Total
131 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-9644 | 5 Canonical, Debian, Linux and 2 more | 7 Ubuntu Linux, Debian Linux, Linux Kernel and 4 more | 2025-04-12 | N/A |
| The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a parenthesized module template expression in the salg_name field, as demonstrated by the vfat(aes) expression, a different vulnerability than CVE-2013-7421. | ||||
| CVE-2014-1594 | 2 Mozilla, Redhat | 5 Firefox, Firefox Esr, Seamonkey and 2 more | 2025-04-12 | N/A |
| Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 might allow remote attackers to execute arbitrary code by leveraging an incorrect cast from the BasicThebesLayer data type to the BasicContainerLayer data type. | ||||
| CVE-2013-7421 | 5 Canonical, Debian, Linux and 2 more | 7 Ubuntu Linux, Debian Linux, Linux Kernel and 4 more | 2025-04-12 | N/A |
| The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a module name in the salg_name field, a different vulnerability than CVE-2014-9644. | ||||
| CVE-2014-0140 | 1 Redhat | 7 Cloudforms 3.0.1 Management Engine, Cloudforms 3.0.2 Management Engine, Cloudforms 3.0.3 Management Engine and 4 more | 2025-04-12 | N/A |
| Red Hat CloudForms 3.1 Management Engine (CFME) before 5.3 allows remote authenticated users to access sensitive controllers and actions via a direct HTTP or HTTPS request. | ||||
| CVE-2015-5306 | 2 Openstack, Redhat | 3 Ironic Inspector, Openstack, Openstack-director | 2025-04-12 | N/A |
| OpenStack Ironic Inspector (aka ironic-inspector or ironic-discoverd), when debug mode is enabled, might allow remote attackers to access the Flask console and execute arbitrary Python code by triggering an error. | ||||
| CVE-2023-40500 | 1 Lg | 1 Simple Editor | 2025-04-10 | 9.8 Critical |
| LG Simple Editor copyContent Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the copyContent command. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. . Was ZDI-CAN-19944. | ||||
| CVE-2023-40501 | 1 Lg | 1 Simple Editor | 2025-04-10 | 9.8 Critical |
| LG Simple Editor copyContent Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the copyContent command. The issue results from an exposed dangerous function. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. . Was ZDI-CAN-19945. | ||||
| CVE-2024-43065 | 2025-04-07 | 7.1 High | ||
| Cryptographic issues while generating an asymmetric key pair for RKP use cases. | ||||
| CVE-2023-38124 | 1 Inductiveautomation | 1 Ignition | 2025-03-13 | 8.8 High |
| Inductive Automation Ignition OPC UA Quick Client Task Scheduling Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to exploit this vulnerability. The specific flaw exists within the Ignition Gateway server. The issue results from the exposure of a dangerous function. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-20541. | ||||
| CVE-2023-26478 | 1 Xwiki | 1 Xwiki | 2025-03-05 | 6.6 Medium |
| XWiki Platform is a generic wiki platform. Starting in version 14.3-rc-1, `org.xwiki.store.script.TemporaryAttachmentsScriptService#uploadTemporaryAttachment` returns an instance of `com.xpn.xwiki.doc.XWikiAttachment`. This class is not supported to be exposed to users without the `programing` right. `com.xpn.xwiki.api.Attachment` should be used instead and takes case of checking the user's rights before performing dangerous operations. This has been patched in versions 14.9-rc-1 and 14.4.6. There are no known workarounds for this issue. | ||||
| CVE-2021-33639 | 1 Openatom | 1 Openeuler Kernel | 2025-03-04 | 7.5 High |
| REMAP cmd of SVM driver can be used to remap read only memory as read-write, then cause read only memory/file modified. | ||||
| CVE-2022-37365 | 1 Pdf-xchange | 1 Pdf-xchange Editor | 2025-02-18 | 7.8 High |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the saveAs method. The application exposes a JavaScript interface that allows the attacker to write arbitrary files. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-17527. | ||||
| CVE-2024-12651 | 2025-02-14 | 8.5 High | ||
| Exposed Dangerous Method or Function vulnerability in PTT Inc. HGS Mobile App allows Manipulating User-Controlled Variables.This issue affects HGS Mobile App: before 6.5.0. | ||||
| CVE-2023-33921 | 1 Siemens | 3 Cp-8031 Master Module, Cp-8050 Master Module, Cpci85 Firmware | 2025-02-13 | 6.8 Medium |
| A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MASTER MODULE (All versions < CPCI85 V05). The affected devices contain an exposed UART console login interface. An attacker with direct physical access could try to bruteforce or crack the root password to login to the device. | ||||
| CVE-2025-24359 | 2025-02-12 | 8.4 High | ||
| ASTEVAL is an evaluator of Python expressions and statements. Prior to version 1.0.6, if an attacker can control the input to the `asteval` library, they can bypass asteval's restrictions and execute arbitrary Python code in the context of the application using the library. The vulnerability is rooted in how `asteval` performs handling of `FormattedValue` AST nodes. In particular, the `on_formattedvalue` value uses the dangerous format method of the str class. The code allows an attacker to manipulate the value of the string used in the dangerous call `fmt.format(__fstring__=val)`. This vulnerability can be exploited to access protected attributes by intentionally triggering an `AttributeError` exception. The attacker can then catch the exception and use its `obj` attribute to gain arbitrary access to sensitive or protected object properties. Version 1.0.6 fixes this issue. | ||||
| CVE-2024-35209 | 1 Siemens | 2 Sinec Traffic Analyzer, Traffic Analyzer | 2025-02-11 | 6.2 Medium |
| A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). The affected web server is allowing HTTP methods like PUT and Delete. This could allow an attacker to modify unauthorized files. | ||||
| CVE-2023-38097 | 1 Netgear | 1 Prosafe Network Management System | 2025-02-06 | 8.8 High |
| NETGEAR ProSAFE Network Management System BkreProcessThread Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the BkreProcessThread class. The issue results from an exposed dangerous function. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. . Was ZDI-CAN-19719. | ||||
| CVE-2023-38101 | 1 Netgear | 1 Prosafe Network Management System | 2025-02-06 | 8.8 High |
| NETGEAR ProSAFE Network Management System SettingConfigController Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the SettingConfigController class. The issue results from an exposed dangerous function. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. . Was ZDI-CAN-19725. | ||||
| CVE-2023-34227 | 1 Jetbrains | 1 Teamcity | 2025-01-09 | 5.3 Medium |
| In JetBrains TeamCity before 2023.05 a specific endpoint was vulnerable to brute force attacks | ||||
| CVE-2023-39470 | 1 Papercut | 1 Papercut Ng | 2025-01-09 | 7.2 High |
| PaperCut NG print.script.sandboxed Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PaperCut NG. Authentication is required to exploit this vulnerability. The specific flaw exists within the management of the print.script.sandboxed setting. The issue results from the exposure of a dangerous function. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-20965. | ||||