Export limit exceeded: 10276 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10276 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-20566 | 1 Google | 1 Android | 2025-04-21 | 7.8 High |
| In l2cap_chan_put of l2cap_core, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-165329981References: Upstream kernel | ||||
| CVE-2022-20562 | 1 Google | 1 Android | 2025-04-21 | 3.3 Low |
| In various functions of ap_input_processor.c, there is a possible way to record audio during a phone call due to a logic error in the code. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-231630423References: N/A | ||||
| CVE-2022-20199 | 1 Google | 1 Android | 2025-04-21 | 5.5 Medium |
| In multiple locations of NfcService.java, there is a possible disclosure of NFC tags due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-199291025 | ||||
| CVE-2021-22569 | 3 Google, Oracle, Redhat | 14 Google-protobuf, Protobuf-java, Protobuf-kotlin and 11 more | 2025-04-21 | 7.5 High |
| An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order. A small malicious payload can occupy the parser for several minutes by creating large numbers of short-lived objects that cause frequent, repeated pauses. We recommend upgrading libraries beyond the vulnerable versions. | ||||
| CVE-2021-22572 | 1 Google | 1 Data Transfer Project | 2025-04-21 | 5.5 Medium |
| On unix-like systems, the system temporary directory is shared between all users on that system. The root cause is File.createTempFile creates files in the the system temporary directory with world readable permissions. Any sensitive information written to theses files is visible to all other local users on unix-like systems. We recommend upgrading past commit https://github.com/google/data-transfer-project/pull/969 | ||||
| CVE-2022-40150 | 3 Debian, Jettison Project, Redhat | 11 Debian Linux, Jettison, Amq Streams and 8 more | 2025-04-21 | 6.5 Medium |
| Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by Out of memory. This effect may support a denial of service attack. | ||||
| CVE-2022-46144 | 1 Siemens | 12 6gk5622-2gs00-2ac2, 6gk5622-2gs00-2ac2 Firmware, 6gk5626-2gs00-2ac2 and 9 more | 2025-04-21 | 6.5 Medium |
| A vulnerability has been identified in SCALANCE SC622-2C (6GK5622-2GS00-2AC2) (All versions < V2.3), SCALANCE SC622-2C (6GK5622-2GS00-2AC2) (All versions >= V2.3 < V3.0), SCALANCE SC626-2C (6GK5626-2GS00-2AC2) (All versions < V2.3), SCALANCE SC626-2C (6GK5626-2GS00-2AC2) (All versions >= V2.3 < V3.0), SCALANCE SC632-2C (6GK5632-2GS00-2AC2) (All versions < V2.3), SCALANCE SC632-2C (6GK5632-2GS00-2AC2) (All versions >= V2.3 < V3.0), SCALANCE SC636-2C (6GK5636-2GS00-2AC2) (All versions < V2.3), SCALANCE SC636-2C (6GK5636-2GS00-2AC2) (All versions >= V2.3 < V3.0), SCALANCE SC642-2C (6GK5642-2GS00-2AC2) (All versions < V2.3), SCALANCE SC642-2C (6GK5642-2GS00-2AC2) (All versions >= V2.3 < V3.0), SCALANCE SC646-2C (6GK5646-2GS00-2AC2) (All versions < V2.3), SCALANCE SC646-2C (6GK5646-2GS00-2AC2) (All versions >= V2.3 < V3.0), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0) (All versions < V2.0.0), SCALANCE WAM766-1 (6GK5766-1GE00-7DA0) (All versions < V2.0.0), SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0) (All versions < V2.0.0), SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0) (All versions < V2.0.0), SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0) (All versions < V2.0.0), SCALANCE WUM763-1 (6GK5763-1AL00-3AA0) (All versions < V2.0.0), SCALANCE WUM763-1 (6GK5763-1AL00-3DA0) (All versions < V2.0.0), SCALANCE WUM766-1 (6GK5766-1GE00-3DA0) (All versions < V2.0.0), SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0) (All versions < V2.0.0). Affected devices do not properly process CLI commands after a user forcefully quitted the SSH connection. This could allow an authenticated attacker to make the CLI via SSH or serial interface irresponsive. | ||||
| CVE-2017-7508 | 1 Openvpn | 1 Openvpn | 2025-04-20 | N/A |
| OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service when receiving malformed IPv6 packet. | ||||
| CVE-2017-6872 | 1 Siemens | 4 Ozw672, Ozw672 Firmware, Ozw772 and 1 more | 2025-04-20 | N/A |
| A vulnerability was discovered in Siemens OZW672 (all versions) and OZW772 (all versions) that could allow an attacker with access to port 21/tcp to access or alter historical measurement data stored on the device. | ||||
| CVE-2017-7615 | 1 Mantisbt | 1 Mantisbt | 2025-04-20 | 8.8 High |
| MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirm_hash value to verify.php. | ||||
| CVE-2016-10003 | 1 Squid-cache | 1 Squid | 2025-04-20 | 7.5 High |
| Incorrect HTTP Request header comparison in Squid HTTP Proxy 3.5.0.1 through 3.5.22, and 4.0.1 through 4.0.16 results in Collapsed Forwarding feature mistakenly identifying some private responses as being suitable for delivery to multiple clients. | ||||
| CVE-2017-3889 | 1 Cisco | 1 Registered Envelope Service | 2025-04-20 | N/A |
| A vulnerability in the web interface of the Cisco Registered Envelope Service could allow an unauthenticated, remote attacker to redirect a user to a undesired web page, aka an Open Redirect. This vulnerability affects the Cisco Registered Envelope cloud-based service. More Information: CSCvc60123. Known Affected Releases: 5.1.0-015. | ||||
| CVE-2017-7731 | 1 Fortinet | 1 Fortiportal | 2025-04-20 | N/A |
| A weak password recovery vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows attacker to carry out information disclosure via the Forgotten Password feature. | ||||
| CVE-2017-15211 | 1 Kanboard | 1 Kanboard | 2025-04-20 | N/A |
| In Kanboard before 1.0.47, by altering form data, an authenticated user can add an external link to a private project of another user. | ||||
| CVE-2017-7909 | 1 Advantech B\+b Smartworx | 2 Mesr901, Mesr901 Firmware | 2025-04-20 | N/A |
| A Use of Client-Side Authentication issue was discovered in Advantech B+B SmartWorx MESR901 firmware versions 1.5.2 and prior. The web interface uses JavaScript to check client authentication and redirect unauthorized users. Attackers may intercept requests and bypass authentication to access restricted web pages. | ||||
| CVE-2017-8161 | 1 Huawei | 1 Eva-l09 | 2025-04-20 | N/A |
| EVA-L09 smartphones with software Earlier than EVA-L09C25B150CUSTC25D003 versions,Earlier than EVA-L09C440B140 versions,Earlier than EVA-L09C464B361 versions,Earlier than EVA-L09C675B320CUSTC675D004 versions have Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the Swype and can perform some operations to update the Google account. As a result, the FRP function is bypassed. | ||||
| CVE-2017-5992 | 1 Python | 1 Openpyxl | 2025-04-20 | N/A |
| Openpyxl 2.4.1 resolves external entities by default, which allows remote attackers to conduct XXE attacks via a crafted .xlsx document. | ||||
| CVE-2017-16761 | 1 Inedo | 1 Buildmaster | 2025-04-20 | N/A |
| An Open Redirect vulnerability in Inedo BuildMaster before 5.8.2 allows remote attackers to redirect users to arbitrary web sites. | ||||
| CVE-2017-1000061 | 2 Redhat, Xmlsec Project | 2 Enterprise Linux, Xmlsec | 2025-04-20 | N/A |
| xmlsec 1.2.23 and before is vulnerable to XML External Entity Expansion when parsing crafted input documents, resulting in possible information disclosure or denial of service | ||||
| CVE-2017-7506 | 2 Redhat, Spice Project | 2 Enterprise Linux, Spice | 2025-04-20 | N/A |
| spice versions though 0.13 are vulnerable to out-of-bounds memory access when processing specially crafted messages from authenticated attacker to the spice server resulting into crash and/or server memory leak. | ||||