Export limit exceeded: 356131 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (5263 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-42861 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-04-21 | 8.8 High |
| This issue was addressed with improved checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2. An app may be able to break out of its sandbox. | ||||
| CVE-2022-32945 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-04-21 | 5.4 Medium |
| An access issue was addressed with additional sandbox restrictions on third-party apps. This issue is fixed in macOS Ventura 13. An app may be able to record audio with paired AirPods. | ||||
| CVE-2022-42865 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-04-21 | 5.5 Medium |
| This issue was addressed by enabling hardened runtime. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2, watchOS 9.2. An app may be able to bypass Privacy preferences. | ||||
| CVE-2022-42859 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-04-21 | 5.5 Medium |
| Multiple issues were addressed by removing the vulnerable code. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, watchOS 9.2. An app may be able to bypass Privacy preferences. | ||||
| CVE-2022-42853 | 1 Apple | 1 Macos | 2025-04-21 | 5.5 Medium |
| An access issue was addressed with improved access restrictions. This issue is fixed in macOS Ventura 13.1. An app may be able to modify protected parts of the file system. | ||||
| CVE-2021-22567 | 1 Dart | 1 Dart Software Development Kit | 2025-04-21 | 4.6 Medium |
| Bidirectional Unicode text can be interpreted and compiled differently than how it appears in editors which can be exploited to get nefarious code passed a code review by appearing benign. An attacker could embed a source that is invisible to a code reviewer that modifies the behavior of a program in unexpected ways. | ||||
| CVE-2022-45937 | 1 Siemens | 18 Pxc00-e96.a, Pxc00-e96.a Firmware, Pxc100-e96.a and 15 more | 2025-04-21 | 8.8 High |
| A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). A low privilege authenticated attacker with network access to the integrated web server could download sensitive information from the device containing user account credentials. | ||||
| CVE-2022-46664 | 1 Siemens | 1 Mendix Workflow Commons | 2025-04-21 | 8.1 High |
| A vulnerability has been identified in Mendix Workflow Commons (All versions < V2.4.0), Mendix Workflow Commons V2.1 (All versions < V2.1.4), Mendix Workflow Commons V2.3 (All versions < V2.3.2). Affected versions of the module improperly handle access control for some module entities. This could allow authenticated remote attackers to read or delete sensitive information. | ||||
| CVE-2016-7468 | 1 F5 | 10 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 7 more | 2025-04-20 | N/A |
| An unauthenticated remote attacker may be able to disrupt services on F5 BIG-IP 11.4.1 - 11.5.4 devices with maliciously crafted network traffic. This vulnerability affects virtual servers associated with TCP profiles when the BIG-IP system's tm.tcpprogressive db variable value is set to non-default setting "enabled". The default value for the tm.tcpprogressive db variable is "negotiate". An attacker may be able to disrupt traffic or cause the BIG-IP system to fail over to another device in the device group. | ||||
| CVE-2015-1854 | 3 Debian, Fedoraproject, Redhat | 4 Debian Linux, 389 Directory Server, Fedora and 1 more | 2025-04-20 | N/A |
| 389 Directory Server before 1.3.3.10 allows attackers to bypass intended access restrictions and modify directory entries via a crafted ldapmodrdn call. | ||||
| CVE-2016-7032 | 2 Redhat, Todd Miller | 2 Enterprise Linux, Sudo | 2025-04-20 | N/A |
| sudo_noexec.so in Sudo before 1.8.15 on Linux might allow local users to bypass intended noexec command restrictions via an application that calls the (1) system or (2) popen function. | ||||
| CVE-2014-3624 | 1 Apache | 1 Traffic Server | 2025-04-20 | N/A |
| Apache Traffic Server 5.1.x before 5.1.1 allows remote attackers to bypass access restrictions by leveraging failure to properly tunnel remap requests using CONNECT. | ||||
| CVE-2014-9148 | 1 Fiyo | 1 Fiyo Cms | 2025-04-20 | N/A |
| Fiyo CMS 2.0.1.8 allows remote attackers to bypass intended access restrictions and execute the (1) "Install and Update" or (2) Backup super administrator function via the view parameter in a direct request to fiyo/dapur. | ||||
| CVE-2014-9828 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | 8.8 High |
| coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file. | ||||
| CVE-2014-9827 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | 8.8 High |
| coders/xpm.c in ImageMagick allows remote attackers to have unspecified impact via a crafted xpm file. | ||||
| CVE-2014-9830 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | 8.8 High |
| coders/sun.c in ImageMagick allows remote attackers to have unspecified impact via a corrupted sun file. | ||||
| CVE-2014-9831 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | 8.8 High |
| coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact via a corrupted wpg file. | ||||
| CVE-2014-9920 | 1 Mcafee | 1 Application Control | 2025-04-20 | N/A |
| Unauthorized execution of binary vulnerability in McAfee (now Intel Security) McAfee Application Control (MAC) 6.0.0 before hotfix 9726, 6.0.1 before hotfix 9068, 6.1.0 before hotfix 692, 6.1.1 before hotfix 399, 6.1.2 before hotfix 426, and 6.1.3 before hotfix 357 and earlier allows attackers to create a malformed Windows binary that is considered non-executable and is not protected through the whitelisting protection feature via a specific set of circumstances. | ||||
| CVE-2014-9961 | 1 Google | 1 Android | 2025-04-20 | N/A |
| In all Android releases from CAF using the Linux kernel, a vulnerability in eMMC write protection exists that can be used to bypass power-on write protection. | ||||
| CVE-2015-1976 | 1 Ibm | 2 Security Directory Server, Tivoli Directory Server | 2025-04-20 | N/A |
| IBM Security Directory Server could allow an authenticated user to execute commands into the web administration tool that would cause the tool to crash. | ||||