Total
350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-29753 | 1 Ekatox | 1 Facemoji\ | 2025-01-06 | N/A | 5.5 MEDIUM |
| An issue found in Facemoji Emoji Keyboard v.2.9.1.2 for Android allows a local attacker to cause a denial of service via the SharedPreference files. | |||||
| CVE-2023-27360 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2025-01-03 | N/A | 8.8 HIGH |
| NETGEAR RAX30 lighttpd Misconfiguration Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the lighttpd HTTP server. The issue results from allowing execution of files from untrusted sources. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19398. | |||||
| CVE-2024-55917 | 2024-12-31 | N/A | 7.8 HIGH | ||
| An origin validation error vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2022-21505 | 2024-12-27 | N/A | 6.7 MEDIUM | ||
| In the linux kernel, if IMA appraisal is used with the "ima_appraise=log" boot param, lockdown can be defeated with kexec on any machine when Secure Boot is disabled or unavailable. IMA prevents setting "ima_appraise=log" from the boot param when Secure Boot is enabled, but this does not cover cases where lockdown is used without Secure Boot. CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity, Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). | |||||
| CVE-2024-44212 | 1 Apple | 6 Ipados, Iphone Os, Safari and 3 more | 2024-12-20 | N/A | 5.3 MEDIUM |
| A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18.1, visionOS 2.1, tvOS 18.1, iOS 18.1 and iPadOS 18.1, watchOS 11.1. Cookies belonging to one origin may be sent to another origin. | |||||
| CVE-2022-32144 | 2024-12-20 | N/A | 8.6 HIGH | ||
| There is an insufficient input verification vulnerability in Huawei product. Successful exploitation of this vulnerability may lead to service abnormal. (Vulnerability ID: HWPSIRT-2022-76192) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2022-32144. | |||||
| CVE-2024-54490 | 1 Apple | 1 Macos | 2024-12-19 | N/A | 5.5 MEDIUM |
| This issue was addressed by enabling hardened runtime. This issue is fixed in macOS Sequoia 15.2. A local attacker may gain access to user's Keychain items. | |||||
| CVE-2023-30996 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2024-12-17 | N/A | 5.3 MEDIUM |
| IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 could be vulnerable to information leakage due to unverified sources in messages sent between Windows objects of different origins. IBM X-Force ID: 254290. | |||||
| CVE-2024-2447 | 1 Mattermost | 1 Mattermost Server | 2024-12-13 | N/A | 6.5 MEDIUM |
| Mattermost versions 8.1.x before 8.1.11, 9.3.x before 9.3.3, 9.4.x before 9.4.4, and 9.5.x before 9.5.2 fail to authenticate the source of certain types of post actions, allowing an authenticated attacker to create posts as other users via a crafted post action. | |||||
| CVE-2023-29711 | 1 Interlink | 2 Psg-5124, Psg-5124 Firmware | 2024-12-12 | N/A | 9.8 CRITICAL |
| An incorrect access control issue was discovered in Interlink PSG-5124 version 1.0.4, allows attackers to execute arbitrary code via crafted GET request. | |||||
| CVE-2023-25366 | 1 Siglent | 2 Sds 1104x-e, Sds 1104x-e Firmware | 2024-12-12 | N/A | 9.8 CRITICAL |
| In Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS, insecure SCPI interface discloses web password. | |||||
| CVE-2023-25188 | 1 Nokia | 2 Asika Airscale, Asika Airscale Firmware | 2024-12-12 | N/A | 5.1 MEDIUM |
| An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. If/when CSP (as a BTS administrator) removes security hardenings from the Nokia Single RAN BTS baseband unit, the BTS baseband unit diagnostic tool AaShell (which is by default disabled) allows unauthenticated access from the mobile network solution internal BTS management network to the BTS embedded Linux operating-system level. | |||||
| CVE-2024-0009 | 1 Paloaltonetworks | 1 Pan-os | 2024-12-09 | N/A | 6.3 MEDIUM |
| An improper verification vulnerability in the GlobalProtect gateway feature of Palo Alto Networks PAN-OS software enables a malicious user with stolen credentials to establish a VPN connection from an unauthorized IP address. | |||||
| CVE-2022-46718 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2024-12-05 | N/A | 5.5 MEDIUM |
| A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.7.2 and iPadOS 15.7.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, macOS Monterey 12.6.2. An app may be able to read sensitive location information | |||||
| CVE-2022-42860 | 1 Apple | 1 Macos | 2024-12-05 | N/A | 5.5 MEDIUM |
| This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in macOS Monterey 12.6.1, macOS Big Sur 11.7.1, macOS Ventura 13. An app may be able to modify protected parts of the file system | |||||
| CVE-2023-28191 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2024-12-05 | N/A | 5.5 MEDIUM |
| This issue was addressed with improved redaction of sensitive information. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to bypass Privacy preferences. | |||||
| CVE-2024-45495 | 2024-12-04 | N/A | 4.3 MEDIUM | ||
| MSA FieldServer Gateway 5.0.0 through 6.5.2 allows cross-origin WebSocket hijacking. | |||||
| CVE-2023-32553 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2024-12-04 | N/A | 5.3 MEDIUM |
| An Improper access control vulnerability in Trend Micro Apex One and Apex One as a Service could allow an unauthenticated user under certain circumstances to disclose sensitive information on agents. This is similar to, but not identical to CVE-2023-32552. | |||||
| CVE-2023-32223 | 1 Dlink | 2 Dsl-224, Dsl-224 Firmware | 2024-11-27 | N/A | 8.8 HIGH |
| D-Link DSL-224 firmware version 3.0.10 allows post authentication command execution via an unspecified method. | |||||
| CVE-2021-47157 | 2024-11-25 | N/A | 9.8 CRITICAL | ||
| The Kossy module before 0.60 for Perl allows JSON hijacking because of X-Requested-With mishandling. | |||||