Total
29560 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-2337 | 1 Ruby-lang | 1 Ruby | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Type confusion exists in _cancel_eval Ruby's TclTkIp class method. Attacker passing different type of object than String as "retval" argument can cause arbitrary code execution. | |||||
| CVE-2015-8158 | 1 Ntp | 1 Ntp | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| The getresponse function in ntpq in NTP versions before 4.2.8p9 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (infinite loop) via crafted packets with incorrect values. | |||||
| CVE-2016-9334 | 1 Rockwellautomation | 20 1763-l16awa Series A, 1763-l16awa Series B, 1763-l16bbb Series A and 17 more | 2025-04-20 | 5.0 MEDIUM | 7.3 HIGH |
| An issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 controller 1763-L16AWA, Series A and B, Version 14.000 and prior versions; 1763-L16BBB, Series A and B, Version 14.000 and prior versions; 1763-L16BWA, Series A and B, Version 14.000 and prior versions; and 1763-L16DWD, Series A and B, Version 14.000 and prior versions. User credentials are sent to the web server in clear text, which may allow an attacker to discover the credentials if they are able to observe traffic between the web browser and the server. | |||||
| CVE-2015-7825 | 1 Botan Project | 1 Botan | 2025-04-20 | 7.8 HIGH | 7.5 HIGH |
| botan before 1.11.22 improperly validates certificate paths, which allows remote attackers to cause a denial of service (infinite loop and memory consumption) via a certificate with a loop in the certificate chain. | |||||
| CVE-2016-8779 | 1 Huawei | 1 Fusionaccess | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| Huawei FusionAccess with software V100R005C10 and V100R005C20 could allow remote attackers with specific permission to inject a Lightweight Directory Access Protocol (LDAP) operation command into a specific input variable to obtain sensitive information from the database. | |||||
| CVE-2015-8896 | 3 Imagemagick, Oracle, Redhat | 8 Imagemagick, Linux, Enterprise Linux Desktop and 5 more | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| Integer truncation issue in coders/pict.c in ImageMagick before 7.0.5-0 allows remote attackers to cause a denial of service (application crash) via a crafted .pict file. | |||||
| CVE-2017-7273 | 1 Linux | 1 Linux Kernel | 2025-04-20 | 4.6 MEDIUM | 6.6 MEDIUM |
| The cp_report_fixup function in drivers/hid/hid-cypress.c in the Linux kernel 3.2 and 4.x before 4.9.4 allows physically proximate attackers to cause a denial of service (integer underflow) or possibly have unspecified other impact via a crafted HID report. | |||||
| CVE-2016-9396 | 1 Jasper Project | 1 Jasper | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| The JPC_NOMINALGAIN function in jpc/jpc_t1cod.c in JasPer through 2.0.12 allows remote attackers to cause a denial of service (JPC_COX_RFT assertion failure) via unspecified vectors. | |||||
| CVE-2016-9391 | 1 Jasper Project | 1 Jasper | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| The jpc_bitstream_getbits function in jpc_bs.c in JasPer before 2.0.10 allows remote attackers to cause a denial of service (assertion failure) via a very large integer. | |||||
| CVE-2017-2415 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code by leveraging an unspecified "type confusion." | |||||
| CVE-2016-9392 | 1 Jasper Project | 1 Jasper | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| The calcstepsizes function in jpc_dec.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file. | |||||
| CVE-2022-20550 | 1 Google | 1 Android | 2025-04-18 | N/A | 7.8 HIGH |
| In Multiple Locations, there is a possibility to launch arbitrary protected activities due to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-242845514 | |||||
| CVE-2022-20515 | 1 Google | 1 Android | 2025-04-18 | N/A | 5.5 MEDIUM |
| In onPreferenceClick of AccountTypePreferenceLoader.java, there is a possible way to retrieve protected files from the Settings app due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-220733496 | |||||
| CVE-2022-31708 | 1 Vmware | 1 Vrealize Operations | 2025-04-18 | N/A | 4.9 MEDIUM |
| vRealize Operations (vROps) contains a broken access control vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.4. | |||||
| CVE-2025-24367 | 1 Cacti | 1 Cacti | 2025-04-18 | N/A | 8.8 HIGH |
| Cacti is an open source performance and fault management framework. An authenticated Cacti user can abuse graph creation and graph template functionality to create arbitrary PHP scripts in the web root of the application, leading to remote code execution on the server. This vulnerability is fixed in 1.2.29. | |||||
| CVE-2022-1741 | 1 Dominionvoting | 2 Democracy Suite, Imagecast X | 2025-04-17 | 7.2 HIGH | 6.8 MEDIUM |
| The tested version of Dominion Voting Systems ImageCast X has a Terminal Emulator application which could be leveraged by an attacker to gain elevated privileges on a device and/or install malicious code. | |||||
| CVE-2022-1740 | 1 Dominionvoting | 2 Democracy Suite, Imagecast X | 2025-04-17 | 2.1 LOW | 4.6 MEDIUM |
| The tested version of Dominion Voting Systems ImageCast X’s on-screen application hash display feature, audit log export, and application export functionality rely on self-attestation mechanisms. An attacker could leverage this vulnerability to disguise malicious applications on a device. | |||||
| CVE-2021-38417 | 1 Visam | 1 Vbase Web-remote | 2025-04-17 | N/A | 7.4 HIGH |
| VISAM VBASE version 11.6.0.6 is vulnerable to improper access control via the web-remote endpoint, which may allow an unauthenticated user viewing access to folders and files in the directory listing. | |||||
| CVE-2021-27497 | 1 Philips | 4 Myvue, Speech, Vue Motion and 1 more | 2025-04-17 | 7.5 HIGH | 6.5 MEDIUM |
| Philips Vue PACS versions 12.2.x.x and prior does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product. | |||||
| CVE-2021-27493 | 1 Philips | 4 Myvue, Speech, Vue Motion and 1 more | 2025-04-17 | 6.4 MEDIUM | 6.1 MEDIUM |
| Philips Vue PACS versions 12.2.x.x and prior does not ensure or incorrectly ensures structured messages or data are well formed and that certain security properties are met before being read from an upstream component or sent to a downstream component. | |||||