Export limit exceeded: 352371 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (728 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-3376 | 2 Oretnom23, Sourcecodester | 2 Computer Laboratory Management System, Computer Laboratory Management System | 2025-02-26 | 7.3 High |
| A vulnerability classified as critical has been found in SourceCodester Computer Laboratory Management System 1.0. This affects an unknown part of the file config.php. The manipulation of the argument url leads to execution after redirect. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259497 was assigned to this vulnerability. | ||||
| CVE-2023-1436 | 2 Jettison Project, Redhat | 9 Jettison, Camel Quarkus, Camel Spring Boot and 6 more | 2025-02-26 | 5.9 Medium |
| An infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This leads to a StackOverflowError exception being thrown. | ||||
| CVE-2020-36691 | 1 Linux | 1 Linux Kernel | 2025-02-21 | 5.5 Medium |
| An issue was discovered in the Linux kernel before 5.8. lib/nlattr.c allows attackers to cause a denial of service (unbounded recursion) via a nested Netlink policy with a back reference. | ||||
| CVE-2023-20558 | 1 Amd | 178 Athlon Gold 3150u, Athlon Gold 3150u Firmware, Athlon Silver 3050u and 175 more | 2025-02-20 | 8.8 High |
| Insufficient control flow management in AmdCpmOemSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to an escalation of privileges. | ||||
| CVE-2023-24472 | 1 Openimageio | 1 Openimageio | 2025-02-13 | 7.5 High |
| A denial of service vulnerability exists in the FitsOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted ImageOutput Object can lead to denial of service. An attacker can provide malicious input to trigger this vulnerability. | ||||
| CVE-2023-32675 | 1 Vyperlang | 1 Vyper | 2025-02-12 | 3.7 Low |
| Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. In contracts with more than one regular nonpayable function, it is possible to send funds to the default function, even if the default function is marked `nonpayable`. This applies to contracts compiled with vyper versions prior to 0.3.8. This issue was fixed by the removal of the global `calldatasize` check in commit `02339dfda`. Users are advised to upgrade to version 0.3.8. Users unable to upgrade should avoid use of nonpayable default functions. | ||||
| CVE-2023-30629 | 1 Vyperlang | 1 Vyper | 2025-02-12 | 7.5 High |
| Vyper is a Pythonic Smart Contract Language for the ethereum virtual machine. In versions 0.3.1 through 0.3.7, the Vyper compiler generates the wrong bytecode. Any contract that uses the `raw_call` with `revert_on_failure=False` and `max_outsize=0` receives the wrong response from `raw_call`. Depending on the memory garbage, the result can be either `True` or `False`. A patch is available and, as of time of publication, anticipated to be part of Vyper 0.3.8. As a workaround, one may always put `max_outsize>0`. | ||||
| CVE-2022-27499 | 1 Intel | 1 Sgx Sdk | 2025-02-05 | 2.5 Low |
| Premature release of resource during expected lifetime in the Intel(R) SGX SDK software may allow a privileged user to potentially enable information disclosure via local access. | ||||
| CVE-2022-29609 | 1 Opennetworking | 1 Onos | 2025-02-05 | 5.3 Medium |
| An issue was discovered in ONOS 2.5.1. An intent with the same source and destination shows the INSTALLING state, indicating that its flow rules are installing. Improper handling of such an intent is misleading to a network operator. | ||||
| CVE-2022-29605 | 1 Opennetworking | 1 Onos | 2025-02-05 | 7.5 High |
| An issue was discovered in ONOS 2.5.1. IntentManager attempts to install the IPv6 flow rules of an intent into an OpenFlow 1.0 switch that does not support IPv6. Improper handling of the difference in capabilities of the intent and switch is misleading to a network operator. | ||||
| CVE-2022-29607 | 1 Opennetworking | 1 Onos | 2025-02-05 | 7.5 High |
| An issue was discovered in ONOS 2.5.1. Modification of an existing intent to have the same source and destination shows the INSTALLED state without any flow rule. Improper handling of such an intent is misleading to a network operator. | ||||
| CVE-2021-43819 | 1 Stargate-bukkit Project | 1 Stargate-bukkit | 2025-02-05 | 7.5 High |
| Stargate-Bukkit is a mod for the minecraft video game which adds a portal focused environment. In affected versions Minecarts with chests will drop their items when teleporting through a portal; when they reappear, they will still have their items impacting the integrity of the game world. The teleport code has since been rewritten and is available in release `0.11.5.1`. Users are advised to upgrade. There are no known workarounds for this issue. | ||||
| CVE-2023-31893 | 1 Telefonica | 2 Brasil Vivo Play, Brasil Vivo Play Firmware | 2025-01-31 | 7.5 High |
| Telefnica Brasil Vivo Play (IPTV) Firmware: 2023.04.04.01.06.15 is vulnerable to Denial of Service (DoS) via DNS Recursion. | ||||
| CVE-2024-3247 | 1 Xpdfreader | 1 Xpdf | 2025-01-29 | 2.9 Low |
| In Xpdf 4.05 (and earlier), a PDF object loop in an object stream leads to infinite recursion and a stack overflow. | ||||
| CVE-2024-3248 | 1 Xpdfreader | 1 Xpdf | 2025-01-29 | 2.9 Low |
| In Xpdf 4.05 (and earlier), a PDF object loop in the attachments leads to infinite recursion and a stack overflow. | ||||
| CVE-2024-4568 | 1 Xpdfreader | 1 Xpdf | 2025-01-29 | 2.9 Low |
| In Xpdf 4.05 (and earlier), a PDF object loop in the PDF resources leads to infinite recursion and a stack overflow. | ||||
| CVE-2023-2663 | 1 Xpdfreader | 1 Xpdf | 2025-01-24 | 2.9 Low |
| In Xpdf 4.04 (and earlier), a PDF object loop in the page label tree leads to infinite recursion and a stack overflow. | ||||
| CVE-2023-2664 | 1 Xpdfreader | 1 Xpdf | 2025-01-23 | 2.9 Low |
| In Xpdf 4.04 (and earlier), a PDF object loop in the embedded file tree leads to infinite recursion and a stack overflow. | ||||
| CVE-2023-47163 | 1 Remarshal Project | 1 Remarshal | 2025-01-08 | 7.5 High |
| Remarshal prior to v0.17.1 expands YAML alias nodes unlimitedly, hence Remarshal is vulnerable to Billion Laughs Attack. Processing untrusted YAML files may cause a denial-of-service (DoS) condition. | ||||
| CVE-2024-31895 | 1 Ibm | 1 App Connect Enterprise | 2025-01-08 | 4.3 Medium |
| IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive user information using an expired access token. IBM X-Force ID: 288176. | ||||