Total
359 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-29728 | 1 Applika | 1 Call Blocker | 2025-01-13 | N/A | 9.8 CRITICAL |
| The Call Blocker application 6.6.3 for Android allows attackers to tamper with feature-related data, resulting in a severe elevation of privilege attack. | |||||
| CVE-2023-28349 | 2 Faronics, Microsoft | 2 Insight, Windows | 2025-01-13 | N/A | 8.8 HIGH |
| An issue was discovered in Faronics Insight 10.0.19045 on Windows. It is possible for an attacker to create a crafted program that functions similarly to the Teacher Console. This can compel Student Consoles to connect and put themselves at risk automatically. Connected Student Consoles can be compelled to write arbitrary files to arbitrary locations on disk with NT AUTHORITY/SYSTEM level permissions, enabling remote code execution. | |||||
| CVE-2023-30196 | 1 Webbax | 1 Salesbooster | 2025-01-13 | N/A | 7.5 HIGH |
| Prestashop salesbooster <= 1.10.4 is vulnerable to Incorrect Access Control via modules/salesbooster/downloads/download.php. | |||||
| CVE-2023-29745 | 1 Bestweather Project | 1 Bestweather | 2025-01-13 | N/A | 7.1 HIGH |
| An issue found in BestWeather v.7.3.1 for Android allows unauthorized apps to cause a persistent denial of service attack by manipulating the database. | |||||
| CVE-2023-29743 | 1 Bestweather Project | 1 Bestweather | 2025-01-13 | N/A | 7.5 HIGH |
| An issue found in BestWeather v.7.3.1 for Android allows unauthorized apps to cause a persistent denial of service attack by manipulating the database. | |||||
| CVE-2023-33740 | 2 Google, Luowice | 2 Android, Luowice | 2025-01-13 | N/A | 7.5 HIGH |
| Incorrect access control in luowice v3.5.18 allows attackers to access cloud source code information via modification fo the Verify parameter in a warning message. | |||||
| CVE-2024-51072 | 2025-01-10 | N/A | 5.3 MEDIUM | ||
| An issue in KIA Seltos vehicle instrument cluster with software and hardware v1.0 allows attackers to cause a Denial of Service (DoS) via ECU reset UDS service. NOTE: this is disputed by the Supplier because the findings came from a potentially unrealistic test environment (an isolated ECU part that was not in a vehicle), and because the ECUReset specification does not allow a manufacturer to require SecurityAccess and Authentication. | |||||
| CVE-2023-27745 | 1 Southrivertech | 1 Titan Ftp Server Nextgen | 2025-01-09 | N/A | 8.8 HIGH |
| An issue in South River Technologies TitanFTP Before v2.0.1.2102 allows attackers with low-level privileges to perform Administrative actions by sending requests to the user server. | |||||
| CVE-2023-28164 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2025-01-09 | N/A | 6.5 MEDIUM |
| Dragging a URL from a cross-origin iframe that was removed during the drag could have led to user confusion and website spoofing attacks. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9. | |||||
| CVE-2023-2589 | 1 Gitlab | 1 Gitlab | 2025-01-07 | N/A | 5.9 MEDIUM |
| An issue has been discovered in GitLab EE affecting all versions starting from 12.0 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. An attacker can clone a repository from a public project, from a disallowed IP, even after the top-level group has enabled IP restrictions on the group. | |||||
| CVE-2023-33443 | 1 Besder | 2 Bes--6024pb-i50h1, Videoplaytool | 2025-01-06 | N/A | 9.8 CRITICAL |
| Incorrect access control in the administrative functionalities of BES--6024PB-I50H1 VideoPlayTool v2.0.1.0 allow attackers to execute arbitrary administrative commands via a crafted payload sent to the desired endpoints. | |||||
| CVE-2023-29751 | 1 Yandex | 1 Navigator | 2025-01-06 | N/A | 5.5 MEDIUM |
| An issue found in Yandex Navigator v.6.60 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files. | |||||
| CVE-2023-29756 | 1 Urbanandroid | 1 Twilight | 2025-01-06 | N/A | 5.5 MEDIUM |
| An issue found in Twilight v.13.3 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files. | |||||
| CVE-2023-29753 | 1 Ekatox | 1 Facemoji\ | 2025-01-06 | N/A | 5.5 MEDIUM |
| An issue found in Facemoji Emoji Keyboard v.2.9.1.2 for Android allows a local attacker to cause a denial of service via the SharedPreference files. | |||||
| CVE-2023-27360 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2025-01-03 | N/A | 8.8 HIGH |
| NETGEAR RAX30 lighttpd Misconfiguration Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the lighttpd HTTP server. The issue results from allowing execution of files from untrusted sources. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19398. | |||||
| CVE-2024-55917 | 2024-12-31 | N/A | 7.8 HIGH | ||
| An origin validation error vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2022-21505 | 2024-12-27 | N/A | 6.7 MEDIUM | ||
| In the linux kernel, if IMA appraisal is used with the "ima_appraise=log" boot param, lockdown can be defeated with kexec on any machine when Secure Boot is disabled or unavailable. IMA prevents setting "ima_appraise=log" from the boot param when Secure Boot is enabled, but this does not cover cases where lockdown is used without Secure Boot. CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity, Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). | |||||
| CVE-2024-44212 | 1 Apple | 6 Ipados, Iphone Os, Safari and 3 more | 2024-12-20 | N/A | 5.3 MEDIUM |
| A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18.1, visionOS 2.1, tvOS 18.1, iOS 18.1 and iPadOS 18.1, watchOS 11.1. Cookies belonging to one origin may be sent to another origin. | |||||
| CVE-2022-32144 | 2024-12-20 | N/A | 8.6 HIGH | ||
| There is an insufficient input verification vulnerability in Huawei product. Successful exploitation of this vulnerability may lead to service abnormal. (Vulnerability ID: HWPSIRT-2022-76192) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2022-32144. | |||||
| CVE-2024-54490 | 1 Apple | 1 Macos | 2024-12-19 | N/A | 5.5 MEDIUM |
| This issue was addressed by enabling hardened runtime. This issue is fixed in macOS Sequoia 15.2. A local attacker may gain access to user's Keychain items. | |||||