ReportizFlow
Filtered by vendor
Subscriptions
Total
13197 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-45422 | 1 Zoom | 8 Meeting Sdk, Meeting Software Development Kit, Rooms and 5 more | 2025-08-19 | 6.5 Medium |
| Improper input validation in some Zoom Apps before version 6.2.0 may allow an unauthenticated user to conduct a denial of service via network access. | ||||
| CVE-2023-43037 | 1 Ibm | 1 Maximo Application Suite | 2025-08-17 | 6.5 Medium |
| IBM Maximo Application Suite 8.11 and 9.0 could allow an authenticated user to perform unauthorized actions due to improper input validation. | ||||
| CVE-2024-20495 | 1 Cisco | 3 Adaptive Security Appliance Software, Firepower Threat Defense, Firepower Threat Defense Software | 2025-08-15 | 8.6 High |
| A vulnerability in the Remote Access VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition on an affected device. This vulnerability is due to improper validation of client key data after the TLS session is established. An attacker could exploit this vulnerability by sending a crafted key value to an affected system over the secure TLS session. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. | ||||
| CVE-2025-3885 | 1 Samsung | 2 Harman Mgu21, Harman Mgu21 Firmware | 2025-08-15 | 6.5 Medium |
| Harman Becker MGU21 Bluetooth Improper Input Validation Denial-of-Service Vulnerability. This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of Harman Becker MGU21 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Bluetooth stack of the BCM89359 chipset. The issue results from the lack of proper validation of Bluetooth frames. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-23942. | ||||
| CVE-2025-49554 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2025-08-15 | 7.5 High |
| Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Improper Input Validation vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability by providing specially crafted input, causing the application to crash or become unresponsive. Exploitation of this issue does not require user interaction. | ||||
| CVE-2021-27923 | 3 Fedoraproject, Python, Redhat | 4 Fedora, Pillow, Enterprise Linux and 1 more | 2025-08-15 | 7.5 High |
| Pillow before 8.1.2 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large. | ||||
| CVE-2021-27922 | 3 Fedoraproject, Python, Redhat | 4 Fedora, Pillow, Enterprise Linux and 1 more | 2025-08-15 | 7.5 High |
| Pillow before 8.1.2 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large. | ||||
| CVE-2021-27921 | 3 Fedoraproject, Python, Redhat | 4 Fedora, Pillow, Enterprise Linux and 1 more | 2025-08-15 | 7.5 High |
| Pillow before 8.1.2 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large. | ||||
| CVE-2025-44779 | 1 Ollama | 1 Ollama | 2025-08-14 | 6.6 Medium |
| An issue in Ollama v0.1.33 allows attackers to delete arbitrary files via sending a crafted packet to the endpoint /api/pull. | ||||
| CVE-2024-22338 | 1 Ibm | 1 Security Verify Access Oidc Provider | 2025-08-14 | 4 Medium |
| IBM Security Verify Access OIDC Provider 22.09 through 23.03 could disclose sensitive information to a local user due to hazardous input validation. IBM X-Force ID: 279978. | ||||
| CVE-2025-54785 | 2 Salesagility, Suitecrm | 2 Suitecrm, Suitecrm | 2025-08-13 | 8.8 High |
| SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In versions 7.14.6 and 8.8.0, user-supplied input is not validated/sanitized before it is passed to the unserialize function, which could lead to penetration, privilege escalation, sensitive data exposure, Denial of Service, cryptomining and ransomware. This issue is fixed in version 7.14.7 and 8.8.1. | ||||
| CVE-2025-52894 | 1 Openbao | 1 Openbao | 2025-08-12 | 7.5 High |
| OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. OpenBao before v2.3.0 allowed an attacker to perform unauthenticated, unaudited cancellation of root rekey and recovery rekey operations, effecting a denial of service. In OpenBao v2.2.0 and later, manually setting the configuration option `disable_unauthed_rekey_endpoints=true` allows an operator to deny these rarely-used endpoints on global listeners. A patch is available at commit fe75468822a22a88318c6079425357a02ae5b77b. In a future OpenBao release communicated on OpenBao's website, the maintainers will set this to `true` for all users and provide an authenticated alternative. As a workaround, if an active proxy or load balancer sits in front of OpenBao, an operator can deny requests to these endpoints from unauthorized IP ranges. | ||||
| CVE-2025-25212 | 2 Openatom, Openharmony | 2 Openharmony, Openharmony | 2025-08-12 | 3.3 Low |
| in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through improper input. | ||||
| CVE-2025-54614 | 1 Huawei | 1 Harmonyos | 2025-08-12 | 6.2 Medium |
| Input verification vulnerability in the home screen module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2024-13943 | 1 Tesla | 2 Model S, Model S Firmware | 2025-08-12 | N/A |
| Tesla Model S Iris Modem QCMAP_ConnectionManager Improper Input Validation Sandbox Escape Vulnerability. This vulnerability allows local attackers to escape the sandbox on affected affected Tesla Model S vehicles. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the QCMAP_ConnectionManager component. An attacker can abuse the service to assign LAN addresses to the WWAN. An attacker can leverage this vulnerability to access network services that were only intended to be exposed to the internal LAN. Was ZDI-CAN-23199. | ||||
| CVE-2025-54642 | 1 Huawei | 2 Emui, Harmonyos | 2025-08-11 | 6.7 Medium |
| Issue of buffer overflow caused by insufficient data verification in the kernel gyroscope module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2025-54641 | 1 Huawei | 2 Emui, Harmonyos | 2025-08-11 | 6.7 Medium |
| Issue of buffer overflow caused by insufficient data verification in the kernel acceleration module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2025-54636 | 1 Huawei | 2 Emui, Harmonyos | 2025-08-11 | 4.4 Medium |
| Issue of buffer overflow caused by insufficient data verification in the kernel drop detection module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2023-21631 | 1 Qualcomm | 320 205, 205 Firmware, 215 and 317 more | 2025-08-11 | 7.5 High |
| Weak Configuration due to improper input validation in Modem while processing LTE security mode command message received from network. | ||||
| CVE-2023-21671 | 1 Qualcomm | 48 Fastconnect 6700, Fastconnect 6700 Firmware, Fastconnect 6900 and 45 more | 2025-08-11 | 9.3 Critical |
| Memory Corruption in Core during syscall for Sectools Fuse comparison feature. | ||||