Total
29599 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-9804 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| vision.c in ImageMagick allows remote attackers to cause a denial of service (infinite loop) via vectors related to "too many object." | |||||
| CVE-2016-9389 | 1 Jasper Project | 1 Jasper | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| The jpc_irct and jpc_iict functions in jpc_mct.c in JasPer before 1.900.14 allow remote attackers to cause a denial of service (assertion failure). | |||||
| CVE-2016-6875 | 1 Facebook | 1 Hhvm | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Infinite recursion in wddx in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors. | |||||
| CVE-2016-9392 | 1 Jasper Project | 1 Jasper | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| The calcstepsizes function in jpc_dec.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file. | |||||
| CVE-2017-2415 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code by leveraging an unspecified "type confusion." | |||||
| CVE-2016-8779 | 1 Huawei | 1 Fusionaccess | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| Huawei FusionAccess with software V100R005C10 and V100R005C20 could allow remote attackers with specific permission to inject a Lightweight Directory Access Protocol (LDAP) operation command into a specific input variable to obtain sensitive information from the database. | |||||
| CVE-2016-7478 | 1 Php | 1 Php | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (infinite loop) via a crafted Exception object in serialized data, a related issue to CVE-2015-8876. | |||||
| CVE-2015-8158 | 1 Ntp | 1 Ntp | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| The getresponse function in ntpq in NTP versions before 4.2.8p9 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (infinite loop) via crafted packets with incorrect values. | |||||
| CVE-2015-7825 | 1 Botan Project | 1 Botan | 2025-04-20 | 7.8 HIGH | 7.5 HIGH |
| botan before 1.11.22 improperly validates certificate paths, which allows remote attackers to cause a denial of service (infinite loop and memory consumption) via a certificate with a loop in the certificate chain. | |||||
| CVE-2016-9334 | 1 Rockwellautomation | 20 1763-l16awa Series A, 1763-l16awa Series B, 1763-l16bbb Series A and 17 more | 2025-04-20 | 5.0 MEDIUM | 7.3 HIGH |
| An issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 controller 1763-L16AWA, Series A and B, Version 14.000 and prior versions; 1763-L16BBB, Series A and B, Version 14.000 and prior versions; 1763-L16BWA, Series A and B, Version 14.000 and prior versions; and 1763-L16DWD, Series A and B, Version 14.000 and prior versions. User credentials are sent to the web server in clear text, which may allow an attacker to discover the credentials if they are able to observe traffic between the web browser and the server. | |||||
| CVE-2017-7273 | 1 Linux | 1 Linux Kernel | 2025-04-20 | 4.6 MEDIUM | 6.6 MEDIUM |
| The cp_report_fixup function in drivers/hid/hid-cypress.c in the Linux kernel 3.2 and 4.x before 4.9.4 allows physically proximate attackers to cause a denial of service (integer underflow) or possibly have unspecified other impact via a crafted HID report. | |||||
| CVE-2017-2383 | 1 Apple | 2 Icloud, Itunes | 2025-04-20 | 3.5 LOW | 3.1 LOW |
| An issue was discovered in certain Apple products. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. The issue involves cleartext client-certificate transmission in the "APNs Server" component. It allows man-in-the-middle attackers to track users via correlation with this certificate. | |||||
| CVE-2016-2336 | 1 Ruby-lang | 1 Ruby | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Type confusion exists in two methods of Ruby's WIN32OLE class, ole_invoke and ole_query_interface. Attacker passing different type of object than this assumed by developers can cause arbitrary code execution. | |||||
| CVE-2016-6874 | 1 Facebook | 1 Hhvm | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| The array_*_recursive functions in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors, related to recursion. | |||||
| CVE-2022-20550 | 1 Google | 1 Android | 2025-04-18 | N/A | 7.8 HIGH |
| In Multiple Locations, there is a possibility to launch arbitrary protected activities due to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-242845514 | |||||
| CVE-2022-20515 | 1 Google | 1 Android | 2025-04-18 | N/A | 5.5 MEDIUM |
| In onPreferenceClick of AccountTypePreferenceLoader.java, there is a possible way to retrieve protected files from the Settings app due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-220733496 | |||||
| CVE-2022-31708 | 1 Vmware | 1 Vrealize Operations | 2025-04-18 | N/A | 4.9 MEDIUM |
| vRealize Operations (vROps) contains a broken access control vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.4. | |||||
| CVE-2025-24367 | 1 Cacti | 1 Cacti | 2025-04-18 | N/A | 8.8 HIGH |
| Cacti is an open source performance and fault management framework. An authenticated Cacti user can abuse graph creation and graph template functionality to create arbitrary PHP scripts in the web root of the application, leading to remote code execution on the server. This vulnerability is fixed in 1.2.29. | |||||
| CVE-2022-49389 | 1 Linux | 1 Linux Kernel | 2025-04-17 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: usb: usbip: fix a refcount leak in stub_probe() usb_get_dev() is called in stub_device_alloc(). When stub_probe() fails after that, usb_put_dev() needs to be called to release the reference. Fix this by moving usb_put_dev() to sdev_free error path handling. Find this by code review. | |||||
| CVE-2022-49386 | 1 Linux | 1 Linux Kernel | 2025-04-17 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: net: ethernet: ti: am65-cpsw-nuss: Fix some refcount leaks of_get_child_by_name() returns a node pointer with refcount incremented, we should use of_node_put() on it when not need anymore. am65_cpsw_init_cpts() and am65_cpsw_nuss_probe() don't release the refcount in error case. Add missing of_node_put() to avoid refcount leak. | |||||