Total
29682 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-1825 | 1 Gitlab | 1 Gitlab | 2025-03-20 | N/A | 3.1 LOW |
| An issue has been discovered in GitLab EE affecting all versions starting from 15.7 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. It was possible to disclose issue notes to an unauthorized user at project export. | |||||
| CVE-2023-2485 | 1 Gitlab | 1 Gitlab | 2025-03-20 | N/A | 4.4 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.1 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A malicious maintainer in a project can escalate other users to Owners in that project if they import members from another project that those other users are Owners of. | |||||
| CVE-2024-32912 | 1 Google | 1 Android | 2025-03-20 | N/A | 5.5 MEDIUM |
| there is a possible persistent Denial of Service due to test/debugging code left in a production build. This could lead to local denial of service of impaired use of the device with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-41243 | 1 Lopalopa | 1 Responsive School Management System | 2025-03-19 | N/A | 5.3 MEDIUM |
| An Incorrect Access Control vulnerability was found in /smsa/view_marks.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view MARKS details. | |||||
| CVE-2023-23461 | 1 Libpeconv Project | 1 Libpeconv | 2025-03-19 | N/A | 9.8 CRITICAL |
| Libpeconv – access violation, before commit b076013 (30/11/2022). | |||||
| CVE-2022-46892 | 1 Amperecomputing | 4 Ampere Altra, Ampere Altra Firmware, Ampere Altra Max and 1 more | 2025-03-19 | N/A | 9.8 CRITICAL |
| In Ampere AltraMax and Ampere Altra before 2.10c, improper access controls allows the OS to reinitialize a disabled root complex. | |||||
| CVE-2021-3172 | 1 Php-fusion | 1 Php-fusion | 2025-03-19 | N/A | 8.1 HIGH |
| An issue in Php-Fusion v9.03.90 fixed in v9.10.00 allows authenticated attackers to cause a Distributed Denial of Service via the Polling feature. | |||||
| CVE-2020-36780 | 1 Linux | 1 Linux Kernel | 2025-03-19 | N/A | 4.7 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: i2c: sprd: fix reference leak when pm_runtime_get_sync fails The PM reference count is not expected to be incremented on return in sprd_i2c_master_xfer() and sprd_i2c_remove(). However, pm_runtime_get_sync will increment the PM reference count even failed. Forgetting to putting operation will result in a reference leak here. Replace it with pm_runtime_resume_and_get to keep usage counter balanced. | |||||
| CVE-2025-26473 | 1 Outbackpower | 2 Mojave Inverter Oghi8048a, Mojave Inverter Oghi8048a Firmware | 2025-03-19 | N/A | 7.5 HIGH |
| The Mojave Inverter uses the GET method for sensitive information. | |||||
| CVE-2023-2019 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-03-18 | N/A | 4.4 MEDIUM |
| A flaw was found in the Linux kernel's netdevsim device driver, within the scheduling of events. This issue results from the improper management of a reference count. This may allow an attacker to create a denial of service condition on the system. | |||||
| CVE-2023-24484 | 1 Citrix | 1 Workspace | 2025-03-18 | N/A | 5.5 MEDIUM |
| A malicious user can cause log files to be written to a directory that they do not have permission to write to. | |||||
| CVE-2023-0482 | 2 Netapp, Redhat | 3 Active Iq Unified Manager, Oncommand Workflow Automation, Resteasy | 2025-03-18 | N/A | 5.5 MEDIUM |
| In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user. | |||||
| CVE-2023-24320 | 1 Axcora | 1 Axcora | 2025-03-18 | N/A | 9.8 CRITICAL |
| An access control issue in Axcora POS #0~gitf77ec09 allows unauthenticated attackers to execute arbitrary commands via unspecified vectors. | |||||
| CVE-2022-23240 | 1 Netapp | 1 Active Iq Unified Manager | 2025-03-18 | N/A | 6.5 MEDIUM |
| Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.11P1 are susceptible to a vulnerability which allows unauthorized users to update EMS Subscriptions via unspecified vectors. | |||||
| CVE-2023-0951 | 1 Devolutions | 1 Devolutions Server | 2025-03-17 | N/A | 8.8 HIGH |
| Improper access controls on some API endpoints in Devolutions Server 2022.3.12 and earlier could allow a standard privileged user to perform privileged actions. | |||||
| CVE-2023-6080 | 1 Lakesidesoftware | 1 Systrack Lsiagent | 2025-03-17 | N/A | 7.8 HIGH |
| Lakeside Software’s SysTrack LsiAgent Installer version 10.7.8 for Windows contains a local privilege escalation vulnerability which allows attackers SYSTEM level access. | |||||
| CVE-2024-7267 | 1 Nask | 1 Ezd Rp | 2025-03-17 | N/A | 6.5 MEDIUM |
| Exposure of Sensitive Information vulnerability in Naukowa i Akademicka Sieć Komputerowa - Państwowy Instytut Badawczy EZD RP allows logged-in user to retrieve information about IP infrastructure and credentials. This issue affects EZD RP all versions before 19.6 | |||||
| CVE-2021-46989 | 1 Linux | 1 Linux Kernel | 2025-03-14 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: hfsplus: prevent corruption in shrinking truncate I believe there are some issues introduced by commit 31651c607151 ("hfsplus: avoid deadlock on file truncation") HFS+ has extent records which always contains 8 extents. In case the first extent record in catalog file gets full, new ones are allocated from extents overflow file. In case shrinking truncate happens to middle of an extent record which locates in extents overflow file, the logic in hfsplus_file_truncate() was changed so that call to hfs_brec_remove() is not guarded any more. Right action would be just freeing the extents that exceed the new size inside extent record by calling hfsplus_free_extents(), and then check if the whole extent record should be removed. However since the guard (blk_cnt > start) is now after the call to hfs_brec_remove(), this has unfortunate effect that the last matching extent record is removed unconditionally. To reproduce this issue, create a file which has at least 10 extents, and then perform shrinking truncate into middle of the last extent record, so that the number of remaining extents is not under or divisible by 8. This causes the last extent record (8 extents) to be removed totally instead of truncating into middle of it. Thus this causes corruption, and lost data. Fix for this is simply checking if the new truncated end is below the start of this extent record, making it safe to remove the full extent record. However call to hfs_brec_remove() can't be moved to it's previous place since we're dropping ->tree_lock and it can cause a race condition and the cached info being invalidated possibly corrupting the node data. Another issue is related to this one. When entering into the block (blk_cnt > start) we are not holding the ->tree_lock. We break out from the loop not holding the lock, but hfs_find_exit() does unlock it. Not sure if it's possible for someone else to take the lock under our feet, but it can cause hard to debug errors and premature unlocking. Even if there's no real risk of it, the locking should still always be kept in balance. Thus taking the lock now just before the check. | |||||
| CVE-2024-7523 | 1 Mozilla | 1 Firefox | 2025-03-14 | N/A | 8.1 HIGH |
| A select option could partially obscure security prompts. This could be used by a malicious site to trick a user into granting permissions. *This issue only affects Android versions of Firefox.* This vulnerability affects Firefox < 129. | |||||
| CVE-2024-41250 | 1 Lopalopa | 1 Responsive School Management System | 2025-03-14 | N/A | 5.3 MEDIUM |
| An Incorrect Access Control vulnerability was found in /smsa/view_students.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view STUDENT details. | |||||