Total
32129 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-5691 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2025-03-19 | N/A | 4.7 MEDIUM |
| By tricking the browser with a `X-Frame-Options` header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12. | |||||
| CVE-2023-50780 | 1 Apache | 1 Activemq Artemis | 2025-03-19 | N/A | 8.8 HIGH |
| Apache ActiveMQ Artemis allows access to diagnostic information and controls through MBeans, which are also exposed through the authenticated Jolokia endpoint. Before version 2.29.0, this also included the Log4J2 MBean. This MBean is not meant for exposure to non-administrative users. This could eventually allow an authenticated attacker to write arbitrary files to the filesystem and indirectly achieve RCE. Users are recommended to upgrade to version 2.29.0 or later, which fixes the issue. | |||||
| CVE-2023-42957 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-03-19 | N/A | 3.3 LOW |
| A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10. An app may be able to read sensitive location information. | |||||
| CVE-2023-28452 | 1 Coredns.io | 1 Coredns | 2025-03-19 | N/A | 7.5 HIGH |
| An issue was discovered in CoreDNS through 1.10.1. There is a vulnerability in DNS resolving software, which triggers a resolver to ignore valid responses, thus causing denial of service for normal resolution. In an exploit, the attacker could just forge a response targeting the source port of a vulnerable resolver without the need to guess the correct TXID. | |||||
| CVE-2024-40786 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-03-19 | N/A | 7.5 HIGH |
| This issue was addressed through improved state management. This issue is fixed in iOS 17.6 and iPadOS 17.6, iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8. An attacker may be able to view sensitive user information. | |||||
| CVE-2023-42962 | 1 Apple | 2 Ipados, Iphone Os | 2025-03-19 | N/A | 7.5 HIGH |
| This issue was addressed with improved checks This issue is fixed in iOS 17.2 and iPadOS 17.2, iOS 16.7.3 and iPadOS 16.7.3. A remote attacker may be able to cause a denial-of-service. | |||||
| CVE-2023-23458 | 1 Sunellsecurity | 14 Sn-adr3804e1, Sn-adr3804e1 Firmware, Sn-adr3808e1 and 11 more | 2025-03-19 | N/A | 6.5 MEDIUM |
| Sunell DVR, latest version, CWE-200: Exposure of Sensitive Information to an Unauthorized Actor through an unspecified request. | |||||
| CVE-2024-44162 | 1 Apple | 1 Xcode | 2025-03-19 | N/A | 7.8 HIGH |
| This issue was addressed by enabling hardened runtime. This issue is fixed in Xcode 16. A malicious application may gain access to a user's Keychain items. | |||||
| CVE-2024-44135 | 1 Apple | 1 Macos | 2025-03-19 | N/A | 5.5 MEDIUM |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access protected files within an App Sandbox container. | |||||
| CVE-2023-42928 | 1 Apple | 2 Ipad Os, Iphone Os | 2025-03-19 | N/A | 7.8 HIGH |
| The issue was addressed with improved bounds checks. This issue is fixed in iOS 17.1 and iPadOS 17.1. An app may be able to gain elevated privileges. | |||||
| CVE-2025-24124 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2025-03-19 | N/A | 5.5 MEDIUM |
| The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Parsing a file may lead to an unexpected app termination. | |||||
| CVE-2024-54658 | 1 Apple | 7 Ipados, Iphone Os, Macos and 4 more | 2025-03-19 | N/A | 6.5 MEDIUM |
| The issue was addressed with improved memory handling. This issue is fixed in iOS 17.4 and iPadOS 17.4, Safari 17.4, tvOS 17.4, watchOS 10.4, visionOS 1.1, macOS Sonoma 14.4. Processing web content may lead to a denial-of-service. | |||||
| CVE-2024-40852 | 1 Apple | 2 Ipados, Iphone Os | 2025-03-19 | N/A | 5.3 MEDIUM |
| This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 18 and iPadOS 18. An attacker may be able to see recent photos without authentication in Assistive Access. | |||||
| CVE-2024-33880 | 2 Microsoft, Virtosoftware | 2 Sharepoint Server, Sharepoint Bulk File Download | 2025-03-19 | N/A | 5.3 MEDIUM |
| An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. It discloses full pathnames via Virto.SharePoint.FileDownloader/Api/Download.ashx?action=archive. | |||||
| CVE-2024-31315 | 1 Google | 1 Android | 2025-03-19 | N/A | 7.8 HIGH |
| In multiple functions of ManagedServices.java, there is a possible way to hide an app with notification access in the Device & app notifications settings due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | |||||
| CVE-2024-27861 | 1 Apple | 1 Macos | 2025-03-19 | N/A | 5.5 MEDIUM |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15. An application may be able to read restricted memory. | |||||
| CVE-2024-0034 | 1 Google | 1 Android | 2025-03-19 | N/A | 7.8 HIGH |
| In BackgroundLaunchProcessController, there is a possible way to launch arbitrary activity from the background due to BAL Bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-20927 | 1 Google | 1 Android | 2025-03-19 | N/A | 7.8 HIGH |
| In permissions of AndroidManifest.xml, there is a possible way to grant signature permissions due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-244216503 | |||||
| CVE-2022-42455 | 1 Asus | 1 Armoury Crate | 2025-03-19 | N/A | 7.8 HIGH |
| ASUS EC Tool driver (aka d.sys) 1beb15c90dcf7a5234ed077833a0a3e900969b60be1d04fcebce0a9f8994bdbb, as signed by ASUS and shipped with multiple ASUS software products, contains multiple IOCTL handlers that provide raw read and write access to port I/O and MSRs via unprivileged IOCTL calls. Local users can gain privileges. | |||||
| CVE-2022-38935 | 1 Niter | 1 Niterforum | 2025-03-19 | N/A | 8.8 HIGH |
| An issue was discovered in NiterForum version 2.5.0-beta in /src/main/java/cn/niter/forum/api/SsoApi.java and /src/main/java/cn/niter/forum/controller/AdminController.java, allows attackers to gain escalated privileges. | |||||