Export limit exceeded: 341868 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (341868 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-3637 | 1 Redhat | 3 Openstack, Openstack-optools, Openstack Platform | 2025-11-20 | 4.3 Medium |
| An uncontrolled resource consumption flaw was found in openstack-neutron. This flaw allows a remote authenticated user to query a list of security groups for an invalid project. This issue creates resources that are unconstrained by the user's quota. If a malicious user were to submit a significant number of requests, this could lead to a denial of service. | ||||
| CVE-2025-63749 | 1 Pnetlab | 1 Pnetlab | 2025-11-20 | 6.5 Medium |
| pnetlab 5.3.11 is vulnerable to Command Injection via the qemu_options parameter. | ||||
| CVE-2023-3108 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-11-20 | 6.2 Medium |
| A flaw was found in the subsequent get_user_pages_fast in the Linux kernel’s interface for symmetric key cipher algorithms in the skcipher_recvmsg of crypto/algif_skcipher.c function. This flaw allows a local user to crash the system. | ||||
| CVE-2023-3106 | 3 Fedoraproject, Linux, Redhat | 3 Fedora, Linux Kernel, Enterprise Linux | 2025-11-20 | 6.6 Medium |
| A NULL pointer dereference vulnerability was found in netlink_dump. This issue can occur when the Netlink socket receives the message(sendmsg) for the XFRM_MSG_GETSA, XFRM_MSG_GETPOLICY type message, and the DUMP flag is set and can cause a denial of service or possibly another unspecified impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is unlikely. | ||||
| CVE-2023-5189 | 1 Redhat | 7 Ansible Automation Platform, Ansible Automation Platform Developer, Ansible Automation Platform Inside and 4 more | 2025-11-20 | 6.3 Medium |
| A path traversal vulnerability exists in Ansible when extracting tarballs. An attacker could craft a malicious tarball so that when using the galaxy importer of Ansible Automation Hub, a symlink could be dropped on the disk, resulting in files being overwritten. | ||||
| CVE-2023-5115 | 2 Debian, Redhat | 7 Debian Linux, Ansible Automation Platform, Ansible Automation Platform Developer and 4 more | 2025-11-20 | 6.3 Medium |
| An absolute path traversal attack exists in the Ansible automation platform. This flaw allows an attacker to craft a malicious Ansible role and make the victim execute the role. A symlink can be used to overwrite a file outside of the extraction path. | ||||
| CVE-2023-34968 | 4 Debian, Fedoraproject, Redhat and 1 more | 7 Debian Linux, Fedora, Enterprise Linux and 4 more | 2025-11-20 | 5.3 Medium |
| A path disclosure vulnerability was found in Samba. As part of the Spotlight protocol, Samba discloses the server-side absolute path of shares, files, and directories in the results for search queries. This flaw allows a malicious client or an attacker with a targeted RPC request to view the information that is part of the disclosed path. | ||||
| CVE-2023-34967 | 4 Debian, Fedoraproject, Redhat and 1 more | 7 Debian Linux, Fedora, Enterprise Linux and 4 more | 2025-11-20 | 5.3 Medium |
| A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the mdssvc protocol. Due to a lack of type checking in callers of the dalloc_value_for_key() function, which returns the object associated with a key, a caller may trigger a crash in talloc_get_size() when talloc detects that the passed-in pointer is not a valid talloc pointer. With an RPC worker process shared among multiple client connections, a malicious client or attacker can trigger a process crash in a shared RPC mdssvc worker process, affecting all other clients this worker serves. | ||||
| CVE-2023-34966 | 4 Debian, Fedoraproject, Redhat and 1 more | 7 Debian Linux, Fedora, Enterprise Linux and 4 more | 2025-11-20 | 7.5 High |
| An infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets sent by the client, the core unmarshalling function sl_unpack_loop() did not validate a field in the network packet that contains the count of elements in an array-like structure. By passing 0 as the count value, the attacked function will run in an endless loop consuming 100% CPU. This flaw allows an attacker to issue a malformed RPC request, triggering an infinite loop, resulting in a denial of service condition. | ||||
| CVE-2025-63955 | 1 Phpgurukul | 1 Student Record System | 2025-11-20 | 7.5 High |
| A Cross-Site Request Forgery (CSRF) vulnerability in the manage-students.php component of PHPGurukul Student Record System v3.2 allows an attacker to trick an authenticated administrator into submitting a forged request. This leads to the unauthorized deletion of user accounts, causing a Denial of Service (DoS). | ||||
| CVE-2023-32255 | 1 Redhat | 1 Enterprise Linux | 2025-11-20 | 5.3 Medium |
| A flaw was found in the Linux kernel's ksmbd component. A memory leak can occur if a client sends a session setup request with an unknown NTLMSSP message type, potentially leading to resource exhaustion. | ||||
| CVE-2023-32253 | 1 Redhat | 1 Enterprise Linux | 2025-11-20 | 5.9 Medium |
| A flaw was found in the Linux kernel's ksmbd component. A deadlock is triggered by sending multiple concurrent session setup requests, possibly leading to a denial of service. | ||||
| CVE-2023-3428 | 3 Fedoraproject, Imagemagick, Redhat | 4 Extra Packages For Enterprise Linux, Fedora, Imagemagick and 1 more | 2025-11-20 | 6.2 Medium |
| A heap-based buffer overflow vulnerability was found in coders/tiff.c in ImageMagick. This issue may allow a local attacker to trick the user into opening a specially crafted file, resulting in an application crash and denial of service. | ||||
| CVE-2023-3397 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-11-20 | 7 High |
| A race condition occurred between the functions lmLogClose and txEnd in JFS, in the Linux Kernel, executed in different threads. This flaw allows a local attacker with normal user privileges to crash the system or leak internal kernel information. | ||||
| CVE-2023-3347 | 3 Fedoraproject, Redhat, Samba | 4 Fedora, Enterprise Linux, Storage and 1 more | 2025-11-20 | 5.9 Medium |
| A vulnerability was found in Samba's SMB2 packet signing mechanism. The SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. This flaw allows an attacker to perform attacks, such as a man-in-the-middle attack, by intercepting the network traffic and modifying the SMB2 messages between client and server, affecting the integrity of the data. | ||||
| CVE-2025-65022 | 1 Portabilis | 1 I-educar | 2025-11-20 | 7.2 High |
| i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL injection vulnerability exists in the ieducar/intranet/agenda.php script. An attacker with access to an authenticated session can execute arbitrary SQL commands against the application's database. This vulnerability is caused by the improper handling of the cod_agenda request parameter, which is directly concatenated into multiple SQL queries without proper sanitization. This issue has been patched in commit b473f92. | ||||
| CVE-2025-65023 | 1 Portabilis | 1 I-educar | 2025-11-20 | 7.2 High |
| i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL injection vulnerability exists in the ieducar/intranet/funcionario_vinculo_cad.php script. An attacker with access to an authenticated session can execute arbitrary SQL commands against the application's database. This vulnerability is caused by the improper handling of the cod_funcionario_vinculo GET parameter, which is directly concatenated into an SQL query without proper sanitization. This issue has been patched in commit a00dfa3. | ||||
| CVE-2025-25034 | 1 Sugarcrm | 1 Sugarcrm | 2025-11-20 | N/A |
| A PHP object injection vulnerability exists in SugarCRM versions prior to 6.5.24, 6.7.13, 7.5.2.5, 7.6.2.2, and 7.7.1.0 due to improper validation of PHP serialized input in the SugarRestSerialize.php script. The vulnerable code fails to sanitize the rest_data parameter before passing it to the unserialize() function. This allows an unauthenticated attacker to submit crafted serialized data containing malicious object declarations, resulting in arbitrary code execution within the application context. Although SugarCRM released a prior fix in advisory sugarcrm-sa-2016-001, the patch was incomplete and failed to address some vectors. Exploitation evidence was observed by the Shadowserver Foundation on 2024-09-13 UTC. | ||||
| CVE-2025-38274 | 1 Linux | 1 Linux Kernel | 2025-11-20 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: fpga: fix potential null pointer deref in fpga_mgr_test_img_load_sgt() fpga_mgr_test_img_load_sgt() allocates memory for sgt using kunit_kzalloc() however it does not check if the allocation failed. It then passes sgt to sg_alloc_table(), which passes it to __sg_alloc_table(). This function calls memset() on sgt in an attempt to zero it out. If the allocation fails then sgt will be NULL and the memset will trigger a NULL pointer dereference. Fix this by checking the allocation with KUNIT_ASSERT_NOT_ERR_OR_NULL(). | ||||
| CVE-2025-38272 | 1 Linux | 1 Linux Kernel | 2025-11-20 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: net: dsa: b53: do not enable EEE on bcm63xx BCM63xx internal switches do not support EEE, but provide multiple RGMII ports where external PHYs may be connected. If one of these PHYs are EEE capable, we may try to enable EEE for the MACs, which then hangs the system on access of the (non-existent) EEE registers. Fix this by checking if the switch actually supports EEE before attempting to configure it. | ||||