Total
32129 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-9412 | 1 Google | 1 Android | 2025-03-19 | N/A | 5.5 MEDIUM |
| In removeUnsynchronization of ID3.cpp there is a possible resource exhaustion due to improper input validation. This could lead to denial of service with no additional execution privileges needed. User interaction is needed for exploitation. | |||||
| CVE-2024-7974 | 1 Google | 1 Chrome | 2025-03-19 | N/A | 8.8 HIGH |
| Insufficient data validation in V8 API in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Medium) | |||||
| CVE-2023-25765 | 1 Jenkins | 1 Email Extension | 2025-03-19 | N/A | 9.9 CRITICAL |
| In Jenkins Email Extension Plugin 2.93 and earlier, templates defined inside a folder were not subject to Script Security protection, allowing attackers able to define email templates in folders to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM. | |||||
| CVE-2024-26809 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-03-19 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: release elements in clone only from destroy path Clone already always provides a current view of the lookup table, use it to destroy the set, otherwise it is possible to destroy elements twice. This fix requires: 212ed75dc5fb ("netfilter: nf_tables: integrate pipapo into commit protocol") which came after: 9827a0e6e23b ("netfilter: nft_set_pipapo: release elements in clone from abort path"). | |||||
| CVE-2024-8399 | 1 Mozilla | 1 Firefox Focus | 2025-03-19 | N/A | 4.7 MEDIUM |
| Websites could utilize Javascript links to spoof URL addresses in the Focus navigation bar This vulnerability affects Focus for iOS < 130. | |||||
| CVE-2024-7531 | 1 Mozilla | 2 Firefox, Firefox Esr | 2025-03-19 | N/A | 6.5 MEDIUM |
| Calling `PK11_Encrypt()` in NSS using CKM_CHACHA20 and the same buffer for input and output can result in plaintext on an Intel Sandy Bridge processor. In Firefox this only affects the QUIC header protection feature when the connection is using the ChaCha20-Poly1305 cipher suite. The most likely outcome is connection failure, but if the connection persists despite the high packet loss it could be possible for a network observer to identify packets as coming from the same source despite a network path change. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, and Firefox ESR < 128.1. | |||||
| CVE-2024-7001 | 1 Google | 1 Chrome | 2025-03-19 | N/A | 4.3 MEDIUM |
| Inappropriate implementation in HTML in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2024-5652 | 1 Docker | 1 Desktop | 2025-03-19 | N/A | 6.1 MEDIUM |
| In Docker Desktop on Windows before v4.31.0 allows a user in the docker-users group to cause a Windows Denial-of-Service through the exec-path Docker daemon config option in Windows containers mode. | |||||
| CVE-2024-42397 | 1 Hp | 1 Instantos | 2025-03-19 | N/A | 5.3 MEDIUM |
| Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Certificate Management daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point. | |||||
| CVE-2024-42031 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-19 | N/A | 7.5 HIGH |
| Access permission verification vulnerability in the Settings module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2024-23276 | 1 Apple | 1 Macos | 2025-03-19 | N/A | 7.8 HIGH |
| A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to elevate privileges. | |||||
| CVE-2023-40396 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-03-19 | N/A | 7.8 HIGH |
| The issue was addressed with improved memory handling. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10, tvOS 17. An app may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2023-30456 | 1 Linux | 1 Linux Kernel | 2025-03-19 | N/A | 6.5 MEDIUM |
| An issue was discovered in arch/x86/kvm/vmx/nested.c in the Linux kernel before 6.2.8. nVMX on x86_64 lacks consistency checks for CR0 and CR4. | |||||
| CVE-2023-25011 | 1 Nec | 1 Pc Settings Tool | 2025-03-19 | N/A | 7.8 HIGH |
| PC settings tool Ver10.1.26.0 and earlier, PC settings tool Ver11.0.22.0 and earlier allows a attacker to write to the registry as administrator privileges with standard user privileges. | |||||
| CVE-2023-23464 | 1 Mediacp | 1 Media Control Panel | 2025-03-19 | N/A | 8.1 HIGH |
| Media CP Media Control Panel latest version. A Permissive Flash Cross-domain Policy may allow information disclosure. | |||||
| CVE-2025-1945 | 1 Mmaitre314 | 1 Picklescan | 2025-03-19 | N/A | 9.8 CRITICAL |
| picklescan before 0.0.23 fails to detect malicious pickle files inside PyTorch model archives when certain ZIP file flag bits are modified. By flipping specific bits in the ZIP file headers, an attacker can embed malicious pickle files that remain undetected by PickleScan while still being successfully loaded by PyTorch's torch.load(). This can lead to arbitrary code execution when loading a compromised model. | |||||
| CVE-2025-1944 | 1 Mmaitre314 | 1 Picklescan | 2025-03-19 | N/A | 6.5 MEDIUM |
| picklescan before 0.0.23 is vulnerable to a ZIP archive manipulation attack that causes it to crash when attempting to extract and scan PyTorch model archives. By modifying the filename in the ZIP header while keeping the original filename in the directory listing, an attacker can make PickleScan raise a BadZipFile error. However, PyTorch's more forgiving ZIP implementation still allows the model to be loaded, enabling malicious payloads to bypass detection. | |||||
| CVE-2024-54523 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-03-19 | N/A | 6.3 MEDIUM |
| The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.2, watchOS 11.2, tvOS 18.2, iOS 18.2 and iPadOS 18.2. An app may be able to corrupt coprocessor memory. | |||||
| CVE-2024-44158 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-03-19 | N/A | 5.5 MEDIUM |
| This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 17.7 and iPadOS 17.7, macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. A shortcut may output sensitive user data without consent. | |||||
| CVE-2024-40767 | 1 Openstack | 1 Nova | 2025-03-19 | N/A | 6.5 MEDIUM |
| In OpenStack Nova before 27.4.1, 28 before 28.2.1, and 29 before 29.1.1, by supplying a raw format image that is actually a crafted QCOW2 image with a backing file path or VMDK flat image with a descriptor file path, an authenticated user may convince systems to return a copy of the referenced file's contents from the server, resulting in unauthorized access to potentially sensitive data. All Nova deployments are affected. NOTE: this issue exists because of an incomplete fix for CVE-2022-47951 and CVE-2024-32498. | |||||