Total
29560 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-49591 | 1 Linux | 1 Linux Kernel | 2025-03-10 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: net: dsa: microchip: ksz_common: Fix refcount leak bug In ksz_switch_register(), we should call of_node_put() for the reference returned by of_get_child_by_name() which has increased the refcount. | |||||
| CVE-2021-36934 | 1 Microsoft | 5 Windows 10 1809, Windows 10 1909, Windows 10 2004 and 2 more | 2025-03-07 | 4.6 MEDIUM | 7.8 HIGH |
| <p>An elevation of privilege vulnerability exists because of overly permissive Access Control Lists (ACLs) on multiple system files, including the Security Accounts Manager (SAM) database. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>An attacker must have the ability to execute code on a victim system to exploit this vulnerability.</p> <p>After installing this security update, you <em>must</em> manually delete all shadow copies of system files, including the SAM database, to fully mitigate this vulnerabilty. <strong>Simply installing this security update will not fully mitigate this vulnerability.</strong> See <a href="https://support.microsoft.com/topic/1ceaa637-aaa3-4b58-a48b-baf72a2fa9e7">KB5005357- Delete Volume Shadow Copies</a>.</p> | |||||
| CVE-2021-42292 | 1 Microsoft | 4 365 Apps, Excel, Office and 1 more | 2025-03-07 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Excel Security Feature Bypass Vulnerability | |||||
| CVE-2021-42321 | 1 Microsoft | 1 Exchange Server | 2025-03-07 | 6.5 MEDIUM | 8.8 HIGH |
| Microsoft Exchange Server Remote Code Execution Vulnerability | |||||
| CVE-2022-2835 | 1 Coredns.io | 1 Coredns | 2025-03-07 | N/A | 4.4 MEDIUM |
| A flaw was found in coreDNS. This flaw allows a malicious user to reroute internal calls to some internal services that were accessed by the FQDN in a format of <service>.<namespace>.svc. | |||||
| CVE-2022-49717 | 1 Linux | 1 Linux Kernel | 2025-03-07 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: irqchip/apple-aic: Fix refcount leak in build_fiq_affinity of_find_node_by_phandle() returns a node pointer with refcount incremented, we should use of_node_put() on it when not need anymore. Add missing of_node_put() to avoid refcount leak. | |||||
| CVE-2022-49718 | 1 Linux | 1 Linux Kernel | 2025-03-07 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: irqchip/apple-aic: Fix refcount leak in aic_of_ic_init of_get_child_by_name() returns a node pointer with refcount incremented, we should use of_node_put() on it when not need anymore. Add missing of_node_put() to avoid refcount leak. | |||||
| CVE-2022-49719 | 1 Linux | 1 Linux Kernel | 2025-03-07 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: irqchip/gic/realview: Fix refcount leak in realview_gic_of_init of_find_matching_node_and_match() returns a node pointer with refcount incremented, we should use of_node_put() on it when not need anymore. Add missing of_node_put() to avoid refcount leak. | |||||
| CVE-2022-45552 | 1 Zbt | 2 We1626, We1626 Firmware | 2025-03-07 | N/A | 7.5 HIGH |
| An Insecure Permissions vulnerability in Shenzhen Zhiboton Electronics ZBT WE1626 Router v 21.06.18 allows attackers to obtain sensitive information via SPI bus interface connected to pinout of the NAND flash memory. | |||||
| CVE-2024-36985 | 1 Splunk | 1 Splunk | 2025-03-07 | N/A | 8.8 HIGH |
| In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10, a low-privileged user that does not hold the admin or power Splunk roles could cause a Remote Code Execution through an external lookup that references the “splunk_archiver“ application. | |||||
| CVE-2022-31177 | 1 Dpgaspar | 1 Flask-appbuilder | 2025-03-07 | N/A | 2.7 LOW |
| Flask-AppBuilder is an application development framework built on top of Flask python framework. In versions prior to 4.1.3 an authenticated Admin user could query other users by their salted and hashed passwords strings. These filters could be made by using partial hashed password strings. The response would not include the hashed passwords, but an attacker could infer partial password hashes and their respective users. This issue has been fixed in version 4.1.3. Users are advised to upgrade. There are no known workarounds for this issue. | |||||
| CVE-2023-24217 | 1 Agilebio | 1 Electronic Lab Notebook | 2025-03-06 | N/A | 8.8 HIGH |
| AgileBio Electronic Lab Notebook v4.234 was discovered to contain a local file inclusion vulnerability. | |||||
| CVE-2022-3854 | 1 Redhat | 1 Ceph Storage | 2025-03-06 | N/A | 6.5 MEDIUM |
| A flaw was found in Ceph, relating to the URL processing on RGW backends. An attacker can exploit the URL processing by providing a null URL to crash the RGW, causing a denial of service. | |||||
| CVE-2023-22335 | 1 Dos-osaka | 2 Rakuraku Pc Cloud Agent, Ss1 | 2025-03-06 | N/A | 7.5 HIGH |
| Improper access control vulnerability in SS1 Ver.13.0.0.40 and earlier and Rakuraku PC Cloud Agent Ver.2.1.8 and earlier allows a remote attacker to bypass access restriction and download an arbitrary file of the directory where the product runs. As a result of exploiting this vulnerability with CVE-2023-22336 and CVE-2023-22344 vulnerabilities together, it may allow a remote attacker to execute an arbitrary code with SYSTEM privileges by sending a specially crafted script to the affected device. | |||||
| CVE-2023-42553 | 1 Samsung | 1 Email | 2025-03-06 | N/A | 4.0 MEDIUM |
| Improper authorization verification vulnerability in Samsung Email prior to version 6.1.90.4 allows attackers to read sandbox data of email. | |||||
| CVE-2023-42542 | 1 Samsung | 1 Push Service | 2025-03-06 | N/A | 3.3 LOW |
| Improper access control vulnerability in Samsung Push Service prior to 3.4.10 allows local attackers to get register ID to identify the device. | |||||
| CVE-2023-42540 | 1 Samsung | 1 Account | 2025-03-06 | N/A | 4.0 MEDIUM |
| Improper access control vulnerability in Samsung Account prior to version 14.5.01.1 allows attackers to access sensitive information via implicit intent. | |||||
| CVE-2023-25144 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2025-03-06 | N/A | 7.8 HIGH |
| An improper access control vulnerability in the Trend Micro Apex One agent could allow a local attacker to gain elevated privileges and create arbitrary directories with arbitrary ownership. | |||||
| CVE-2024-5431 | 1 Themewinter | 1 Wpcafe | 2025-03-06 | N/A | 8.8 HIGH |
| The WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.25 via the reservation_extra_field shortcode parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include remote files on the server, potentially resulting in code execution | |||||
| CVE-2023-20628 | 2 Google, Mediatek | 42 Android, Mt6580, Mt6739 and 39 more | 2025-03-05 | N/A | 6.7 MEDIUM |
| In thermal, there is a possible memory corruption due to an uncaught exception. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07494460; Issue ID: ALPS07494460. | |||||