Total
285319 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-6602 | 2 Mozilla, Redhat | 7 Firefox, Firefox Esr, Enterprise Linux and 4 more | 2025-03-14 | 9.8 Critical |
| A mismatch between allocator and deallocator could have led to memory corruption. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128. | ||||
| CVE-2024-5836 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-03-14 | 8.8 High |
| Inappropriate Implementation in DevTools in Google Chrome prior to 126.0.6478.54 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: High) | ||||
| CVE-2024-46943 | 1 Opendaylight | 2 Aaa, Authentication\, Authorization And Accounting | 2025-03-14 | 9.1 Critical |
| An issue was discovered in OpenDaylight Authentication, Authorization and Accounting (AAA) through 0.19.3. A rogue controller can join a cluster to impersonate an offline peer, even if this rogue controller does not possess the complete cluster configuration information. | ||||
| CVE-2024-46942 | 1 Opendaylight | 2 Md-sal, Model-driven Service Abstraction Layer | 2025-03-14 | 9.1 Critical |
| In OpenDaylight Model-Driven Service Abstraction Layer (MD-SAL) through 13.0.1, a controller with a follower role can configure flow entries in an OpenDaylight clustering deployment. | ||||
| CVE-2024-45490 | 2 Libexpat Project, Redhat | 4 Libexpat, Enterprise Linux, Openshift and 1 more | 2025-03-14 | 9.8 Critical |
| An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer. | ||||
| CVE-2024-41989 | 2 Djangoproject, Redhat | 4 Django, Ansible Automation Platform, Discovery and 1 more | 2025-03-14 | 7.5 High |
| An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The floatformat template filter is subject to significant memory consumption when given a string representation of a number in scientific notation with a large exponent. | ||||
| CVE-2024-40794 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-03-14 | 5.3 Medium |
| This issue was addressed through improved state management. This issue is fixed in macOS Sonoma 14.6, iOS 17.6 and iPadOS 17.6, Safari 17.6. Private Browsing tabs may be accessed without authentication. | ||||
| CVE-2024-38909 | 1 Studio42 | 1 Elfinder | 2025-03-14 | 9.8 Critical |
| Studio 42 elFinder 2.1.64 is vulnerable to Incorrect Access Control. Copying files with an unauthorized extension between server directories allows an arbitrary attacker to expose secrets, perform RCE, etc. | ||||
| CVE-2024-38873 | 1 Typo3 | 1 Friendlycaptcha Official | 2025-03-14 | 5.3 Medium |
| An issue was discovered in the friendlycaptcha_official (aka Integration of Friendly Captcha) extension before 0.1.4 for TYPO3. The extension fails to check the requirement of the captcha field in submitted form data, allowing a remote user to bypass the captcha check. This only affects the captcha integration for the ext:form extension. | ||||
| CVE-2024-31331 | 1 Google | 1 Android | 2025-03-14 | 7.8 High |
| In setMimeGroup of PackageManagerService.java, there is a possible way to hide the service from Settings due to a logic error in the code. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation. | ||||
| CVE-2024-27872 | 1 Apple | 1 Macos | 2025-03-14 | 5.5 Medium |
| This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sonoma 14.6. An app may be able to access protected user data. | ||||
| CVE-2024-27798 | 1 Apple | 1 Macos | 2025-03-14 | 7.8 High |
| An authorization issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.5. An attacker may be able to elevate privileges. | ||||
| CVE-2024-25743 | 2 Linux, Redhat | 3 Kernel, Enterprise Linux, Rhel Eus | 2025-03-14 | 7.1 High |
| In the Linux kernel through 6.9, an untrusted hypervisor can inject virtual interrupts 0 and 14 at any point in time and can trigger the SIGFPE signal handler in userspace applications. This affects AMD SEV-SNP and AMD SEV-ES. | ||||
| CVE-2024-25739 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-03-14 | 5.5 Medium |
| create_empty_lvol in drivers/mtd/ubi/vtbl.c in the Linux kernel through 6.7.4 can attempt to allocate zero bytes, and crash, because of a missing check for ubi->leb_size. | ||||
| CVE-2024-25414 | 1 Cszcms | 2 Csz Cms, Cszcms | 2025-03-14 | 9.8 Critical |
| An arbitrary file upload vulnerability in /admin/upgrade of CSZ CMS v1.3.0 allows attackers to execute arbitrary code via uploading a crafted Zip file. | ||||
| CVE-2024-25226 | 1 Code-projects | 1 Simple Admin Panel | 2025-03-14 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in Simple Admin Panel App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category Name parameter under the Add Category function. | ||||
| CVE-2024-22280 | 1 Vmware | 2 Aria Automation, Cloud Foundation | 2025-03-14 | 8.5 High |
| VMware Aria Automation does not apply correct input validation which allows for SQL-injection in the product. An authenticated malicious user could enter specially crafted SQL queries and perform unauthorised read/write operations in the database. | ||||
| CVE-2024-22020 | 2 Nodejs, Redhat | 2 Nodejs, Enterprise Linux | 2025-03-14 | 6.5 Medium |
| A security flaw in Node.js allows a bypass of network import restrictions. By embedding non-network imports in data URLs, an attacker can execute arbitrary code, compromising system security. Verified on various platforms, the vulnerability is mitigated by forbidding data URLs in network imports. Exploiting this flaw can violate network import security, posing a risk to developers and servers. | ||||
| CVE-2024-21159 | 1 Oracle | 1 Mysql | 2025-03-14 | 4.9 Medium |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | ||||
| CVE-2024-21137 | 2 Oracle, Redhat | 2 Mysql, Enterprise Linux | 2025-03-14 | 4.9 Medium |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | ||||