Export limit exceeded: 366508 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 366508 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 35583 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (35583 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-31185 1 Rozcom 1 Rozcom Client 2025-01-10 7.5 High
ROZCOM server framework - Misconfiguration may allow information disclosure via an unspecified request.
CVE-2020-9080 1 Huawei 6 Mate 20 Pro, Mate 20 Pro \(ud\), Mate 20 Pro \(ud\) Firmware and 3 more 2025-01-10 7.8 High
There is an improper privilege management vulnerability in Huawei smart phone product. A local, authenticated attacker could craft a specific input to exploit this vulnerability. Successful exploitation may lead to local privilege escalation. (Vulnerability ID: HWPSIRT-2020-05272) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9080.
CVE-2023-29550 2 Mozilla, Redhat 9 Firefox, Firefox Esr, Focus and 6 more 2025-01-10 8.8 High
Memory safety bugs present in Firefox 111 and Firefox ESR 102.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10.
CVE-2023-29548 2 Mozilla, Redhat 9 Firefox, Firefox Esr, Focus and 6 more 2025-01-10 6.5 Medium
A wrong lowering instruction in the ARM64 Ion compiler resulted in a wrong optimization result. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10.
CVE-2023-29547 1 Mozilla 3 Firefox, Firefox Esr, Focus 2025-01-10 6.5 Medium
When a secure cookie existed in the Firefox cookie jar an insecure cookie for the same domain could have been created, when it should have silently failed. This could have led to a desynchronization in expected results when reading from the secure cookie. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112.
CVE-2023-33182 1 Nextcloud 1 Contacts 2025-01-10 0 Low
Contacts app for Nextcloud easily syncs contacts from various devices with your Nextcloud and allows editing. The unsanitized SVG is converted to a JavaScript blob (in memory data) that the Avatar can't render. Due to this constellation the missing sanitization does not seem to be exploitable. It is recommended that the Contacts app is upgraded to 5.0.3 or 4.2.4
CVE-2023-33183 1 Nextcloud 1 Calendar 2025-01-10 2.6 Low
Calendar app for Nextcloud easily sync events from various devices with your Nextcloud. Some internal paths of the website are disclosed when the SMTP server is unavailable. It is recommended that the Calendar app is updated to 3.5.5 or 4.2.3
CVE-2024-48912 1 Glpi-project 1 Glpi 2025-01-10 8.1 High
GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.17, an authenticated user can use an application endpoint to delete any user account. Version 10.0.17 contains a patch for this issue.
CVE-2022-24695 1 Bluetooth 1 Bluetooth Core Specification 2025-01-10 4.3 Medium
Bluetooth Classic in Bluetooth Core Specification through 5.3 does not properly conceal device information for Bluetooth transceivers in Non-Discoverable mode. By conducting an efficient over-the-air attack, an attacker can fully extract the permanent, unique Bluetooth MAC identifier, along with device capabilities and identifiers, some of which may contain identifying information about the device owner. This additionally allows the attacker to establish a connection to the target device.
CVE-2023-33191 1 Nirmata 1 Kyverno 2025-01-10 4.6 Medium
Kyverno is a policy engine designed for Kubernetes. Kyverno seccomp control can be circumvented. Users of the podSecurity `validate.podSecurity` subrule in Kyverno 1.9.2 and 1.9.3 are vulnerable. This issue was patched in version 1.9.4.
CVE-2023-33955 1 Minio 1 Console 2025-01-10 4.3 Medium
Minio Console is the UI for MinIO Object Storage. Unicode RIGHT-TO-LEFT OVERRIDE characters can be used to mask the original filename. This issue has been patched in version 0.28.0.
CVE-2022-4332 1 Sprecher-automation 12 Sprecon-e-c, Sprecon-e-c Firmware, Sprecon-e-p Dl6-1 and 9 more 2025-01-10 6.8 Medium
In Sprecher Automation SPRECON-E-C/P/T3 CPU in variant PU244x a vulnerable firmware verification has been identified. Through physical access and hardware manipulation, an attacker might be able to bypass hardware-based code verification and thus inject and execute arbitrary code and gain full access of the device.
CVE-2024-54097 1 Huawei 2 Emui, Harmonyos 2025-01-10 7.3 High
Security vulnerability in the HiView module Impact: Successful exploitation of this vulnerability may affect feature implementation and integrity.
CVE-2024-54098 1 Huawei 2 Emui, Harmonyos 2025-01-10 8.5 High
Service logic error vulnerability in the system service module Impact: Successful exploitation of this vulnerability may affect service integrity.
CVE-2023-25731 1 Mozilla 1 Firefox 2025-01-10 8.8 High
Due to URL previews in the network panel of developer tools improperly storing URLs, query parameters could potentially be used to overwrite global objects in privileged code. This vulnerability affects Firefox < 110.
CVE-2023-25730 2 Mozilla, Redhat 8 Firefox, Firefox Esr, Thunderbird and 5 more 2025-01-10 5.4 Medium
A background script invoking <code>requestFullscreen</code> and then blocking the main thread could force the browser into fullscreen mode indefinitely, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.
CVE-2023-25729 2 Mozilla, Redhat 8 Firefox, Firefox Esr, Thunderbird and 5 more 2025-01-10 8.8 High
Permission prompts for opening external schemes were only shown for <code>ContentPrincipals</code> resulting in extensions being able to open them without user interaction via <code>ExpandedPrincipals</code>. This could lead to further malicious actions such as downloading files or interacting with software already installed on the system. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.
CVE-2023-25728 2 Mozilla, Redhat 8 Firefox, Firefox Esr, Thunderbird and 5 more 2025-01-10 6.5 Medium
The <code>Content-Security-Policy-Report-Only</code> header could allow an attacker to leak a child iframe's unredacted URI when interaction with that iframe triggers a redirect. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.
CVE-2022-45853 1 Zyxel 20 Gs1900-10hp, Gs1900-10hp Firmware, Gs1900-16 and 17 more 2025-01-10 6.7 Medium
The privilege escalation vulnerability in the Zyxel GS1900-8 firmware version V2.70(AAHH.3) and the GS1900-8HP firmware version V2.70(AAHI.3) could allow an authenticated, local attacker with administrator privileges to execute some system commands as 'root' on a vulnerable device via SSH.
CVE-2023-33105 1 Qualcomm 298 Ar8035, Ar8035 Firmware, Ar9380 and 295 more 2025-01-10 7.5 High
Transient DOS in WLAN Host and Firmware when large number of open authentication frames are sent with an invalid transaction sequence number.