Total
31401 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-21102 | 2 Netapp, Oracle | 7 Active Iq Unified Manager, Oncommand Insight, Oncommand Workflow Automation and 4 more | 2025-03-26 | 4.9 Medium |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | ||||
| CVE-2024-34738 | 1 Google | 1 Android | 2025-03-26 | 7.7 High |
| In multiple functions of AppOpsService.java, there is a possible way for unprivileged apps to read their own restrictRead app-op states due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-27913 | 1 Frrouting | 1 Frrouting | 2025-03-26 | 6.2 Medium |
| ospf_te_parse_te in ospfd/ospf_te.c in FRRouting (FRR) through 9.1 allows remote attackers to cause a denial of service (ospfd daemon crash) via a malformed OSPF LSA packet, because of an attempted access to a missing attribute field. | ||||
| CVE-2024-20923 | 1 Oracle | 3 Graalvm, Jdk, Jre | 2025-03-26 | 3.1 Low |
| Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u391; Oracle GraalVM Enterprise Edition: 20.3.12 and 21.3.8. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). | ||||
| CVE-2023-52375 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-26 | 5.5 Medium |
| Permission control vulnerability in the WindowManagerServices module.Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2023-45874 | 1 Couchbase | 1 Couchbase Server | 2025-03-26 | 4.3 Medium |
| An issue was discovered in Couchbase Server through 7.2.2. A data reader may cause a denial of service (outage of reader threads). | ||||
| CVE-2023-42920 | 2 Apple, Claris | 3 Macos, Claris Pro, Filemaker Pro | 2025-03-26 | 7.8 High |
| Claris International has fixed a dylib hijacking vulnerability in the FileMaker Pro.app and Claris Pro.app versions on macOS. | ||||
| CVE-2023-42873 | 1 Apple | 4 Ipad Os, Iphone Os, Macos and 1 more | 2025-03-26 | 7.8 High |
| The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14.1, tvOS 17.1, macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.1. An app may be able to execute arbitrary code with kernel privileges. | ||||
| CVE-2023-42836 | 1 Apple | 3 Ipad Os, Iphone Os, Macos | 2025-03-26 | 5.3 Medium |
| A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.3, macOS Sonoma 14.1, macOS Monterey 12.7.2. An attacker may be able to access connected network volumes mounted in the home directory. | ||||
| CVE-2024-45236 | 2 Fort Validator Project, Nicmx | 2 Fort Validator, Fort-validator | 2025-03-26 | 7.5 High |
| An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) a signed object containing an empty signedAttributes field. Fort accesses the set's elements without sanitizing it first. Because Fort is an RPKI Relying Party, a crash can lead to Route Origin Validation unavailability, which can lead to compromised routing. | ||||
| CVE-2024-40552 | 1 Publiccms | 1 Publiccms | 2025-03-26 | 8.8 High |
| PublicCMS v4.0.202302.e was discovered to contain a remote commande execution (RCE) vulnerability via the cmdarray parameter at /site/ScriptComponent.java. | ||||
| CVE-2024-27818 | 1 Apple | 4 Ios, Ipados, Iphone Os and 1 more | 2025-03-26 | 7.8 High |
| The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. An attacker may be able to cause unexpected app termination or arbitrary code execution. | ||||
| CVE-2024-23710 | 1 Google | 1 Android | 2025-03-26 | 7.8 High |
| In assertPackageWithSharedUserIdIsPrivileged of InstallPackageHelper.java, there is a possible execution of arbitrary app code as a privileged app due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-23247 | 1 Apple | 1 Macos | 2025-03-26 | 7.8 High |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. Processing a file may lead to unexpected app termination or arbitrary code execution. | ||||
| CVE-2024-21082 | 1 Oracle | 1 Bi Publisher | 2025-03-26 | 9.8 Critical |
| Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: XML Services). Supported versions that are affected are 7.0.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in takeover of Oracle BI Publisher. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). | ||||
| CVE-2024-21013 | 2 Netapp, Oracle | 5 Active Iq Unified Manager, Oncommand Insight, Oncommand Workflow Automation and 2 more | 2025-03-26 | 4.4 Medium |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). | ||||
| CVE-2022-32656 | 1 Mediatek | 60 Mt5221, Mt5221 Firmware, Mt7603 and 57 more | 2025-03-26 | 6.7 Medium |
| In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220705035; Issue ID: GN20220705035. | ||||
| CVE-2022-32654 | 1 Mediatek | 60 Mt5221, Mt5221 Firmware, Mt7603 and 57 more | 2025-03-26 | 6.7 Medium |
| In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220705011; Issue ID: GN20220705011. | ||||
| CVE-2016-0185 | 1 Microsoft | 3 Windows 7, Windows 8.1, Windows Vista | 2025-03-26 | 7.8 High |
| Media Center in Microsoft Windows Vista SP2, Windows 7 SP1, and Windows 8.1 allows remote attackers to execute arbitrary code via a crafted Media Center link (aka .mcl) file, aka "Windows Media Center Remote Code Execution Vulnerability." | ||||
| CVE-2015-6175 | 1 Microsoft | 1 Windows 10 1507 | 2025-03-26 | 7.8 High |
| The kernel in Microsoft Windows 10 Gold allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Elevation of Privilege Vulnerability." | ||||