged attacker to perform multiple driver initializations, resulting in stack memory corruption that could potentially lead to loss of integrity or availability. | |||||
| CVE-2023-20582 | 2025-02-11 | N/A | 5.3 MEDIUM | ||
| Improper handling of invalid nested page table entries in the IOMMU may allow a privileged attacker to induce page table entry (PTE) faults to bypass RMP checks in SEV-SNP, potentially leading to a loss of guest memory integrity. | |||||
| CVE-2023-20581 | 2025-02-11 | N/A | 2.5 LOW | ||
| Improper access control in the IOMMU may allow a privileged attacker to bypass RMP checks, potentially leading to a loss of guest memory integrity. | |||||
| CVE-2023-20515 | 2025-02-11 | N/A | 5.7 MEDIUM | ||
| Improper access control in the fTPM driver in the trusted OS could allow a privileged attacker to corrupt system memory, potentially leading to loss of integrity, confidentiality, or availability. | |||||
| CVE-2025-24100 | 1 Apple | 1 Macos | 2025-02-05 | N/A | 3.3 LOW |
| A logic issue was addressed with improved restrictions. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to access information about a user's contacts. | |||||
| CVE-2023-30269 | 1 Cltphp | 1 Cltphp | 2025-02-03 | N/A | 8.1 HIGH |
| CLTPHP <=6.0 is vulnerable to Improper Input Validation via application/admin/controller/Template.php. | |||||
| CVE-2023-21111 | 1 Google | 1 Android | 2025-01-31 | N/A | 5.5 MEDIUM |
| In several functions of PhoneAccountRegistrar.java, there is a possible way to prevent an access to emergency services due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-256819769 | |||||
| CVE-2022-26047 | 1 Intel | 352 Converged Security And Manageability Engine, Core I3-1000g1 Firmware, Core I3-1000g4 Firmware and 349 more | 2025-01-29 | N/A | 4.3 MEDIUM |
| Improper input validation for some Intel(R) PROSet/Wireless WiFi, Intel vPro(R) CSME WiFi and Killer(TM) WiFi products may allow unauthenticated user to potentially enable denial of service via local access. | |||||
| CVE-2023-27961 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-01-29 | N/A | 5.5 MEDIUM |
| Multiple validation issues were addressed with improved input sanitization. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, watchOS 9.4, macOS Big Sur 11.7.5. Importing a maliciously crafted calendar invitation may exfiltrate user information. | |||||