Total
470 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-44267 | 1 Imagemagick | 1 Imagemagick | 2025-03-26 | 6.5 Medium |
| ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parses a PNG image (e.g., for resize), the convert process could be left waiting for stdin input. | ||||
| CVE-2025-29313 | 2025-03-25 | 7.5 High | ||
| Use of incorrectly resolved name or reference in OpenDaylight Service Function Chaining (SFC) Subproject SFC Sodium-SR4 and below allows attackers to cause a Denial of Service (DoS). | ||||
| CVE-2025-1632 | 1 Libarchive | 1 Libarchive | 2025-03-25 | 3.3 Low |
| A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-24160 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2025-03-24 | 4.3 Medium |
| The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Parsing a file may lead to an unexpected app termination. | ||||
| CVE-2017-6627 | 1 Cisco | 2 Ios, Ios Xe | 2025-03-21 | 7.5 High |
| A vulnerability in the UDP processing code of Cisco IOS 15.1, 15.2, and 15.4 and IOS XE 3.14 through 3.18 could allow an unauthenticated, remote attacker to cause the input queue of an affected system to hold UDP packets, causing an interface queue wedge and a denial of service (DoS) condition. The vulnerability is due to Cisco IOS Software application changes that create UDP sockets and leave the sockets idle without closing them. An attacker could exploit this vulnerability by sending UDP packets with a destination port of 0 to an affected device. A successful exploit could allow the attacker to cause UDP packets to be held in the input interfaces queue, resulting in a DoS condition. The input interface queue will stop holding UDP packets when it receives 250 packets. Cisco Bug IDs: CSCup10024, CSCva55744, CSCva95506. | ||||
| CVE-2025-2588 | 2025-03-21 | 3.3 Low | ||
| A vulnerability has been found in Hercules Augeas 1.14.1 and classified as problematic. This vulnerability affects the function re_case_expand of the file src/fa.c. The manipulation of the argument re leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-2591 | 2025-03-21 | 4.3 Medium | ||
| A vulnerability classified as problematic was found in Open Asset Import Library Assimp 5.4.3. This vulnerability affects the function MDLImporter::InternReadFile_Quake1 of the file code/AssetLib/MDL/MDLLoader.cpp. The manipulation of the argument skinwidth/skinheight leads to divide by zero. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is identified as ab66a1674fcfac87aaba4c8b900b315ebc3e7dbd. It is recommended to apply a patch to fix this issue. | ||||
| CVE-2025-29357 | 2025-03-19 | 7.5 High | ||
| Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the startIp and endIp parameters at /goform/SetPptpServerCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet. | ||||
| CVE-2024-9399 | 2 Mozilla, Redhat | 8 Firefox, Thunderbird, Enterprise Linux and 5 more | 2025-03-14 | 7.5 High |
| A website configured to initiate a specially crafted WebTransport session could crash the Firefox process leading to a denial of service condition. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131. | ||||
| CVE-2024-25087 | 2 Jungo, Mitsubishielectric | 43 Windriver, Cpu Module Logging Configuration Tool, Cw Configurator and 40 more | 2025-03-14 | 5.5 Medium |
| Denial of Service (DoS) vulnerability in Jungo WinDriver before 12.7.0 allows local attackers to cause a Windows blue screen error. | ||||
| CVE-2024-33844 | 1 Parrot | 1 Anafi Firmware | 2025-03-13 | 7.5 High |
| The 'control' in Parrot ANAFI USA firmware 1.10.4 does not check the MAV_MISSION_TYPE(0, 1, 2, 255), which allows attacker to cut off the connection between a controller and the drone by sending MAVLink MISSION_COUNT command with a wrong MAV_MISSION_TYPE. | ||||
| CVE-2024-22105 | 2 Jungo, Mitsubishielectric | 43 Windriver, Cpu Module Logging Configuration Tool, Cw Configurator and 40 more | 2025-03-13 | 5.5 Medium |
| Denial of Service (DoS) vulnerability in Jungo WinDriver before 12.5.1 allows local attackers to cause a Windows blue screen error. | ||||
| CVE-2024-31611 | 1 Seacms | 1 Seacms | 2025-03-13 | 9.1 Critical |
| SeaCMS 12.9 has a file deletion vulnerability via admin_template.php. | ||||
| CVE-2024-21253 | 1 Oracle | 1 Vm Virtualbox | 2025-03-13 | 2.3 Low |
| Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.22. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 2.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L). | ||||
| CVE-2023-0936 | 1 Tp-link | 1 Archer C50 | 2025-03-12 | 6.5 Medium |
| A vulnerability was found in TP-Link Archer C50 V2_160801. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Web Management Interface. The manipulation leads to denial of service. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221552. | ||||
| CVE-2022-3353 | 1 Hitachienergy | 25 Fox615 Tego1, Fox615 Tego1 Firmware, Gms600 and 22 more | 2025-03-12 | 5.9 Medium |
| A vulnerability exists in the IEC 61850 communication stack that affects multiple Hitachi Energy products. An attacker could exploit the vulnerability by using a specially crafted message sequence, to force the IEC 61850 MMS-server communication stack, to stop accepting new MMS-client connections. Already existing/established client-server connections are not affected. List of affected CPEs: * cpe:2.3:o:hitachienergy:fox61x_tego1:r15b08:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:fox61x_tego1:r2a16_3:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:fox61x_tego1:r2a16:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:fox61x_tego1:r1e01:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:fox61x_tego1:r1d02:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:fox61x_tego1:r1c07:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:fox61x_tego1:r1b02:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:gms600:1.3.0:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.1.*:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.5.*:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.6.0:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.6.0.1:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.7.0:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.7.2:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.8.0:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:itt600_sa_explorer:2.0.*:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:itt600_sa_explorer:2.1.0.4:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:itt600_sa_explorer:2.1.0.5:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.*:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.4:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.4.1:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:mms:2.2.3:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:pwc600:1.0:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:pwc600:1.1:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:pwc600:1.2:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:reb500:7:*:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:reb500:8:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:relion670:1.2.*:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:relion670:2.0.*:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:relion650:1.1.*:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:relion650:1.3.*:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:relion650:2.1.*:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:relion670:2.1.*:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:relionSAM600-IO:2.2.1:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:relionSAM600-IO:2.2.5:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:relion670:2.2.*:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:relion650:2.2.*:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:rtu500cmu:12.*.*:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:rtu500cmu:13.*.*:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:txpert_hub_coretec_4:2.*:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:txpert_hub_coretec_4:3.0:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:txpert_hub_coretec_5:3.0:*:*:*:*:*:*:* | ||||
| CVE-2025-1150 | 1 Gnu | 1 Binutils | 2025-03-11 | 3.1 Low |
| A vulnerability was found in GNU Binutils 2.43. It has been declared as problematic. This vulnerability affects the function bfd_malloc of the file libbfd.c of the component ld. The manipulation leads to memory leak. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: "I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master." | ||||
| CVE-2025-2122 | 2025-03-10 | 3.1 Low | ||
| A vulnerability classified as problematic was found in Thinkware Car Dashcam F800 Pro up to 20250226. Affected by this vulnerability is an unknown functionality of the component Connection Handler. The manipulation leads to denial of service. The attack can only be initiated within the local network. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-46861 | 1 Linux | 1 Linux Kernel | 2025-03-10 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: usbnet: ipheth: do not stop RX on failing RX callback RX callbacks can fail for multiple reasons: * Payload too short * Payload formatted incorrecly (e.g. bad NCM framing) * Lack of memory None of these should cause the driver to seize up. Make such failures non-critical and continue processing further incoming URBs. | ||||
| CVE-2023-34059 | 3 Debian, Redhat, Vmware | 7 Debian Linux, Enterprise Linux, Rhel Aus and 4 more | 2025-03-06 | 7.4 High |
| open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the /dev/uinput file descriptor allowing them to simulate user inputs. | ||||