Total
11158 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-1026 | 2025-02-05 | N/A | 8.6 HIGH | ||
| Versions of the package spatie/browsershot before 5.0.5 are vulnerable to Improper Input Validation due to improper URL validation through the setUrl method, which results in a Local File Inclusion allowing the attacker to read sensitive files. **Note:** This is a bypass of the fix for [CVE-2024-21549](https://security.snyk.io/vuln/SNYK-PHP-SPATIEBROWSERSHOT-8533023). | |||||
| CVE-2024-36482 | 1 Intel | 1 Computing Improvement Program | 2025-02-04 | N/A | 8.2 HIGH |
| Improper input validation in some Intel(R) CIP software before version 2.4.10852 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-50386 | 1 Apache | 1 Cloudstack | 2025-02-04 | N/A | 8.5 HIGH |
| Account users in Apache CloudStack by default are allowed to register templates to be downloaded directly to the primary storage for deploying instances. Due to missing validation checks for KVM-compatible templates in CloudStack 4.0.0 through 4.18.2.4 and 4.19.0.0 through 4.19.1.2, an attacker that can register templates, can use them to deploy malicious instances on KVM-based environments and exploit this to gain access to the host filesystems that could result in the compromise of resource integrity and confidentiality, data loss, denial of service, and availability of KVM-based infrastructure managed by CloudStack. Users are recommended to upgrade to Apache CloudStack 4.18.2.5 or 4.19.1.3, or later, which addresses this issue. Additionally, all user-registered KVM-compatible templates can be scanned and checked that they are flat files that should not be using any additional or unnecessary features. For example, operators can run the following command on their file-based primary storage(s) and inspect the output. An empty output for the disk being validated means it has no references to the host filesystems; on the other hand, if the output for the disk being validated is not empty, it might indicate a compromised disk. However, bear in mind that (i) volumes created from templates will have references for the templates at first and (ii) volumes can be consolidated while migrating, losing their references to the templates. Therefore, the command execution for the primary storages can show both false positives and false negatives. for file in $(find /path/to/storage/ -type f -regex [a-f0-9\-]*.*); do echo "Retrieving file [$file] info. If the output is not empty, that might indicate a compromised disk; check it carefully."; qemu-img info -U $file | grep file: ; printf "\n\n"; done For checking the whole template/volume features of each disk, operators can run the following command: for file in $(find /path/to/storage/ -type f -regex [a-f0-9\-]*.*); do echo "Retrieving file [$file] info."; qemu-img info -U $file; printf "\n\n"; done | |||||
| CVE-2024-45761 | 3 Dell, Linux, Microsoft | 3 Openmanage Server Administrator, Linux Kernel, Windows | 2025-02-04 | N/A | 5.4 MEDIUM |
| Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, contains an improper input validation vulnerability. A remote low-privileged malicious user could potentially exploit this vulnerability to load any web plugins or Java class leading to the possibility of altering the behavior of certain apps/OS or Denial of Service. | |||||
| CVE-2024-25942 | 1 Dell | 50 Nx3230, Nx3230 Firmware, Nx3330 and 47 more | 2025-02-04 | N/A | 4.4 MEDIUM |
| Dell PowerEdge Server BIOS contains an Improper SMM communication buffer verification vulnerability. A physical high privileged attacker could potentially exploit this vulnerability leading to arbitrary writes to SMRAM. | |||||
| CVE-2024-0161 | 1 Dell | 172 Dss 8440, Dss 8440 Firmware, Emc Storage Nx3240 and 169 more | 2025-02-04 | N/A | 7.2 HIGH |
| Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A local low privileged attacker could potentially exploit this vulnerability leading to arbitrary writes to SMRAM. | |||||
| CVE-2024-21549 | 2025-02-04 | N/A | 8.6 HIGH | ||
| Versions of the package spatie/browsershot before 5.0.3 are vulnerable to Improper Input Validation due to improper URL validation through the setUrl method. An attacker can exploit this vulnerability by utilizing view-source:file://, which allows for arbitrary file reading on a local file. **Note:** This is a bypass of the fix for [CVE-2024-21544](https://security.snyk.io/vuln/SNYK-PHP-SPATIEBROWSERSHOT-8496745). | |||||
| CVE-2023-29780 | 1 3reality | 2 3rsb015bz, 3rsb015bz Firmware | 2025-02-04 | N/A | 7.5 HIGH |
| Third Reality Smart Blind 1.00.54 contains a denial-of-service vulnerability, which allows a remote attacker to send malicious Zigbee messages to a vulnerable device and cause crashes. | |||||
| CVE-2024-47238 | 1 Dell | 16 Edge Gateway 3000, Edge Gateway 3000 Firmware, Edge Gateway 3001 and 13 more | 2025-02-04 | N/A | 7.5 HIGH |
| Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code execution. | |||||
| CVE-2024-21544 | 2025-02-04 | N/A | 8.6 HIGH | ||
| Versions of the package spatie/browsershot before 5.0.1 are vulnerable to Improper Input Validation due to improper URL validation through the setUrl method. An attacker can exploit this vulnerability by using leading whitespace (%20) before the file:// protocol, resulting in Local File Inclusion, which allows the attacker to read sensitive files on the server. | |||||
| CVE-2024-4785 | 1 Zephyrproject | 1 Zephyr | 2025-02-03 | N/A | 7.6 HIGH |
| BT: Missing Check in LL_CONNECTION_UPDATE_IND Packet Leads to Division by Zero | |||||
| CVE-2022-25273 | 1 Drupal | 1 Drupal | 2025-02-03 | N/A | 7.5 HIGH |
| Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter critical or sensitive data. | |||||
| CVE-2024-8798 | 1 Zephyrproject | 1 Zephyr | 2025-02-03 | N/A | 7.5 HIGH |
| No proper validation of the length of user input in olcp_ind_handler in zephyr/subsys/bluetooth/services/ots/ots_client.c. | |||||
| CVE-2023-30269 | 1 Cltphp | 1 Cltphp | 2025-02-03 | N/A | 8.1 HIGH |
| CLTPHP <=6.0 is vulnerable to Improper Input Validation via application/admin/controller/Template.php. | |||||
| CVE-2025-0974 | 2025-02-03 | 4.6 MEDIUM | 5.0 MEDIUM | ||
| A vulnerability, which was classified as critical, has been found in MaxD Lightning Module 4.43 on OpenCart. This issue affects some unknown processing. The manipulation of the argument li_op/md leads to deserialization. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-25046 | 1 Ibm | 1 Db2 | 2025-01-31 | N/A | 5.3 MEDIUM |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to a denial of service by an authenticated user using a specially crafted query. IBM X-Force ID: 282953. | |||||
| CVE-2024-22360 | 1 Ibm | 1 Db2 | 2025-01-31 | N/A | 5.3 MEDIUM |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to a denial of service with a specially crafted query on certain columnar tables. IBM X-Force ID: 280905. | |||||
| CVE-2023-52296 | 1 Ibm | 1 Db2 | 2025-01-31 | N/A | 5.3 MEDIUM |
| IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to denial of service when querying a specific UDF built-in function concurrently. IBM X-Force ID: 278547. | |||||
| CVE-2024-2427 | 1 Rockwellautomation | 2 Powerflex 527 Ac Drives, Powerflex 527 Ac Drives Firmware | 2025-01-31 | N/A | 7.5 HIGH |
| A denial-of-service vulnerability exists in the Rockwell Automation PowerFlex® 527 due to improper traffic throttling in the device. If multiple data packets are sent to the device repeatedly the device will crash and require a manual restart to recover. | |||||
| CVE-2024-2426 | 1 Rockwellautomation | 2 Powerflex 527 Ac Drives, Powerflex 527 Ac Drives Firmware | 2025-01-31 | N/A | 7.5 HIGH |
| A denial-of-service vulnerability exists in the Rockwell Automation PowerFlex® 527 due to improper input validation in the device. If exploited, a disruption in the CIP communication will occur and a manual restart will be required by the user to recover it. | |||||