Total
12426 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-27131 | 1 Openatom | 1 Openharmony | 2025-06-09 | 6.1 Medium |
| in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through improper input. | ||||
| CVE-2025-27242 | 1 Openatom | 1 Openharmony | 2025-06-09 | 3.3 Low |
| in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through improper input. | ||||
| CVE-2024-22119 | 1 Zabbix | 1 Zabbix | 2025-06-09 | 5.5 Medium |
| The cause of vulnerability is improper validation of form input field “Name” on Graph page in Items section. | ||||
| CVE-2021-3326 | 6 Debian, Fujitsu, Gnu and 3 more | 18 Debian Linux, M10-1, M10-1 Firmware and 15 more | 2025-06-09 | 7.5 High |
| The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service. | ||||
| CVE-2020-29562 | 3 Fedoraproject, Gnu, Netapp | 3 Fedora, Glibc, E-series Santricity Os Controller | 2025-06-09 | 4.8 Medium |
| The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service. | ||||
| CVE-2018-15686 | 5 Canonical, Debian, Oracle and 2 more | 10 Ubuntu Linux, Debian Linux, Communications Cloud Native Core Network Function Cloud Native Environment and 7 more | 2025-06-09 | 7.8 High |
| A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and including 239. | ||||
| CVE-2018-1000168 | 4 Debian, Nghttp2, Nodejs and 1 more | 4 Debian Linux, Nghttp2, Node.js and 1 more | 2025-06-09 | 7.5 High |
| nghttp2 version >= 1.10.0 and nghttp2 <= v1.31.0 contains an Improper Input Validation CWE-20 vulnerability in ALTSVC frame handling that can result in segmentation fault leading to denial of service. This attack appears to be exploitable via network client. This vulnerability appears to have been fixed in >= 1.31.1. | ||||
| CVE-2017-16544 | 5 Busybox, Canonical, Debian and 2 more | 8 Busybox, Ubuntu Linux, Debian Linux and 5 more | 2025-06-09 | 8.8 High |
| In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code execution, arbitrary file writes, or other attacks. | ||||
| CVE-2017-12652 | 3 Libpng, Netapp, Redhat | 3 Libpng, Active Iq Unified Manager, Enterprise Linux | 2025-06-09 | 9.8 Critical |
| libpng before 1.6.32 does not properly check the length of chunks against the user limit. | ||||
| CVE-2016-2781 | 1 Gnu | 1 Coreutils | 2025-06-09 | 4.6 Medium |
| chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer. | ||||
| CVE-2022-42012 | 3 Fedoraproject, Freedesktop, Redhat | 4 Fedora, Dbus, Enterprise Linux and 1 more | 2025-06-09 | 6.5 Medium |
| An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format. | ||||
| CVE-2022-1271 | 4 Debian, Gnu, Redhat and 1 more | 8 Debian Linux, Gzip, Enterprise Linux and 5 more | 2025-06-09 | 8.8 High |
| An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system. | ||||
| CVE-2021-22924 | 8 Debian, Fedoraproject, Haxx and 5 more | 55 Debian Linux, Fedora, Libcurl and 52 more | 2025-06-09 | 3.7 Low |
| libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths *case insensitively*,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn't include the 'issuer cert' which a transfer can setto qualify how to verify the server certificate. | ||||
| CVE-2024-9407 | 1 Redhat | 3 Enterprise Linux, Openshift, Rhel Eus | 2025-06-09 | 4.7 Medium |
| A vulnerability exists in the bind-propagation option of the Dockerfile RUN --mount instruction. The system does not properly validate the input passed to this option, allowing users to pass arbitrary parameters to the mount instruction. This issue can be exploited to mount sensitive directories from the host into a container during the build process and, in some cases, modify the contents of those mounted files. Even if SELinux is used, this vulnerability can bypass its protection by allowing the source directory to be relabeled to give the container access to host files. | ||||
| CVE-2025-5680 | 2025-06-06 | 6.3 Medium | ||
| A vulnerability classified as critical was found in Shenzhen Dashi Tongzhou Information Technology AgileBPM up to 2.5.0. Affected by this vulnerability is the function executeScript of the file /src/main/java/com/dstz/sys/rest/controller/SysScriptController.java of the component Groovy Script Handler. The manipulation of the argument script leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-5679 | 2025-06-05 | 6.3 Medium | ||
| A vulnerability classified as critical has been found in Shenzhen Dashi Tongzhou Information Technology AgileBPM up to 2.5.0. Affected is the function parseStrByFreeMarker of the file /src/main/java/com/dstz/sys/rest/controller/SysToolsController.java. The manipulation of the argument str leads to deserialization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-22027 | 1 Ays-pro | 1 Quiz Maker | 2025-06-05 | 6.5 Medium |
| Improper input validation vulnerability in WordPress Quiz Maker Plugin prior to 6.5.0.6 allows a remote authenticated attacker to perform a Denial of Service (DoS) attack against external services. | ||||
| CVE-2022-20392 | 1 Google | 1 Android | 2025-06-05 | 7.8 High |
| In declareDuplicatePermission of ParsedPermissionUtils.java, there is a possible way to obtain a dangerous permission without user consent due to improper input validation. This could lead to local escalation of privilege during app installation or upgrade with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-213323615 | ||||
| CVE-2023-35136 | 1 Zyxel | 20 Atp100, Atp100w, Atp200 and 17 more | 2025-06-05 | 5.5 Medium |
| An improper input validation vulnerability in the “Quagga” package of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, and VPN series firmware versions 4.30 through 5.37, could allow an authenticated local attacker to access configuration files on an affected device. | ||||
| CVE-2024-30087 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-06-05 | 7.8 High |
| Win32k Elevation of Privilege Vulnerability | ||||