Total
32218 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-21361 | 1 Microsoft | 2 Office, Outlook | 2025-01-17 | N/A | 7.8 HIGH |
| Microsoft Outlook Remote Code Execution Vulnerability | |||||
| CVE-2024-21409 | 1 Microsoft | 16 .net, .net Framework, Powershell and 13 more | 2025-01-17 | N/A | 7.3 HIGH |
| .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability | |||||
| CVE-2023-28390 | 1 Icom | 4 Sr-7100vn, Sr-7100vn\#31, Sr-7100vn\#31 Firmware and 1 more | 2025-01-17 | N/A | 6.8 MEDIUM |
| Privilege escalation vulnerability in SR-7100VN firmware Ver.1.38(N) and earlier and SR-7100VN #31 firmware Ver.1.21 and earlier allows a network-adjacent attacker with administrative privilege of the affected product to obtain an administrative privilege of the OS (Operating System). As a result, an arbitrary OS command may be executed. | |||||
| CVE-2023-52712 | 1 Huawei | 2 Curiem-wfg9b, Curiem-wfg9b Firmware | 2025-01-17 | N/A | 7.8 HIGH |
| Various Issues Due To Exposed SMI Handler in AmdPspP2CmboxV2. The first issue can be leveraged to bypass the protections that have been put in place by previous UEFI phases to prevent direct access to the SPI flash. The second issue can be used to both leak and corrupt SMM memory, thus potentially leading code execution in SMM | |||||
| CVE-2024-54101 | 1 Huawei | 2 Emui, Harmonyos | 2025-01-17 | N/A | 6.2 MEDIUM |
| Denial of service (DoS) vulnerability in the installation module Impact: Successful exploitation of this vulnerability will affect availability. | |||||
| CVE-2023-25915 | 1 Danfoss | 2 Ak-sm 800a, Ak-sm 800a Firmware | 2025-01-17 | N/A | 9.9 CRITICAL |
| Due to improper input validation, an authenticated remote attacker could execute arbitrary commands on the target system. | |||||
| CVE-2023-31994 | 1 Hanwhavision | 860 Ane-l6012r, Ane-l6012r Firmware, Ane-l7012r and 857 more | 2025-01-17 | N/A | 5.3 MEDIUM |
| Certain Hanwha products are vulnerable to Denial of Service (DoS). ck vector is: When an empty UDP packet is sent to the listening service, the service thread results in a non-functional service (DoS) via WS Discovery and Hanwha proprietary discovery services. This affects IP Camera ANE-L7012R 1.41.01 and IP Camera XNV-9082R 2.10.02. | |||||
| CVE-2024-1638 | 1 Zephyrproject | 1 Zephyr | 2025-01-17 | N/A | 8.2 HIGH |
| The documentation specifies that the BT_GATT_PERM_READ_LESC and BT_GATT_PERM_WRITE_LESC defines for a Bluetooth characteristic: Attribute read/write permission with LE Secure Connection encryption. If set, requires that LE Secure Connections is used for read/write access, however this is only true when it is combined with other permissions, namely BT_GATT_PERM_READ_ENCRYPT/BT_GATT_PERM_READ_AUTHEN (for read) or BT_GATT_PERM_WRITE_ENCRYPT/BT_GATT_PERM_WRITE_AUTHEN (for write), if these additional permissions are not set (even in secure connections only mode) then the stack does not perform any permission checks on these characteristics and they can be freely written/read. | |||||
| CVE-2023-28015 | 1 Hcl | 1 Domino Appdev Pack | 2025-01-17 | N/A | 5.3 MEDIUM |
| The HCL Domino AppDev Pack IAM service is susceptible to a User Account Enumeration vulnerability. During a failed login attempt a difference in messages could allow an attacker to determine if the user is valid or not. The attacker could use this information to focus a brute force attack on valid users. | |||||
| CVE-2022-24806 | 4 Debian, Fedoraproject, Net-snmp and 1 more | 15 Debian Linux, Fedora, Net-snmp and 12 more | 2025-01-17 | N/A | 6.5 MEDIUM |
| net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can exploit an Improper Input Validation vulnerability when SETing malformed OIDs in master agent and subagent simultaneously. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range. | |||||
| CVE-2024-30055 | 1 Microsoft | 1 Edge Chromium | 2025-01-17 | N/A | 5.4 MEDIUM |
| Microsoft Edge (Chromium-based) Spoofing Vulnerability | |||||
| CVE-2024-29991 | 1 Microsoft | 1 Edge Chromium | 2025-01-17 | N/A | 5.0 MEDIUM |
| Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | |||||
| CVE-2024-29987 | 1 Microsoft | 1 Edge Chromium | 2025-01-17 | N/A | 6.5 MEDIUM |
| Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | |||||
| CVE-2024-29986 | 2 Google, Microsoft | 2 Android, Edge Chromium | 2025-01-17 | N/A | 5.4 MEDIUM |
| Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability | |||||
| CVE-2025-21405 | 1 Microsoft | 1 Visual Studio 2022 | 2025-01-17 | N/A | 7.3 HIGH |
| Visual Studio Elevation of Privilege Vulnerability | |||||
| CVE-2025-21393 | 1 Microsoft | 1 Sharepoint Server | 2025-01-17 | N/A | 6.3 MEDIUM |
| Microsoft SharePoint Server Spoofing Vulnerability | |||||
| CVE-2025-21389 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-01-17 | N/A | 7.5 HIGH |
| Windows upnphost.dll Denial of Service Vulnerability | |||||
| CVE-2025-21378 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-01-17 | N/A | 7.8 HIGH |
| Windows CSC Service Elevation of Privilege Vulnerability | |||||
| CVE-2025-21382 | 1 Microsoft | 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more | 2025-01-17 | N/A | 7.8 HIGH |
| Windows Graphics Component Elevation of Privilege Vulnerability | |||||
| CVE-2024-28235 | 1 Contao | 1 Contao | 2025-01-17 | N/A | 8.3 HIGH |
| Contao is an open source content management system. Starting in version 4.9.0 and prior to versions 4.13.40 and 5.3.4, when checking for broken links on protected pages, Contao sends the cookie header to external urls as well, the passed options for the http client are used for all requests. Contao versions 4.13.40 and 5.3.4 have a patch for this issue. As a workaround, disable crawling protected pages. | |||||