Total
31907 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-50431 | 1 Linux | 1 Linux Kernel | 2025-05-30 | N/A | 5.5 MEDIUM |
| sec_attest_info in drivers/accel/habanalabs/common/habanalabs_ioctl.c in the Linux kernel through 6.6.5 allows an information leak to user space because info->pad0 is not initialized. | |||||
| CVE-2024-21309 | 1 Microsoft | 5 Windows 11 21h2, Windows 11 22h2, Windows 11 23h2 and 2 more | 2025-05-30 | N/A | 7.8 HIGH |
| Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | |||||
| CVE-2024-39479 | 1 Linux | 1 Linux Kernel | 2025-05-30 | N/A | 7.8 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: drm/i915/hwmon: Get rid of devm When both hwmon and hwmon drvdata (on which hwmon depends) are device managed resources, the expectation, on device unbind, is that hwmon will be released before drvdata. However, in i915 there are two separate code paths, which both release either drvdata or hwmon and either can be released before the other. These code paths (for device unbind) are as follows (see also the bug referenced below): Call Trace: release_nodes+0x11/0x70 devres_release_group+0xb2/0x110 component_unbind_all+0x8d/0xa0 component_del+0xa5/0x140 intel_pxp_tee_component_fini+0x29/0x40 [i915] intel_pxp_fini+0x33/0x80 [i915] i915_driver_remove+0x4c/0x120 [i915] i915_pci_remove+0x19/0x30 [i915] pci_device_remove+0x32/0xa0 device_release_driver_internal+0x19c/0x200 unbind_store+0x9c/0xb0 and Call Trace: release_nodes+0x11/0x70 devres_release_all+0x8a/0xc0 device_unbind_cleanup+0x9/0x70 device_release_driver_internal+0x1c1/0x200 unbind_store+0x9c/0xb0 This means that in i915, if use devm, we cannot gurantee that hwmon will always be released before drvdata. Which means that we have a uaf if hwmon sysfs is accessed when drvdata has been released but hwmon hasn't. The only way out of this seems to be do get rid of devm_ and release/free everything explicitly during device unbind. v2: Change commit message and other minor code changes v3: Cleanup from i915_hwmon_register on error (Armin Wolf) v4: Eliminate potential static analyzer warning (Rodrigo) Eliminate fetch_and_zero (Jani) v5: Restore previous logic for ddat_gt->hwmon_dev error return (Andi) | |||||
| CVE-2022-32810 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-05-30 | N/A | 7.8 HIGH |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.5, watchOS 8.7, iOS 15.6 and iPadOS 15.6. An app may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2022-26776 | 1 Apple | 1 Macos | 2025-05-30 | 7.5 HIGH | 9.8 CRITICAL |
| This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. An attacker may be able to cause unexpected application termination or arbitrary code execution. | |||||
| CVE-2022-26774 | 1 Apple | 1 Itunes | 2025-05-30 | 4.6 MEDIUM | 7.8 HIGH |
| A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.12.4 for Windows. A local attacker may be able to elevate their privileges. | |||||
| CVE-2022-26773 | 1 Apple | 1 Itunes | 2025-05-30 | 5.8 MEDIUM | 7.1 HIGH |
| A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.12.4 for Windows. An application may be able to delete files for which it does not have permission. | |||||
| CVE-2025-40575 | 1 Siemens | 2 Scalance Lpe9403, Scalance Lpe9403 Firmware | 2025-05-30 | N/A | 4.3 MEDIUM |
| A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions). Affected devices do not properly validate incoming Profinet packets. An unauthenticated remote attacker can exploit this flaw by sending a specially crafted malicious packet, which leads to a crash of the dcpd process. | |||||
| CVE-2024-34009 | 1 Moodle | 1 Moodle | 2025-05-30 | N/A | 7.5 HIGH |
| Insufficient checks whether ReCAPTCHA was enabled made it possible to bypass the checks on the login page. This did not affect other pages where ReCAPTCHA is utilized. | |||||
| CVE-2024-33999 | 1 Moodle | 1 Moodle | 2025-05-30 | N/A | 9.8 CRITICAL |
| The referrer URL used by MFA required additional sanitizing, rather than being used directly. | |||||
| CVE-2024-33996 | 1 Moodle | 1 Moodle | 2025-05-30 | N/A | 6.2 MEDIUM |
| Incorrect validation of allowed event types in a calendar web service made it possible for some users to create events with types/audiences they did not have permission to publish to. | |||||
| CVE-2023-30309 | 1 Dlink | 2 Di-7003g, Di-7003g Firmware | 2025-05-30 | N/A | 5.7 MEDIUM |
| An issue discovered in D-Link DI-7003GV2 routers allows attackers to hijack TCP sessions which could lead to a denial of service. | |||||
| CVE-2023-26099 | 1 Telindus | 1 Apsal | 2025-05-30 | N/A | 4.4 MEDIUM |
| An issue was discovered in Telindus Apsal 3.14.2022.235 b. The consultation permission is insecure. | |||||
| CVE-2022-36442 | 1 Zebra | 1 Enterprise Home Screen | 2025-05-30 | N/A | 5.5 MEDIUM |
| An issue was discovered in Zebra Enterprise Home Screen 4.1.19. By using the embedded Google Chrome application, it is possible to install an unauthorized application via a downloaded APK. | |||||
| CVE-2022-36441 | 1 Zebra | 1 Enterprise Home Screen | 2025-05-30 | N/A | 7.1 HIGH |
| An issue was discovered in Zebra Enterprise Home Screen 4.1.19. The Gboard used by different applications can be used to launch and use several other applications that are restricted by the admin. | |||||
| CVE-2022-24447 | 1 Zohocorp | 1 Manageengine Key Manager Plus | 2025-05-30 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Zoho ManageEngine Key Manager Plus before 6200. A service exposed by the application allows a user, with the level Operator, to access stored SSL certificates and associated key pairs during export. | |||||
| CVE-2022-24446 | 1 Zohocorp | 1 Manageengine Key Manager Plus | 2025-05-30 | 3.5 LOW | 4.3 MEDIUM |
| An issue was discovered in Zoho ManageEngine Key Manager Plus 6.1.6. A user, with the level Operator, can see all SSH servers (and user information) even if no SSH server or user is associated to the operator. | |||||
| CVE-2021-44035 | 1 Wolterskluwer | 1 Teammate Audit Management | 2025-05-30 | 6.8 MEDIUM | 4.4 MEDIUM |
| Wolters Kluwer TeamMate AM 12.4 Update 1 mishandles attachment uploads, such that an authenticated user may download and execute malicious files. | |||||
| CVE-2021-42111 | 1 Rcdevs | 1 Openotp Token | 2025-05-30 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in the RCDevs OpenOTP app 1.4.13 and 1.4.14 for iOS. If it is installed on a jailbroken device, it is possible to retrieve the PIN code used to access the application. The IOS app version 1.4.1631262629 resolves this issue by storing a hash PIN code. | |||||
| CVE-2021-42110 | 1 Allegro | 1 Allegro | 2025-05-30 | 6.2 MEDIUM | 7.1 HIGH |
| An issue was discovered in Allegro Windows (formerly Popsy Windows) before 3.3.4156.1. A standard user can escalate privileges to SYSTEM if the FTP module is installed, because of DLL hijacking. | |||||