Total
29717 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-43505 | 1 Intel | 1812 Atom C3308, Atom C3308 Firmware, Atom C3336 and 1809 more | 2025-02-13 | 4.1 Medium |
| Insufficient control flow management in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable denial of service via local access. | ||||
| CVE-2022-41804 | 4 Debian, Fedoraproject, Intel and 1 more | 383 Debian Linux, Fedora, Xeon Bronze 3408u and 380 more | 2025-02-13 | 7.2 High |
| Unauthorized error injection in Intel(R) SGX or Intel(R) TDX for some Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-41715 | 2 Golang, Redhat | 24 Go, Acm, Ceph Storage and 21 more | 2025-02-13 | 7.5 High |
| Programs which compile regular expressions from untrusted sources may be vulnerable to memory exhaustion or denial of service. The parsed regexp representation is linear in the size of the input, but in some cases the constant factor can be as high as 40,000, making relatively small regexps consume much larger amounts of memory. After fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Normal use of regular expressions is unaffected. | ||||
| CVE-2022-40964 | 4 Debian, Fedoraproject, Intel and 1 more | 20 Debian Linux, Fedora, Killer and 17 more | 2025-02-13 | 7.9 High |
| Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-37343 | 1 Intel | 228 Atom C3308, Atom C3308 Firmware, Atom C3336 and 225 more | 2025-02-13 | 7.2 High |
| Improper access control in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-3697 | 1 Redhat | 2 Ansible, Ansible Collection | 2025-02-13 | 7.5 High |
| A flaw was found in Ansible in the amazon.aws collection when using the tower_callback parameter from the amazon.aws.ec2_instance module. This flaw allows an attacker to take advantage of this issue as the module is handling the parameter insecurely, leading to the password leaking in the logs. | ||||
| CVE-2022-27635 | 4 Debian, Fedoraproject, Intel and 1 more | 20 Debian Linux, Fedora, Killer and 17 more | 2025-02-13 | 8.2 High |
| Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-23541 | 2 Auth0, Redhat | 2 Jsonwebtoken, Openshift Data Foundation | 2025-02-13 | 5 Medium |
| jsonwebtoken is an implementation of JSON Web Tokens. Versions `<= 8.5.1` of `jsonwebtoken` library can be misconfigured so that passing a poorly implemented key retrieval function referring to the `secretOrPublicKey` argument from the readme link will result in incorrect verification of tokens. There is a possibility of using a different algorithm and key combination in verification, other than the one that was used to sign the tokens. Specifically, tokens signed with an asymmetric public key could be verified with a symmetric HS256 algorithm. This can lead to successful validation of forged tokens. If your application is supporting usage of both symmetric key and asymmetric key in jwt.verify() implementation with the same key retrieval function. This issue has been patched, please update to version 9.0.0. | ||||
| CVE-2022-21216 | 2 Intel, Redhat | 134 Atom C5310, Atom C5310 Firmware, Atom C5315 and 131 more | 2025-02-13 | 7.5 High |
| Insufficient granularity of access control in out-of-band management in some Intel(R) Atom and Intel Xeon Scalable Processors may allow a privileged user to potentially enable escalation of privilege via adjacent network access. | ||||
| CVE-2022-0530 | 5 Apple, Debian, Fedoraproject and 2 more | 6 Mac Os X, Macos, Debian Linux and 3 more | 2025-02-13 | 5.5 Medium |
| A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution. | ||||
| CVE-2021-27906 | 4 Apache, Fedoraproject, Oracle and 1 more | 21 Pdfbox, Fedora, Banking Corporate Lending Process Management and 18 more | 2025-02-13 | 5.5 Medium |
| A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions. | ||||
| CVE-2021-26559 | 1 Apache | 1 Airflow | 2025-02-13 | 6.5 Medium |
| Improper Access Control on Configurations Endpoint for the Stable API of Apache Airflow allows users with Viewer or User role to get Airflow Configurations including sensitive information even when `[webserver] expose_config` is set to `False` in `airflow.cfg`. This allowed a privilege escalation attack. This issue affects Apache Airflow 2.0.0. | ||||
| CVE-2021-26118 | 3 Apache, Netapp, Redhat | 3 Activemq Artemis, Oncommand Workflow Automation, Amq Broker | 2025-02-13 | 7.5 High |
| While investigating ARTEMIS-2964 it was found that the creation of advisory messages in the OpenWire protocol head of Apache ActiveMQ Artemis 2.15.0 bypassed policy based access control for the entire session. Production of advisory messages was not subject to access control in error. | ||||
| CVE-2019-3811 | 4 Debian, Fedoraproject, Opensuse and 1 more | 5 Debian Linux, Fedora, Sssd and 2 more | 2025-02-13 | 5.2 Medium |
| A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return '/' (the root directory) instead of '' (the empty string / no home directory). This could impact services that restrict the user's filesystem access to within their home directory through chroot() etc. All versions before 2.1 are vulnerable. | ||||
| CVE-2019-14866 | 2 Gnu, Redhat | 4 Cpio, Enterprise Linux, Openshift Do and 1 more | 2025-02-13 | 7.3 High |
| In all versions of cpio before 2.13 does not properly validate input files when generating TAR archives. When cpio is used to create TAR archives from paths an attacker can write to, the resulting archive may contain files with permissions the attacker did not have or in paths he did not have access to. Extracting those archives from a high-privilege user without carefully reviewing them may lead to the compromise of the system. | ||||
| CVE-2024-36788 | 1 Netgear | 2 Wnr614, Wnr614 Firmware | 2025-02-13 | 5.9 Medium |
| Netgear WNR614 JNR1010V2 N300-V1.1.0.54_1.0.1 does not properly set the HTTPOnly flag for cookies. This allows attackers to possibly intercept and access sensitive communications between the router and connected devices. | ||||
| CVE-2025-20893 | 1 Samsung | 1 Android | 2025-02-12 | 5.1 Medium |
| Improper access control in NotificationManager prior to SMR Jan-2025 Release 1 allows local attackers to change the configuration of notifications. | ||||
| CVE-2024-13545 | 1 G5plus | 1 Ultimate Bootstrap Elements For Elementor | 2025-02-12 | 9.8 Critical |
| The Bootstrap Ultimate theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.4.9 via the path parameter. This makes it possible for unauthenticated attackers to include PHP files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where PHP files can be uploaded and included. If php://filter is enabled on the server, this issue may directly lead to Remote Code Execution. | ||||
| CVE-2022-43635 | 1 Tp-link | 2 Tl-wr940n, Tl-wr940n Firmware | 2025-02-12 | 6.5 Medium |
| This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR940N 6_211111 3.20.1(US) routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the incorrect implementation of the authentication algorithm. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-17332. | ||||
| CVE-2023-30450 | 1 Redpanda | 1 Redpanda | 2025-02-12 | 4.3 Medium |
| rpk in Redpanda before 23.1.2 mishandles the redpanda.rpc_server_tls field, leading to (for example) situations in which there is a data type mismatch that cannot be automatically fixed by rpk, and instead a user must reconfigure (while a cluster is turned off) in order to have TLS on broker RPC ports. NOTE: the fix was also backported to the 22.2 and 22.3 branches. | ||||