Total
28770 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-27279 | 1 Ibm | 1 Aspera Faspex | 2024-06-04 | 6.5 Medium |
| IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a user to cause a denial of service due to missing API rate limiting. IBM X-Force ID: 248533. | ||||
| CVE-2023-2861 | 1 Qemu | 1 Qemu | 2024-06-04 | 7.1 High |
| A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. The 9pfs server did not prohibit opening special files on the host side, potentially allowing a malicious client to escape from the exported 9p tree by creating and opening a device file in the shared folder. | ||||
| CVE-2022-26581 | 1 Paxtechnology | 2 A930, Paydroid | 2024-06-04 | 6.8 Medium |
| PAX A930 device with PayDroid_7.1.1_Virgo_V04.3.26T1_20210419 can allow an unauthorized attacker to perform privileged actions through the execution of specific binaries listed in ADB daemon. The attacker must have physical USB access to the device in order to exploit this vulnerability. | ||||
| CVE-2022-34381 | 1 Dell | 2 Bsafe Crypto-j, Bsafe Ssl-j | 2024-06-04 | 9.8 Critical |
| Dell BSAFE SSL-J version 7.0 and all versions prior to 6.5, and Dell BSAFE Crypto-J versions prior to 6.2.6.1 contain an unmaintained third-party component vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to the compromise of the impacted system. This is a Critical vulnerability and Dell recommends customers to upgrade at the earliest opportunity. | ||||
| CVE-2019-20923 | 1 Mongodb | 1 Mongodb | 2024-06-04 | 6.5 Medium |
| A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which throw unhandled Javascript exceptions containing types intended to be scoped to the Javascript engine's internals. This issue affects MongoDB Server v4.0 versions prior to 4.0.7. | ||||
| CVE-2024-0408 | 4 Fedoraproject, Redhat, Tigervnc and 1 more | 12 Fedora, Enterprise Linux, Enterprise Linux Desktop and 9 more | 2024-05-29 | 5.5 Medium |
| A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating the buffer, leaving it unlabeled. When the client issues another request to access that resource (as with a GetGeometry) or when it creates another resource that needs to access that buffer, such as a GC, the XSELINUX code will try to use an object that was never labeled and crash because the SID is NULL. | ||||
| CVE-2023-7008 | 2 Debian, Systemd Project | 2 Debian Linux, Systemd | 2024-05-29 | 5.9 Medium |
| A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records. | ||||
| CVE-2021-42292 | 1 Microsoft | 4 365 Apps, Excel, Office and 1 more | 2024-05-29 | 7.8 High |
| Microsoft Excel Security Feature Bypass Vulnerability | ||||
| CVE-2021-42321 | 1 Microsoft | 1 Exchange Server | 2024-05-29 | 8.8 High |
| Microsoft Exchange Server Remote Code Execution Vulnerability | ||||
| CVE-2022-26905 | 1 Microsoft | 1 Edge Chromium | 2024-05-29 | 4.3 Medium |
| Microsoft Edge (Chromium-based) Spoofing Vulnerability | ||||
| CVE-2022-22023 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2024-05-29 | 6.6 Medium |
| Windows Portable Device Enumerator Service Security Feature Bypass Vulnerability | ||||
| CVE-2022-37959 | 1 Microsoft | 4 Windows Server 2012, Windows Server 2016, Windows Server 2019 and 1 more | 2024-05-29 | 6.5 Medium |
| Network Device Enrollment Service (NDES) Security Feature Bypass Vulnerability | ||||
| CVE-2021-46914 | 1 Linux | 1 Linux Kernel | 2024-05-29 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: ixgbe: fix unbalanced device enable/disable in suspend/resume pci_disable_device() called in __ixgbe_shutdown() decreases dev->enable_cnt by 1. pci_enable_device_mem() which increases dev->enable_cnt by 1, was removed from ixgbe_resume() in commit 6f82b2558735 ("ixgbe: use generic power management"). This caused unbalanced increase/decrease. So add pci_enable_device_mem() back. Fix the following call trace. ixgbe 0000:17:00.1: disabling already-disabled device Call Trace: __ixgbe_shutdown+0x10a/0x1e0 [ixgbe] ixgbe_suspend+0x32/0x70 [ixgbe] pci_pm_suspend+0x87/0x160 ? pci_pm_freeze+0xd0/0xd0 dpm_run_callback+0x42/0x170 __device_suspend+0x114/0x460 async_suspend+0x1f/0xa0 async_run_entry_fn+0x3c/0xf0 process_one_work+0x1dd/0x410 worker_thread+0x34/0x3f0 ? cancel_delayed_work+0x90/0x90 kthread+0x14c/0x170 ? kthread_park+0x90/0x90 ret_from_fork+0x1f/0x30 | ||||
| CVE-2014-5122 | 1 Esri | 1 Arcgis Server | 2024-05-21 | N/A |
| Open redirect vulnerability in ESRI ArcGIS for Server 10.1.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter, related to login. | ||||
| CVE-2024-2814 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2024-05-17 | 9.8 Critical |
| A vulnerability was found in Tenda AC15 15.03.20_multi. It has been rated as critical. This issue affects the function fromDhcpListClient of the file /goform/DhcpListClient. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257669 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-22362 | 1 Drupal | 1 Drupal | 2024-05-17 | 7.5 High |
| Drupal contains a vulnerability with improper handling of structural elements. If this vulnerability is exploited, an attacker may be able to cause a denial-of-service (DoS) condition. | ||||
| CVE-2024-1011 | 1 Employee Management System Project | 1 Employee Management System | 2024-05-17 | 8.8 High |
| A vulnerability classified as problematic was found in SourceCodester Employee Management System 1.0. This vulnerability affects unknown code of the file delete-leave.php of the component Leave Handler. The manipulation of the argument id leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252280. | ||||
| CVE-2023-7226 | 1 Meiyou | 1 Big Whale | 2024-05-17 | 6.5 Medium |
| A vulnerability was found in meetyoucrop big-whale 1.1 and classified as critical. Affected by this issue is some unknown functionality of the file /auth/user/all.api of the component Admin Module. The manipulation of the argument id leads to improper ownership management. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250232. | ||||
| CVE-2023-7193 | 1 Mtab | 1 Bookmark | 2024-05-17 | 8.1 High |
| A vulnerability was found in MTab Bookmark up to 1.2.6 and classified as critical. This issue affects some unknown processing of the file public/install.php of the component Installation. The manipulation leads to improper access controls. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249395. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-7025 | 1 Kylinos | 1 Hedron-domain-hook | 2024-05-17 | 7.8 High |
| A vulnerability was found in KylinSoft hedron-domain-hook up to 3.8.0.12-0k0.5. It has been declared as critical. This vulnerability affects the function init_kcm of the component DBus Handler. The manipulation leads to improper access controls. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. VDB-248578 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||