Total
13191 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-26125 | 2 Gin-gonic, Redhat | 5 Gin, Migration Toolkit Applications, Migration Toolkit Virtualization and 2 more | 2025-01-29 | 5.6 Medium |
| Versions of the package github.com/gin-gonic/gin before 1.9.0 are vulnerable to Improper Input Validation by allowing an attacker to use a specially crafted request via the X-Forwarded-Prefix header, potentially leading to cache poisoning. **Note:** Although this issue does not pose a significant threat on its own it can serve as an input vector for other more impactful vulnerabilities. However, successful exploitation may depend on the server configuration and whether the header is used in the application logic. | ||||
| CVE-2022-32885 | 2 Apple, Redhat | 10 Ipados, Iphone Os, Macos and 7 more | 2025-01-29 | 8.8 High |
| A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing maliciously crafted web content may lead to arbitrary code execution | ||||
| CVE-2022-43919 | 1 Ibm | 1 Mq Appliance | 2025-01-29 | 5.3 Medium |
| IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS could allow an authenticated attacker with authorization to craft messages to cause a denial of service. IBM X-Force ID: 241354. | ||||
| CVE-2024-37965 | 1 Microsoft | 5 Sql Server, Sql Server 2016, Sql Server 2017 and 2 more | 2025-01-29 | 8.8 High |
| Microsoft SQL Server Elevation of Privilege Vulnerability | ||||
| CVE-2023-31047 | 3 Djangoproject, Fedoraproject, Redhat | 5 Django, Fedora, Rhui and 2 more | 2025-01-29 | 9.8 Critical |
| In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField (only the last uploaded file was validated). However, Django's "Uploading multiple files" documentation suggested otherwise. | ||||
| CVE-2023-30434 | 1 Ibm | 2 Elastic Storage System, Spectrum Scale | 2025-01-29 | 6.2 Medium |
| IBM Storage Scale (IBM Spectrum Scale 5.1.0.0 through 5.1.2.9, 5.1.3.0 through 5.1.6.1 and IBM Elastic Storage Systems 6.1.0.0 through 6.1.2.5, 6.1.3.0 through 6.1.6.0) could allow a local user to cause a kernel panic. IBM X-Force ID: 252187. | ||||
| CVE-2024-22065 | 1 Zte | 3 Mf258 Pro Firmware, Mf258k Pro, Mf258k Pro Firmware | 2025-01-28 | 6.8 Medium |
| There is a command injection vulnerability in ZTE MF258 Pro product. Due to insufficient validation of Ping Diagnosis interface parameter, an authenticated attacker could use the vulnerability to execute arbitrary commands. | ||||
| CVE-2022-23818 | 1 Amd | 46 Epyc 72f3, Epyc 72f3 Firmware, Epyc 7313 and 43 more | 2025-01-28 | 7.5 High |
| Insufficient input validation on the model specific register: VM_HSAVE_PA may potentially lead to loss of SEV-SNP guest memory integrity. | ||||
| CVE-2021-46775 | 1 Amd | 96 Epyc 7232p, Epyc 7232p Firmware, Epyc 7252 and 93 more | 2025-01-28 | 6.8 Medium |
| Improper input validation in ABL may enable an attacker with physical access, to perform arbitrary memory overwrites, potentially leading to a loss of integrity and code execution. | ||||
| CVE-2021-46773 | 1 Amd | 126 Ryzen 1200 \(af\), Ryzen 1200 \(af\) Firmware, Ryzen 1600 \(af\) and 123 more | 2025-01-28 | 8.8 High |
| Insufficient input validation in ABL may enable a privileged attacker to corrupt ASP memory, potentially resulting in a loss of integrity or code execution. | ||||
| CVE-2021-46769 | 1 Amd | 96 Epyc 7232p, Epyc 7232p Firmware, Epyc 7252 and 93 more | 2025-01-28 | 8.8 High |
| Insufficient syscall input validation in the ASP Bootloader may allow a privileged attacker to execute arbitrary DMA copies, which can lead to code execution. | ||||
| CVE-2021-46756 | 1 Amd | 126 Epyc 7232p, Epyc 7232p Firmware, Epyc 7251 and 123 more | 2025-01-28 | 9.1 Critical |
| Insufficient validation of inputs in SVC_MAP_USER_STACK in the ASP (AMD Secure Processor) bootloader may allow an attacker with a malicious Uapp or ABL to send malformed or invalid syscall to the bootloader resulting in a potential denial of service and loss of integrity. | ||||
| CVE-2021-46762 | 1 Amd | 96 Epyc 7232p, Epyc 7232p Firmware, Epyc 7252 and 93 more | 2025-01-28 | 3.9 Low |
| Insufficient input validation in the SMU may allow an attacker to corrupt SMU SRAM potentially leading to a loss of integrity or denial of service. | ||||
| CVE-2023-25650 | 1 Zte | 1 Zxcloud Irai | 2025-01-28 | 6.5 Medium |
| There is an arbitrary file download vulnerability in ZXCLOUD iRAI. Since the backend does not escape special strings or restrict paths, an attacker with user permission could access the download interface by modifying the request parameter, causing arbitrary file downloads. | ||||
| CVE-2023-41782 | 1 Zte | 1 Zxcloud Irai | 2025-01-28 | 3.9 Low |
| There is a DLL hijacking vulnerability in ZTE ZXCLOUD iRAI, an attacker could place a fake DLL file in a specific directory and successfully exploit this vulnerability to execute malicious code. | ||||
| CVE-2023-1732 | 1 Cloudflare | 1 Circl | 2025-01-27 | 5.3 Medium |
| When sampling randomness for a shared secret, the implementation of Kyber and FrodoKEM, did not check whether crypto/rand.Read() returns an error. In rare deployment cases (error thrown by the Read() function), this could lead to a predictable shared secret. The tkn20 and blindrsa components did not check whether enough randomness was returned from the user provided randomness source. Typically the user provides crypto/rand.Reader, which in the vast majority of cases will always return the right number random bytes. In the cases where it does not, or the user provides a source that does not, the blinding for blindrsa is weak and integrity of the plaintext is not ensured in tkn20. | ||||
| CVE-2022-26837 | 1 Intel | 454 Core I3-11100he, Core I3-11100he Firmware, Core I3-1110g4 and 451 more | 2025-01-27 | 7.5 High |
| Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-30258 | 1 Eprosima | 1 Fast Dds | 2025-01-27 | 8.2 High |
| FastDDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). Prior to versions 2.14.1, 2.13.5, 2.10.4, and 2.6.8, when a publisher serves a malformed `RTPS` packet, the subscriber crashes when creating `pthread`. This can remotely crash any Fast-DDS process, potentially leading to a DOS attack. Versions 2.14.1, 2.13.5, 2.10.4, and 2.6.8 contain a patch for the issue. | ||||
| CVE-2023-31148 | 1 Selinc | 20 Sel-2241 Rtac Module, Sel-2241 Rtac Module Firmware, Sel-3350 and 17 more | 2025-01-27 | 9.1 Critical |
| An Improper Input Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to execute arbitrary code. See SEL Service Bulletin dated 2022-11-15 for more details. | ||||
| CVE-2022-33964 | 1 Intel | 1 System Usage Report | 2025-01-27 | 7.4 High |
| Improper input validation in the Intel(R) SUR software before version 2.4.8902 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | ||||