ReportizFlow
Filtered by vendor
Subscriptions
Total
13126 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-25090 | 1 Apache | 1 Roller | 2025-03-14 | 5.4 Medium |
| Insufficient input validation and sanitation in Profile name & screenname, Bookmark name & description and blogroll name features in all versions of Apache Roller on all platforms allows an authenticated user to perform an XSS attack. Mitigation: if you do not have Roller configured for untrusted users, then you need to do nothing because you trust your users to author raw HTML and other web content. If you are running with untrusted users then you should upgrade to Roller 6.1.3. This issue affects Apache Roller: from 5.0.0 before 6.1.3. Users are recommended to upgrade to version 6.1.3, which fixes the issue. | ||||
| CVE-2024-45537 | 1 Apache | 1 Druid | 2025-03-14 | 6.5 Medium |
| Apache Druid allows users with certain permissions to read data from other database systems using JDBC. This functionality allows trusted users to set up Druid lookups or run ingestion tasks. Druid also allows administrators to configure a list of allowed properties that users are able to provide for their JDBC connections. By default, this allowed properties list restricts users to TLS-related properties only. However, when configuration a MySQL JDBC connection, users can use a particularly-crafted JDBC connection string to provide properties that are not on this allow list. Users without the permission to configure JDBC connections are not able to exploit this vulnerability. CVE-2021-26919 describes a similar vulnerability which was partially addressed in Apache Druid 0.20.2. This issue is fixed in Apache Druid 30.0.1. | ||||
| CVE-2024-25973 | 1 Frentix | 1 Openolat | 2025-03-14 | 5.4 Medium |
| The Frentix GmbH OpenOlat LMS is affected by multiple stored Cross-Site Scripting (XSS) vulnerabilities. An attacker with rights to create or edit groups can create a course with a name that contains an XSS payload. Furthermore, attackers with the permissions to create or rename a catalog (sub-category) can enter unfiltered input in the name field. In addition, attackers who are allowed to create curriculums can also enter unfiltered input in the name field. This allows an attacker to execute stored JavaScript code with the permissions of the victim in the context of the user's browser. | ||||
| CVE-2024-9042 | 1 Redhat | 1 Windows Machine Config | 2025-03-13 | 5.9 Medium |
| This CVE affects only Windows worker nodes. Your worker node is vulnerable to this issue if it is running one of the affected versions listed below. | ||||
| CVE-2024-27896 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-13 | 7.5 High |
| Input verification vulnerability in the log module. Impact: Successful exploitation of this vulnerability can affect integrity. | ||||
| CVE-2023-52385 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-13 | 6.2 Medium |
| Out-of-bounds write vulnerability in the RSMC module. Impact: Successful exploitation of this vulnerability will affect availability. | ||||
| CVE-2023-52552 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-13 | 7.5 High |
| Input verification vulnerability in the power module. Impact: Successful exploitation of this vulnerability will affect availability. | ||||
| CVE-2024-27378 | 1 Samsung | 10 Exynos 1280, Exynos 1280 Firmware, Exynos 1330 and 7 more | 2025-03-13 | 6 Medium |
| An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_send_action_frame_cert(), there is no input validation check on len coming from userspace, which can lead to a heap over-read. | ||||
| CVE-2023-52372 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-13 | 7.5 High |
| Vulnerability of input parameter verification in the motor module.Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2023-52368 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-13 | 5.3 Medium |
| Input verification vulnerability in the account module.Successful exploitation of this vulnerability may cause features to perform abnormally. | ||||
| CVE-2024-30188 | 1 Apache | 1 Dolphinscheduler | 2025-03-13 | 8.8 High |
| File read and write vulnerability in Apache DolphinScheduler , authenticated users can illegally access additional resource files. This issue affects Apache DolphinScheduler: from 3.1.0 before 3.2.2. Users are recommended to upgrade to version 3.2.2, which fixes the issue. | ||||
| CVE-2022-46303 | 1 Checkmk | 1 Checkmk | 2025-03-12 | 8 High |
| Command injection in SMS notifications in Tribe29 Checkmk <= 2.1.0p10, Checkmk <= 2.0.0p27, and Checkmk <= 1.6.0p29 allows an attacker with User Management permissions, as well as LDAP administrators in certain scenarios, to perform arbitrary commands within the context of the application's local permissions. | ||||
| CVE-2023-20026 | 1 Cisco | 8 Rv016, Rv016 Firmware, Rv042 and 5 more | 2025-03-12 | 6.5 Medium |
| A vulnerability in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320 and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. This vulnerability is due to improper validation of user input within incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface. A successful exploit could allow the attacker to gain root-level privileges and access unauthorized data. To exploit this vulnerability, an attacker would need to have valid administrative credentials on the affected device. | ||||
| CVE-2024-29074 | 1 Openatom | 1 Openharmony | 2025-03-12 | 6.5 Medium |
| in OpenHarmony v3.2.4 and prior versions allow a local attacker arbitrary code execution in any apps through improper input. | ||||
| CVE-2021-35370 | 1 Txjia | 1 Imcat | 2025-03-12 | 9.8 Critical |
| An issue found in Peacexie Imcat v5.4 allows attackers to execute arbitrary code via the incomplete filtering function. | ||||
| CVE-2023-25692 | 1 Apache | 1 Apache-airflow-providers-google | 2025-03-12 | 7.5 High |
| Improper Input Validation vulnerability in the Apache Airflow Google Provider. This issue affects Apache Airflow Google Provider versions before 8.10.0. | ||||
| CVE-2023-25691 | 1 Apache | 1 Apache-airflow-providers-google | 2025-03-12 | 9.8 Critical |
| Improper Input Validation vulnerability in the Apache Airflow Google Provider. This issue affects Apache Airflow Google Provider versions before 8.10.0. | ||||
| CVE-2023-42661 | 1 Jfrog | 1 Artifactory | 2025-03-11 | 7.2 High |
| JFrog Artifactory prior to version 7.76.2 is vulnerable to Arbitrary File Write of untrusted data, which may lead to DoS or Remote Code Execution when a specially crafted series of requests is sent by an authenticated user. This is due to insufficient validation of artifacts. | ||||
| CVE-2023-22491 | 1 Gatsbyjs | 1 Gatsby | 2025-03-11 | 8.1 High |
| Gatsby is a free and open source framework based on React that helps developers build websites and apps. The gatsby-transformer-remark plugin prior to versions 5.25.1 and 6.3.2 passes input through to the `gray-matter` npm package, which is vulnerable to JavaScript injection in its default configuration, unless input is sanitized. The vulnerability is present in gatsby-transformer-remark when passing input in data mode (querying MarkdownRemark nodes via GraphQL). Injected JavaScript executes in the context of the build server. To exploit this vulnerability untrusted/unsanitized input would need to be sourced by or added into a file processed by gatsby-transformer-remark. A patch has been introduced in `[email protected]` and `[email protected]` which mitigates the issue by disabling the `gray-matter` JavaScript Frontmatter engine. As a workaround, if an older version of `gatsby-transformer-remark` must be used, input passed into the plugin should be sanitized ahead of processing. It is encouraged for projects to upgrade to the latest major release branch for all Gatsby plugins to ensure the latest security updates and bug fixes are received in a timely manner. | ||||
| CVE-2023-22581 | 1 Home.cern | 2 White Rabbit Switch, White Rabbit Switch Firmware | 2025-03-11 | 9.8 Critical |
| White Rabbit Switch contains a vulnerability which makes it possible for an attacker to perform system commands under the context of the web application (the default installation makes the webserver run as the root user). | ||||