Total
2183 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-33443 | 1 Besder | 2 Bes--6024pb-i50h1, Videoplaytool | 2025-01-06 | N/A | 9.8 CRITICAL |
| Incorrect access control in the administrative functionalities of BES--6024PB-I50H1 VideoPlayTool v2.0.1.0 allow attackers to execute arbitrary administrative commands via a crafted payload sent to the desired endpoints. | |||||
| CVE-2023-35034 | 1 Atos | 2 Unify Openscape 4000 Assistant, Unify Openscape 4000 Manager | 2025-01-06 | N/A | 9.8 CRITICAL |
| Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 R1.34.8 and Manager V10 R1 before V10 R1.42.0 and V10 R1.34.8 allow remote code execution by unauthenticated users, aka OSFOURK-24033. | |||||
| CVE-2023-25367 | 1 Siglent | 6 Sds1074x-e, Sds1074x-e Firmware, Sds1104x-e and 3 more | 2025-01-03 | N/A | 9.8 CRITICAL |
| Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS allows unfiltered user input resulting in Remote Code Execution (RCE) with SCPI interface or web server. | |||||
| CVE-2022-37968 | 1 Microsoft | 2 Azure Arc-enabled Kubernetes, Azure Stack Edge | 2025-01-02 | N/A | 10.0 CRITICAL |
| Microsoft has identified a vulnerability affecting the cluster connect feature of Azure Arc-enabled Kubernetes clusters. This vulnerability could allow an unauthenticated user to elevate their privileges and potentially gain administrative control over the Kubernetes cluster. Additionally, because Azure Stack Edge allows customers to deploy Kubernetes workloads on their devices via Azure Arc, Azure Stack Edge devices are also vulnerable to this vulnerability. | |||||
| CVE-2022-30136 | 1 Microsoft | 3 Windows Server 2012, Windows Server 2016, Windows Server 2019 | 2025-01-02 | 10.0 HIGH | 9.8 CRITICAL |
| Windows Network File System Remote Code Execution Vulnerability | |||||
| CVE-2022-29130 | 1 Microsoft | 11 Windows 10, Windows 11, Windows 7 and 8 more | 2025-01-02 | 9.3 HIGH | 9.8 CRITICAL |
| Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | |||||
| CVE-2022-26937 | 1 Microsoft | 6 Windows Server, Windows Server 2008, Windows Server 2012 and 3 more | 2025-01-02 | 7.5 HIGH | 9.8 CRITICAL |
| Windows Network File System Remote Code Execution Vulnerability | |||||
| CVE-2022-22012 | 1 Microsoft | 9 Windows 10, Windows 11, Windows 7 and 6 more | 2025-01-02 | 9.3 HIGH | 9.8 CRITICAL |
| Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | |||||
| CVE-2023-35618 | 1 Microsoft | 1 Edge Chromium | 2025-01-01 | N/A | 9.6 CRITICAL |
| Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | |||||
| CVE-2023-36735 | 1 Microsoft | 1 Edge Chromium | 2025-01-01 | N/A | 9.6 CRITICAL |
| Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | |||||
| CVE-2024-38183 | 1 Microsoft | 1 Groupme | 2024-12-31 | N/A | 9.8 CRITICAL |
| An improper access control vulnerability in GroupMe allows an a unauthenticated attacker to elevate privileges over a network. | |||||
| CVE-2023-1329 | 1 Hp | 1914 Laserjet Managed Mfp E62665 3gy14a, Laserjet Managed Mfp E62665 3gy14a Firmware, Laserjet Managed Mfp E62665 3gy15a and 1911 more | 2024-12-31 | N/A | 9.8 CRITICAL |
| A potential security vulnerability has been identified for certain HP multifunction printers (MFPs). The vulnerability may lead to Buffer Overflow and/or Remote Code Execution when running HP Workpath solutions on potentially affected products. | |||||
| CVE-2018-20060 | 2 Fedoraproject, Python | 2 Fedora, Urllib3 | 2024-12-27 | 5.0 MEDIUM | 9.8 CRITICAL |
| urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext. | |||||
| CVE-2023-4860 | 1 Google | 1 Chrome | 2024-12-26 | N/A | 9.6 CRITICAL |
| Inappropriate implementation in Skia in Google Chrome prior to 115.0.5790.98 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2023-7012 | 1 Google | 1 Chrome | 2024-12-26 | N/A | 9.6 CRITICAL |
| Insufficient data validation in Permission Prompts in Google Chrome prior to 117.0.5938.62 allowed an attacker who convinced a user to install a malicious app to potentially perform a sandbox escape via a malicious file. (Chromium security severity: Medium) | |||||
| CVE-2023-49103 | 1 Owncloud | 1 Graph Api | 2024-12-20 | N/A | 10.0 CRITICAL |
| An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment (phpinfo). This information includes all the environment variables of the webserver. In containerized deployments, these environment variables may include sensitive data such as the ownCloud admin password, mail server credentials, and license key. Simply disabling the graphapi app does not eliminate the vulnerability. Additionally, phpinfo exposes various other potentially sensitive configuration details that could be exploited by an attacker to gather information about the system. Therefore, even if ownCloud is not running in a containerized environment, this vulnerability should still be a cause for concern. Note that Docker containers from before February 2023 are not vulnerable to the credential disclosure. | |||||
| CVE-2024-25641 | 2 Cacti, Fedoraproject | 2 Cacti, Fedora | 2024-12-18 | N/A | 9.1 CRITICAL |
| Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, an arbitrary file write vulnerability, exploitable through the "Package Import" feature, allows authenticated users having the "Import Templates" permission to execute arbitrary PHP code on the web server. The vulnerability is located within the `import_package()` function defined into the `/lib/import.php` script. The function blindly trusts the filename and file content provided within the XML data, and writes such files into the Cacti base path (or even outside, since path traversal sequences are not filtered). This can be exploited to write or overwrite arbitrary files on the web server, leading to execution of arbitrary PHP code or other security impacts. Version 1.2.27 contains a patch for this issue. | |||||
| CVE-2021-0945 | 1 Google | 1 Android | 2024-12-18 | N/A | 9.8 CRITICAL |
| In _PMRCreate of the PowerVR kernel driver, a missing bounds check means it is possible to overwrite heap memory via PhysmemNewRamBackedPMR. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2021-0701 | 1 Google | 1 Android | 2024-12-18 | N/A | 9.8 CRITICAL |
| In PVRSRVBridgeSyncPrimOpCreate of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-44241 | 1 Apple | 2 Ipados, Iphone Os | 2024-12-18 | N/A | 9.8 CRITICAL |
| The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.1 and iPadOS 18.1. An attacker may be able to cause unexpected system termination or arbitrary code execution in DCP firmware. | |||||