Total
609 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-8171 | 1 Huawei | 2 P10 Plus, P10 Plus Firmware | 2025-04-20 | 4.9 MEDIUM | 4.6 MEDIUM |
| Huawei smart phones with software earlier than Vicky-AL00AC00B172D versions have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the Talkback mode and can perform some operations to bypass the Google account verification. As a result, the FRP function is bypassed. | |||||
| CVE-2017-0215 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2025-04-20 | 4.6 MEDIUM | 5.3 MEDIUM |
| Microsoft Windows 10 1607 and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This CVE ID is unique from CVE-2017-0173, CVE-2017-0216, CVE-2017-0218, and CVE-2017-0219. | |||||
| CVE-2017-11382 | 1 Trendmicro | 1 Deep Discovery Email Inspector | 2025-04-20 | 6.4 MEDIUM | 7.5 HIGH |
| Denial of Service vulnerability in Trend Micro Deep Discovery Email Inspector 2.5.1 allows remote attackers to delete arbitrary files on vulnerable installations, thus disabling the service. Formerly ZDI-CAN-4350. | |||||
| CVE-2017-6100 | 1 Tcpdf Project | 1 Tcpdf | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| tcpdf before 6.2.0 uploads files from the server generating PDF-files to an external FTP. | |||||
| CVE-2017-8185 | 1 Huawei | 2 Me906s-158, Me906s-158 Firmware | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
| ME906s-158 earlier than ME906S_Installer_13.1805.10.3 versions has a privilege elevation vulnerability. An attacker could exploit this vulnerability to modify the configuration information containing malicious files and trick users into executing the files, resulting in the execution of arbitrary code. | |||||
| CVE-2017-8161 | 1 Huawei | 1 Eva-l09 | 2025-04-20 | 4.9 MEDIUM | 4.6 MEDIUM |
| EVA-L09 smartphones with software Earlier than EVA-L09C25B150CUSTC25D003 versions,Earlier than EVA-L09C440B140 versions,Earlier than EVA-L09C464B361 versions,Earlier than EVA-L09C675B320CUSTC675D004 versions have Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the Swype and can perform some operations to update the Google account. As a result, the FRP function is bypassed. | |||||
| CVE-2017-5648 | 1 Apache | 1 Tomcat | 2025-04-20 | 6.4 MEDIUM | 9.1 CRITICAL |
| While investigating bug 60718, it was noticed that some calls to application listeners in Apache Tomcat 9.0.0.M1 to 9.0.0.M17, 8.5.0 to 8.5.11, 8.0.0.RC1 to 8.0.41, and 7.0.0 to 7.0.75 did not use the appropriate facade object. When running an untrusted application under a SecurityManager, it was therefore possible for that untrusted application to retain a reference to the request or response object and thereby access and/or modify information associated with another web application. | |||||
| CVE-2025-3651 | 2025-04-17 | N/A | N/A | ||
| Improper Verification of Source of a Communication Channel in Work Desktop for Mac versions 10.8.1.46 and earlier allows attackers to execute arbitrary commands via unauthorized access to the Agent service. This has been remediated in Work Desktop for Mac version 10.8.2.33. | |||||
| CVE-2023-38994 | 1 Univention | 1 Univention Corporate Server | 2025-04-15 | N/A | 7.9 HIGH |
| The 'check_univention_joinstatus' prometheus monitoring script (and other scripts) in UCS 5.0-5 revealed the LDAP plaintext password of the machine account in the process list allowing attackers with local ssh access to gain higher privileges and perform followup attacks. By default, the configuration of UCS does not allow local ssh access for regular users. | |||||
| CVE-2025-32428 | 2025-04-15 | N/A | N/A | ||
| Jupyter Remote Desktop Proxy allows you to run a Linux Desktop on a JupyterHub. jupyter-remote-desktop-proxy was meant to rely on UNIX sockets readable only by the current user since version 3.0.0, but when used with TigerVNC, the VNC server started by jupyter-remote-desktop-proxy were still accessible via the network. This vulnerability does not affect users having TurboVNC as the vncserver executable. This issue is fixed in 3.0.1. | |||||
| CVE-2016-5787 | 1 Ge | 1 Cimplicity | 2025-04-12 | 4.6 MEDIUM | 6.3 MEDIUM |
| General Electric (GE) Digital Proficy HMI/SCADA - CIMPLICITY before 8.2 SIM 27 mishandles service DACLs, which allows local users to modify a service configuration via unspecified vectors. | |||||
| CVE-2016-5334 | 1 Vmware | 2 Identity Manager, Vrealize Automation | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| VMware Identity Manager 2.x before 2.7.1 and vRealize Automation 7.x before 7.2.0 allow remote attackers to read /SAAS/WEB-INF and /SAAS/META-INF files via unspecified vectors. | |||||
| CVE-2015-10004 | 1 Json Web Token Project | 1 Json Web Token | 2025-04-11 | N/A | 7.5 HIGH |
| Token validation methods are susceptible to a timing side-channel during HMAC comparison. With a large enough number of requests over a low latency connection, an attacker may use this to determine the expected HMAC. | |||||
| CVE-2022-48198 | 2 Ntpd Driver Project, Openrobotics | 2 Ntpd Driver, Robot Operating System | 2025-04-11 | N/A | 9.8 CRITICAL |
| The ntpd_driver component before 1.3.0 and 2.x before 2.2.0 for Robot Operating System (ROS) allows attackers, who control the source code of a different node in the same ROS application, to change a robot's behavior. This occurs because a topic name depends on the attacker-controlled time_ref_topic parameter. | |||||
| CVE-2012-1846 | 1 Google | 1 Chrome | 2025-04-11 | 10.0 HIGH | N/A |
| Google Chrome 17.0.963.66 and earlier allows remote attackers to bypass the sandbox protection mechanism by leveraging access to a sandboxed process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012. NOTE: the primary affected product may be clarified later; it was not identified by the researcher, who reportedly stated "it really doesn't matter if it's third-party code." | |||||
| CVE-2011-1258 | 1 Microsoft | 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more | 2025-04-11 | 4.3 MEDIUM | N/A |
| Microsoft Internet Explorer 6 through 8 does not properly restrict web script, which allows user-assisted remote attackers to obtain sensitive information from a different (1) domain or (2) zone via vectors involving a drag-and-drop operation, aka "Drag and Drop Information Disclosure Vulnerability." | |||||
| CVE-2013-4480 | 2 Redhat, Suse | 5 Network Satellite, Satellite, Satellite With Embedded Oracle and 2 more | 2025-04-11 | 7.5 HIGH | N/A |
| Red Hat Satellite 5.6 and earlier does not disable the web interface that is used to create the first user for a satellite, which allows remote attackers to create administrator accounts. | |||||
| CVE-2011-1960 | 1 Microsoft | 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more | 2025-04-11 | 4.3 MEDIUM | N/A |
| Microsoft Internet Explorer 6 through 9 does not properly implement JavaScript event handlers, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka "Event Handlers Information Disclosure Vulnerability." | |||||
| CVE-2022-45935 | 1 Apache | 1 James | 2025-04-10 | N/A | 5.5 MEDIUM |
| Usage of temporary files with insecure permissions by the Apache James server allows an attacker with local access to access private user data in transit. Vulnerable components includes the SMTP stack and IMAP APPEND command. This issue affects Apache James server version 3.7.2 and prior versions. | |||||
| CVE-2021-26343 | 1 Amd | 48 Epyc 7003, Epyc 7003 Firmware, Epyc 72f3 and 45 more | 2025-04-09 | N/A | 5.5 MEDIUM |
| Insufficient validation in ASP BIOS and DRTM commands may allow malicious supervisor x86 software to disclose the contents of sensitive memory which may result in information disclosure. | |||||