Total
93 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-30256 | 1 Maradns | 1 Maradns | 2025-04-29 | 7.5 High |
| An issue was discovered in MaraDNS Deadwood through 3.5.0021 that allows variant V1 of unintended domain name resolution. A revoked domain name can still be resolvable for a long time, including expired domains and taken-down malicious domains. The effects of an exploit would be widespread and highly impactful, because the exploitation conforms to de facto DNS specifications and operational practices, and overcomes current mitigation patches for "Ghost" domain names. | ||||
| CVE-2023-48220 | 2 Decidim, Scambra | 2 Decidim, Devise Invitable | 2025-04-24 | 5.7 Medium |
| Decidim is a participatory democracy framework. Starting in version 0.4.rc3 and prior to version 2.0.9 of the `devise_invitable` gem, the invites feature allows users to accept the invitation for an unlimited amount of time through the password reset functionality. This issue creates vulnerable dependencies starting in version 0.0.1.alpha3 and prior to versions 0.26.9, 0.27.5, and 0.28.0 of the `decidim,` `decidim-admin`, and `decidim-system` gems. When using the password reset functionality, the `devise_invitable` gem always accepts the pending invitation if the user has been invited. The only check done is if the user has been invited but the code does not ensure that the pending invitation is still valid as defined by the `invite_for` expiry period. Decidim sets this configuration to `2.weeks` so this configuration should be respected. The bug is in the `devise_invitable` gem and should be fixed there and the dependency should be upgraded in Decidim once the fix becomes available. `devise_invitable` to version `2.0.9` and above fix this issue. Versions 0.26.9, 0.27.5, and 0.28.0 of the `decidim,` `decidim-admin`, and `decidim-system` gems contain this fix. As a workaround, invitations can be cancelled directly from the database. | ||||
| CVE-2022-45292 | 1 Funkwhale | 1 Funkwhale | 2025-04-23 | 5.3 Medium |
| User invites for Funkwhale v1.2.8 do not permanently expire after being used for signup and can be used again after an account has been deleted. | ||||
| CVE-2025-2517 | 2025-04-23 | N/A | ||
| Reference to Expired Domain Vulnerability in OpenTextâ„¢ ArcSight Enterprise Security Manager. | ||||
| CVE-2017-0544 | 1 Google | 1 Android | 2025-04-20 | N/A |
| An elevation of privilege vulnerability in CameraBase could enable a local malicious application to execute arbitrary code. This issue is rated as High because it is a local arbitrary code execution in a privileged process. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-31992879. | ||||
| CVE-2017-14895 | 1 Google | 1 Android | 2025-04-20 | N/A |
| In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, after a subsystem reset, iwpriv is not giving correct information. | ||||
| CVE-2015-8894 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | N/A |
| Double free vulnerability in coders/tga.c in ImageMagick 7.0.0 and later allows remote attackers to cause a denial of service (application crash) via a crafted tga file. | ||||
| CVE-2021-37185 | 1 Siemens | 95 Simatic Drive Controller Cpu 1504d Tf, Simatic Drive Controller Cpu 1504d Tf Firmware, Simatic Drive Controller Cpu 1507d Tf and 92 more | 2025-04-18 | 7.5 High |
| A vulnerability has been identified in SIMATIC Drive Controller family (All versions >= V2.9.2 < V2.9.4), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions >= V21.9 < V21.9.4), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions >= V4.5.0 < V4.5.2), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.9.2 < V2.9.4), SIMATIC S7-1500 Software Controller (All versions >= V21.9 < V21.9.4), SIMATIC S7-PLCSIM Advanced (All versions >= V4.0 < V4.0 SP1), SIPLUS TIM 1531 IRC (All versions < V2.3.6), TIM 1531 IRC (All versions < V2.3.6). An unauthenticated attacker could cause a denial-of-service condition in a PLC when sending specially prepared packets over port 102/tcp. A restart of the affected device is needed to restore normal operations. | ||||
| CVE-2021-37204 | 1 Siemens | 95 Simatic Drive Controller Cpu 1504d Tf, Simatic Drive Controller Cpu 1504d Tf Firmware, Simatic Drive Controller Cpu 1507d Tf and 92 more | 2025-04-18 | 7.5 High |
| A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC Drive Controller family (All versions >= V2.9.2 < V2.9.4), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V21.9), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions >= V21.9 < V21.9.4), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 Ready4Linux (All versions), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.5.0), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions >= V4.5.0 < V4.5.2), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.9.2), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.9.2 < V2.9.4), SIMATIC S7-1500 Software Controller (All versions < V21.9), SIMATIC S7-1500 Software Controller (All versions >= V21.9 < V21.9.4), SIMATIC S7-PLCSIM Advanced (All versions < V4.0), SIMATIC S7-PLCSIM Advanced (All versions >= V4.0 < V4.0 SP1), SIPLUS TIM 1531 IRC (All versions < V2.3.6), TIM 1531 IRC (All versions < V2.3.6). An unauthenticated attacker could cause a denial-of-service condition in a PLC when sending specially prepared packet over port 102/tcp. A restart of the affected device is needed to restore normal operations. | ||||
| CVE-2021-33020 | 1 Philips | 4 Myvue, Speech, Vue Motion and 1 more | 2025-04-16 | 8.2 High |
| Philips Vue PACS versions 12.2.x.x and prior uses a cryptographic key or password past its expiration date, which diminishes its safety significantly by increasing the timing window for cracking attacks against that key. | ||||
| CVE-2022-22755 | 1 Mozilla | 1 Firefox | 2025-04-16 | 8.8 High |
| By using XSL Transforms, a malicious webserver could have served a user an XSL document that would continue to execute JavaScript (within the bounds of the same-origin policy) even after the tab was closed. This vulnerability affects Firefox < 97. | ||||
| CVE-2014-3505 | 2 Openssl, Redhat | 5 Openssl, Enterprise Linux, Jboss Enterprise Application Platform and 2 more | 2025-04-12 | N/A |
| Double free vulnerability in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (application crash) via crafted DTLS packets that trigger an error condition. | ||||
| CVE-2015-5621 | 2 Net-snmp, Redhat | 2 Net-snmp, Enterprise Linux | 2025-04-12 | N/A |
| The snmp_pdu_parse function in snmp_api.c in net-snmp 5.7.2 and earlier does not remove the varBind variable in a netsnmp_variable_list item when parsing of the SNMP PDU fails, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet. | ||||
| CVE-2014-1557 | 4 Debian, Mozilla, Oracle and 1 more | 6 Debian Linux, Firefox, Firefox Esr and 3 more | 2025-04-12 | N/A |
| The ConvolveHorizontally function in Skia, as used in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, does not properly handle the discarding of image data during function execution, which allows remote attackers to execute arbitrary code by triggering prolonged image scaling, as demonstrated by scaling of a high-quality image. | ||||
| CVE-2010-1188 | 2 Linux, Redhat | 4 Linux Kernel, Enterprise Linux, Rhel Els and 1 more | 2025-04-11 | N/A |
| Use-after-free vulnerability in net/ipv4/tcp_input.c in the Linux kernel 2.6 before 2.6.20, when IPV6_RECVPKTINFO is set on a listening socket, allows remote attackers to cause a denial of service (kernel panic) via a SYN packet while the socket is in a listening (TCP_LISTEN) state, which is not properly handled and causes the skb structure to be freed. | ||||
| CVE-2011-4348 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-04-11 | N/A |
| Race condition in the sctp_rcv function in net/sctp/input.c in the Linux kernel before 2.6.29 allows remote attackers to cause a denial of service (system hang) via SCTP packets. NOTE: in some environments, this issue exists because of an incomplete fix for CVE-2011-2482. | ||||
| CVE-2010-1087 | 3 Debian, Linux, Redhat | 4 Debian Linux, Linux Kernel, Enterprise Linux and 1 more | 2025-04-11 | N/A |
| The nfs_wait_on_request function in fs/nfs/pagelist.c in Linux kernel 2.6.x through 2.6.33-rc5 allows attackers to cause a denial of service (Oops) via unknown vectors related to truncating a file and an operation that is not interruptible. | ||||
| CVE-2009-4141 | 2 Linux, Redhat | 4 Linux Kernel, Enterprise Linux, Enterprise Mrg and 1 more | 2025-04-11 | N/A |
| Use-after-free vulnerability in the fasync_helper function in fs/fcntl.c in the Linux kernel before 2.6.33-rc4-git1 allows local users to gain privileges via vectors that include enabling O_ASYNC (aka FASYNC or FIOASYNC) on a locked file, and then closing this file. | ||||
| CVE-2011-2821 | 4 Apple, Debian, Google and 1 more | 9 Iphone Os, Mac Os X, Debian Linux and 6 more | 2025-04-11 | N/A |
| Double free vulnerability in libxml2, as used in Google Chrome before 13.0.782.215, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted XPath expression. | ||||
| CVE-2011-2482 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Rhel Eus | 2025-04-11 | 7.5 High |
| A certain Red Hat patch to the sctp_sock_migrate function in net/sctp/socket.c in the Linux kernel before 2.6.21, as used in Red Hat Enterprise Linux (RHEL) 5, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) via a crafted SCTP packet. | ||||