Total
10666 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-2143 | 4 Debian, Linux, Oracle and 1 more | 4 Debian Linux, Linux Kernel, Linux and 1 more | 2024-03-14 | 6.9 MEDIUM | 7.8 HIGH |
| The fork implementation in the Linux kernel before 4.5 on s390 platforms mishandles the case of four page-table levels, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted application, related to arch/s390/include/asm/mmu_context.h and arch/s390/include/asm/pgalloc.h. | |||||
| CVE-2023-32633 | 2024-03-14 | N/A | 6.7 MEDIUM | ||
| Improper input validation in the Intel(R) CSME installer software before version 2328.5.5.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-1221 | 2024-03-14 | N/A | 3.1 LOW | ||
| This vulnerability potentially allows files on a PaperCut NG/MF server to be exposed using a specifically formed payload against the impacted API endpoint. The attacker must carry out some reconnaissance to gain knowledge of a system token. This CVE only affects Linux and macOS PaperCut NG/MF servers. | |||||
| CVE-2024-0161 | 2024-03-13 | N/A | 7.2 HIGH | ||
| Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A local low privileged attacker could potentially exploit this vulnerability leading to arbitrary writes to SMRAM. | |||||
| CVE-2024-20318 | 2024-03-13 | N/A | 7.4 HIGH | ||
| A vulnerability in the Layer 2 Ethernet services of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause the line card network processor to reset, resulting in a denial of service (DoS) condition. This vulnerability is due to the incorrect handling of specific Ethernet frames that are received on line cards that have the Layer 2 services feature enabled. An attacker could exploit this vulnerability by sending specific Ethernet frames through an affected device. A successful exploit could allow the attacker to cause the ingress interface network processor to reset, resulting in a loss of traffic over the interfaces that are supported by the network processor. Multiple resets of the network processor would cause the line card to reset, resulting in a DoS condition. | |||||
| CVE-2024-20327 | 2024-03-13 | N/A | 7.4 HIGH | ||
| A vulnerability in the PPP over Ethernet (PPPoE) termination feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker to crash the ppp_ma process, resulting in a denial of service (DoS) condition. This vulnerability is due to the improper handling of malformed PPPoE packets that are received on a router that is running Broadband Network Gateway (BNG) functionality with PPPoE termination on a Lightspeed-based or Lightspeed-Plus-based line card. An attacker could exploit this vulnerability by sending a crafted PPPoE packet to an affected line card interface that does not terminate PPPoE. A successful exploit could allow the attacker to crash the ppp_ma process, resulting in a DoS condition for PPPoE traffic across the router. | |||||
| CVE-2021-41583 | 3 Debian, Eduvpn, Fedoraproject | 3 Debian Linux, Vpn-user-portal, Fedora | 2024-03-12 | 9.0 HIGH | 6.5 MEDIUM |
| vpn-user-portal (aka eduVPN or Let's Connect!) before 2.3.14, as packaged for Debian 10, Debian 11, and Fedora, allows remote authenticated users to obtain OS filesystem access, because of the interaction of QR codes with an exec that uses the -r option. This can be leveraged to obtain additional VPN access. | |||||
| CVE-2021-43803 | 2 Nodejs, Vercel | 2 Node.js, Next.js | 2024-03-12 | 4.3 MEDIUM | 7.5 HIGH |
| Next.js is a React framework. In versions of Next.js prior to 12.0.5 or 11.1.3, invalid or malformed URLs could lead to a server crash. In order to be affected by this issue, the deployment must use Next.js versions above 11.1.0 and below 12.0.5, Node.js above 15.0.0, and next start or a custom server. Deployments on Vercel are not affected, along with similar environments where invalid requests are filtered before reaching Next.js. Versions 12.0.5 and 11.1.3 contain patches for this issue. | |||||
| CVE-2024-25998 | 2024-03-12 | N/A | 7.3 HIGH | ||
| An unauthenticated remote attacker can perform a command injection in the OCPP Service with limited privileges due to improper input validation. | |||||
| CVE-2024-25994 | 2024-03-12 | N/A | 5.3 MEDIUM | ||
| An unauthenticated remote attacker can upload a arbitrary script file due to improper input validation. The upload destination is fixed and is write only. | |||||
| CVE-2024-25999 | 2024-03-12 | N/A | 8.4 HIGH | ||
| An unauthenticated local attacker can perform a privilege escalation due to improper input validation in the OCPP agent service. | |||||
| CVE-2024-26001 | 2024-03-12 | N/A | 7.4 HIGH | ||
| An unauthenticated remote attacker can write memory out of bounds due to improper input validation in the MQTT stack. The brute force attack is not always successful because of memory randomization. | |||||
| CVE-2024-26002 | 2024-03-12 | N/A | 7.8 HIGH | ||
| An improper input validation in the Qualcom plctool allows a local attacker with low privileges to gain root access by changing the ownership of specific files. | |||||
| CVE-2024-26000 | 2024-03-12 | N/A | 5.9 MEDIUM | ||
| An unauthenticated remote attacker can read memory out of bounds due to improper input validation in the MQTT stack. The brute force attack is not always successful because of memory randomization. | |||||
| CVE-2024-25997 | 2024-03-12 | N/A | 5.3 MEDIUM | ||
| An unauthenticated remote attacker can perform a log injection due to improper input validation. Only a certain log file is affected. | |||||
| CVE-2024-2339 | 2024-03-08 | N/A | 8.0 HIGH | ||
| PostgreSQL Anonymizer v1.2 contains a vulnerability that allows a user who owns a table to elevate to superuser. A user can define a masking function for a column and place malicious code in that function. When a privileged user applies the masking rules using the static masking or the anonymous dump method, the malicious code is executed and can grant escalated privileges to the malicious user. PostgreSQL Anonymizer v1.2 does provide a protection against this risk with the restrict_to_trusted_schemas option, but that protection is incomplete. Users that don't own a table, especially masked users cannot exploit this vulnerability. The problem is resolved in v1.3. | |||||
| CVE-2023-42661 | 2024-03-08 | N/A | 7.2 HIGH | ||
| JFrog Artifactory prior to version 7.76.2 is vulnerable to Arbitrary File Write of untrusted data, which may lead to DoS or Remote Code Execution when a specially crafted series of requests is sent by an authenticated user. This is due to insufficient validation of artifacts. | |||||
| CVE-2019-15606 | 5 Debian, Nodejs, Opensuse and 2 more | 7 Debian Linux, Node.js, Leap and 4 more | 2024-03-07 | 7.5 HIGH | 9.8 CRITICAL |
| Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons | |||||
| CVE-2023-5044 | 1 Kubernetes | 1 Ingress-nginx | 2024-03-07 | N/A | 8.8 HIGH |
| Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation. | |||||
| CVE-2023-5043 | 1 Kubernetes | 1 Ingress-nginx | 2024-03-07 | N/A | 8.8 HIGH |
| Ingress nginx annotation injection causes arbitrary command execution. | |||||