Total
12040 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-27961 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-01-29 | 5.5 Medium |
| Multiple validation issues were addressed with improved input sanitization. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, watchOS 9.4, macOS Big Sur 11.7.5. Importing a maliciously crafted calendar invitation may exfiltrate user information. | ||||
| CVE-2025-24882 | 2025-01-29 | 5.2 Medium | ||
| regclient is a Docker and OCI Registry Client in Go. A malicious registry could return a different digest for a pinned manifest without detection. This vulnerability is fixed in 0.7.1. | ||||
| CVE-2021-30713 | 1 Apple | 2 Mac Os X, Macos | 2025-01-29 | 7.8 High |
| A permissions issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.4. A malicious application may be able to bypass Privacy preferences. Apple is aware of a report that this issue may have been actively exploited.. | ||||
| CVE-2021-30665 | 2 Apple, Redhat | 6 Ipados, Iphone Os, Macos and 3 more | 2025-01-29 | 8.8 High |
| A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 7.4.1, iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. | ||||
| CVE-2021-30661 | 2 Apple, Redhat | 7 Ipados, Iphone Os, Macos and 4 more | 2025-01-29 | 8.8 High |
| A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.1, iOS 12.5.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. | ||||
| CVE-2021-21985 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2025-01-29 | 9.8 Critical |
| The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. | ||||
| CVE-2021-1871 | 4 Apple, Debian, Fedoraproject and 1 more | 7 Ipad Os, Iphone Os, Mac Os X and 4 more | 2025-01-29 | 9.8 Critical |
| A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. | ||||
| CVE-2021-1870 | 4 Apple, Fedoraproject, Redhat and 1 more | 7 Ipad Os, Iphone Os, Mac Os X and 4 more | 2025-01-29 | 9.8 Critical |
| A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. | ||||
| CVE-2023-26125 | 2 Gin-gonic, Redhat | 5 Gin, Migration Toolkit Applications, Migration Toolkit Virtualization and 2 more | 2025-01-29 | 5.6 Medium |
| Versions of the package github.com/gin-gonic/gin before 1.9.0 are vulnerable to Improper Input Validation by allowing an attacker to use a specially crafted request via the X-Forwarded-Prefix header, potentially leading to cache poisoning. **Note:** Although this issue does not pose a significant threat on its own it can serve as an input vector for other more impactful vulnerabilities. However, successful exploitation may depend on the server configuration and whether the header is used in the application logic. | ||||
| CVE-2022-32893 | 6 Apple, Debian, Fedoraproject and 3 more | 9 Ipados, Iphone Os, Macos and 6 more | 2025-01-29 | 8.8 High |
| An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1, Safari 15.6.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. | ||||
| CVE-2022-32885 | 2 Apple, Redhat | 9 Ipados, Iphone Os, Macos and 6 more | 2025-01-29 | 8.8 High |
| A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing maliciously crafted web content may lead to arbitrary code execution | ||||
| CVE-2022-29499 | 1 Mitel | 1 Mivoice Connect | 2025-01-29 | 9.8 Critical |
| The Service Appliance component in Mitel MiVoice Connect through 19.2 SP3 allows remote code execution because of incorrect data validation. The Service Appliances are SA 100, SA 400, and Virtual SA. | ||||
| CVE-2022-43919 | 1 Ibm | 1 Mq Appliance | 2025-01-29 | 5.3 Medium |
| IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS could allow an authenticated attacker with authorization to craft messages to cause a denial of service. IBM X-Force ID: 241354. | ||||
| CVE-2024-37965 | 1 Microsoft | 4 Sql Server 2016, Sql Server 2017, Sql Server 2019 and 1 more | 2025-01-29 | 8.8 High |
| Microsoft SQL Server Elevation of Privilege Vulnerability | ||||
| CVE-2023-31047 | 3 Djangoproject, Fedoraproject, Redhat | 5 Django, Fedora, Rhui and 2 more | 2025-01-29 | 9.8 Critical |
| In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField (only the last uploaded file was validated). However, Django's "Uploading multiple files" documentation suggested otherwise. | ||||
| CVE-2023-22952 | 1 Sugarcrm | 1 Sugarcrm | 2025-01-29 | 8.8 High |
| In SugarCRM before 12.0. Hotfix 91155, a crafted request can inject custom PHP code through the EmailTemplates because of missing input validation. | ||||
| CVE-2023-30434 | 1 Ibm | 2 Elastic Storage System, Spectrum Scale | 2025-01-29 | 6.2 Medium |
| IBM Storage Scale (IBM Spectrum Scale 5.1.0.0 through 5.1.2.9, 5.1.3.0 through 5.1.6.1 and IBM Elastic Storage Systems 6.1.0.0 through 6.1.2.5, 6.1.3.0 through 6.1.6.0) could allow a local user to cause a kernel panic. IBM X-Force ID: 252187. | ||||
| CVE-2016-3714 | 6 Canonical, Debian, Imagemagick and 3 more | 7 Ubuntu Linux, Debian Linux, Imagemagick and 4 more | 2025-01-28 | 8.4 High |
| The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick." | ||||
| CVE-2024-22065 | 1 Zte | 3 Mf258 Pro Firmware, Mf258k Pro, Mf258k Pro Firmware | 2025-01-28 | 6.8 Medium |
| There is a command injection vulnerability in ZTE MF258 Pro product. Due to insufficient validation of Ping Diagnosis interface parameter, an authenticated attacker could use the vulnerability to execute arbitrary commands. | ||||
| CVE-2022-23818 | 1 Amd | 46 Epyc 72f3, Epyc 72f3 Firmware, Epyc 7313 and 43 more | 2025-01-28 | 7.5 High |
| Insufficient input validation on the model specific register: VM_HSAVE_PA may potentially lead to loss of SEV-SNP guest memory integrity. | ||||