Total
277570 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-13164 | 2025-01-15 | 7.8 High | ||
| An uninitialized resource in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a local authenticated attacker to escalate their privileges. | ||||
| CVE-2025-23051 | 2025-01-15 | 7.2 High | ||
| An authenticated parameter injection vulnerability exists in the web-based management interface of the AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated user to leverage parameter injection to overwrite arbitrary system files. | ||||
| CVE-2024-12085 | 1 Redhat | 2 Enterprise Linux, Openshift | 2025-01-15 | 7.5 High |
| A flaw was found in the rsync daemon which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time. | ||||
| CVE-2024-12088 | 1 Redhat | 2 Enterprise Linux, Openshift | 2025-01-15 | 6.5 Medium |
| A flaw was found in rsync. When using the `--safe-links` option, rsync fails to properly verify if a symbolic link destination contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the desired directory. | ||||
| CVE-2025-21305 | 2025-01-15 | 8.8 High | ||
| Windows Telephony Service Remote Code Execution Vulnerability | ||||
| CVE-2025-23052 | 2025-01-15 | 7.2 High | ||
| Authenticated command injection vulnerability in the command line interface of a network management service. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands as a privileged user on the underlying operating system. | ||||
| CVE-2025-23366 | 1 Redhat | 3 Jboss Data Grid, Jboss Enterprise Application Platform, Jbosseapxp | 2025-01-15 | 6.5 Medium |
| A flaw was found in the HAL Console in the Wildfly component, which does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a web page that is served to other users. The attacker must be authenticated as a user that belongs to management groups “SuperUser”, “Admin”, or “Maintainer”. | ||||
| CVE-2025-21234 | 2025-01-15 | 7.8 High | ||
| Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability | ||||
| CVE-2025-21235 | 2025-01-15 | 7.8 High | ||
| Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability | ||||
| CVE-2025-21236 | 2025-01-15 | 8.8 High | ||
| Windows Telephony Service Remote Code Execution Vulnerability | ||||
| CVE-2025-21237 | 2025-01-15 | 8.8 High | ||
| Windows Telephony Service Remote Code Execution Vulnerability | ||||
| CVE-2025-21268 | 2025-01-15 | 4.3 Medium | ||
| MapUrlToZone Security Feature Bypass Vulnerability | ||||
| CVE-2025-21269 | 2025-01-15 | 4.3 Medium | ||
| Windows HTML Platforms Security Feature Bypass Vulnerability | ||||
| CVE-2025-21314 | 2025-01-15 | 6.5 Medium | ||
| Windows SmartScreen Spoofing Vulnerability | ||||
| CVE-2025-21315 | 2025-01-15 | 7.8 High | ||
| Microsoft Brokering File System Elevation of Privilege Vulnerability | ||||
| CVE-2025-21316 | 2025-01-15 | 5.5 Medium | ||
| Windows Kernel Memory Information Disclosure Vulnerability | ||||
| CVE-2025-21318 | 2025-01-15 | 5.5 Medium | ||
| Windows Kernel Memory Information Disclosure Vulnerability | ||||
| CVE-2025-21319 | 2025-01-15 | 5.5 Medium | ||
| Windows Kernel Memory Information Disclosure Vulnerability | ||||
| CVE-2025-21320 | 2025-01-15 | 5.5 Medium | ||
| Windows Kernel Memory Information Disclosure Vulnerability | ||||
| CVE-2025-21321 | 2025-01-15 | 5.5 Medium | ||
| Windows Kernel Memory Information Disclosure Vulnerability | ||||