Total
286780 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-44178 | 1 Apple | 1 Macos | 2025-03-15 | 5.5 Medium |
| This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to modify protected parts of the file system. | ||||
| CVE-2024-31324 | 1 Google | 1 Android | 2025-03-15 | 7.8 High |
| In hide of WindowState.java, there is a possible way to bypass tapjacking/overlay protection by launching the activity in portrait mode first and then rotating it to landscape mode. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation. | ||||
| CVE-2024-27859 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2025-03-15 | 8.8 High |
| The issue was addressed with improved memory handling. This issue is fixed in iOS 17.4 and iPadOS 17.4, tvOS 17.4, watchOS 10.4, visionOS 1.1, macOS Sonoma 14.4. Processing web content may lead to arbitrary code execution. | ||||
| CVE-2024-24416 | 1 Linuxfoundation | 1 Magma | 2025-03-15 | 7.5 High |
| The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) was discovered to contain a buffer overflow in the decode_access_point_name_ie function at /3gpp/3gpp_24.008_sm_ies.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet. | ||||
| CVE-2023-42943 | 1 Apple | 1 Macos | 2025-03-15 | 5.5 Medium |
| A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14. An app may be able to read sensitive location information. | ||||
| CVE-2018-9384 | 2025-03-15 | 4.4 Medium | ||
| In multiple locations, there is a possible way to bypass KASLR due to an unusual root cause. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-2333 | 2025-03-15 | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage. | ||||
| CVE-2025-1391 | 1 Redhat | 1 Build Keycloak | 2025-03-15 | 5.4 Medium |
| A flaw was found in the Keycloak organization feature, which allows the incorrect assignment of an organization to a user if their username or email matches the organization’s domain pattern. This issue occurs at the mapper level, leading to misrepresentation in tokens. If an application relies on these claims for authorization, it may incorrectly assume a user belongs to an organization they are not a member of, potentially granting unauthorized access or privileges. | ||||
| CVE-2025-1247 | 1 Redhat | 2 Camel Quarkus, Quarkus | 2025-03-15 | 8.3 High |
| A flaw was found in Quarkus REST that allows request parameters to leak between concurrent requests if endpoints use field injection without a CDI scope. This vulnerability allows attackers to manipulate request data, impersonate users, or access sensitive information. | ||||
| CVE-2025-1244 | 1 Redhat | 7 Enterprise Linux, Openshift Builds, Rhel Aus and 4 more | 2025-03-15 | 8.8 High |
| A command injection flaw was found in the text editor Emacs. It could allow a remote, unauthenticated attacker to execute arbitrary shell commands on a vulnerable system. Exploitation is possible by tricking users into visiting a specially crafted website or an HTTP URL with a redirect. | ||||
| CVE-2023-5215 | 1 Redhat | 3 Advanced Virtualization, Enterprise Linux, Libnbd | 2025-03-15 | 5.3 Medium |
| A flaw was found in libnbd. A server can reply with a block size larger than 2^63 (the NBD spec states the size is a 64-bit unsigned value). This issue could lead to an application crash or other unintended behavior for NBD clients that doesn't treat the return value of the nbd_get_size() function correctly. | ||||
| CVE-2025-0754 | 1 Redhat | 1 Service Mesh | 2025-03-15 | 4.3 Medium |
| The vulnerability was found in OpenShift Service Mesh 2.6.3 and 2.5.6. This issue occurs due to improper sanitization of HTTP headers by Envoy, particularly the x-forwarded-for header. This lack of sanitization can allow attackers to inject malicious payloads into service mesh logs, leading to log injection and spoofing attacks. Such injections can mislead logging mechanisms, enabling attackers to manipulate log entries or execute reflected cross-site scripting (XSS) attacks. | ||||
| CVE-2025-0752 | 1 Redhat | 1 Service Mesh | 2025-03-15 | 6.3 Medium |
| A flaw was found in OpenShift Service Mesh 2.6.3 and 2.5.6. Rate-limiter avoidance, access-control bypass, CPU and memory exhaustion, and replay attacks may be possible due to improper HTTP header sanitization in Envoy. | ||||
| CVE-2025-0750 | 1 Redhat | 1 Openshift | 2025-03-15 | 6.6 Medium |
| A vulnerability was found in CRI-O. A path traversal issue in the log management functions (UnMountPodLogs and LinkContainerLogs) may allow an attacker with permissions to create and delete Pods to unmount arbitrary host paths, leading to node-level denial of service by unmounting critical system directories. | ||||
| CVE-2024-12401 | 1 Redhat | 8 Cert Manager, Cryostat, Hybrid Cloud Gateway and 5 more | 2025-03-15 | 4.4 Medium |
| A flaw was found in the cert-manager package. This flaw allows an attacker who can modify PEM data that the cert-manager reads, for example, in a Secret resource, to use large amounts of CPU in the cert-manager controller pod to effectively create a denial-of-service (DoS) vector for the cert-manager in the cluster. | ||||
| CVE-2024-4028 | 1 Redhat | 2 Build Keycloak, Red Hat Single Sign On | 2025-03-15 | 3.8 Low |
| A vulnerability was found in Keycloak. This issue may allow a privileged attacker to use a malicious payload as the permission while creating items (Resource and Permissions) from the admin console, leading to a stored cross-site scripting (XSS) attack. | ||||
| CVE-2024-1726 | 1 Redhat | 1 Quarkus | 2025-03-15 | 5.3 Medium |
| A flaw was discovered in the RESTEasy Reactive implementation in Quarkus. Due to security checks for some JAX-RS endpoints being performed after serialization, more processing resources are consumed while the HTTP request is checked. In certain configurations, if an attacker has knowledge of any POST, PUT, or PATCH request paths, they can potentially identify vulnerable endpoints and trigger excessive resource usage as the endpoints process the requests. This can result in a denial of service. | ||||
| CVE-2024-1722 | 1 Redhat | 3 Build Keycloak, Keycloak, Red Hat Single Sign On | 2025-03-15 | 3.7 Low |
| A flaw was found in Keycloak. In certain conditions, this issue may allow a remote unauthenticated attacker to block other accounts from logging in. | ||||
| CVE-2023-6841 | 1 Redhat | 7 Jboss Enterprise Bpms Platform, Jboss Fuse, Keycloak and 4 more | 2025-03-15 | 7.5 High |
| A denial of service vulnerability was found in keycloak where the amount of attributes per object is not limited,an attacker by sending repeated HTTP requests could cause a resource exhaustion when the application send back rows with long attribute values. | ||||
| CVE-2024-46662 | 1 Fortinet | 1 Fortimanager | 2025-03-15 | 8.3 High |
| A improper neutralization of special elements used in a command ('command injection') in Fortinet FortiManager versions 7.4.1 through 7.4.3, FortiManager Cloud versions 7.4.1 through 7.4.3 allows attacker to escalation of privilege via specifically crafted packets | ||||