148 matches found
CVE-2024-25996
An unauthenticated remote attacker can perform a remote code execution due to an origin validation error. The access is limited to the service user...
CVE-2024-46894
A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 3. The affected application does not properly validate authorization of a user to query the "/api/sftp/users" endpoint. This could allow an authenticated remote attacker to gain knowledge about the list of configured...
CVE-2024-56319
In Matter aka connectedhomeip or Project CHIP through 1.4.0.0 before e3277eb, unlimited user label appends in a userlabel cluster can lead to a denial of service resource exhaustion...
CVE-2023-20999
In multiple locations, there is a possible way to trigger a persistent reboot loop due to improper input validation. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID:...
CVE-2022-20195
In the keystore library, there is a possible prevention of access to system Settings due to unsafe deserialization. This could lead to local denial of service with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID:...
CVE-2021-21317
uap-core in an open-source npm package which contains the core of BrowserScope's original user agent string parser. In uap-core before version 0.11.0, some regexes are vulnerable to regular expression denial of service REDoS due to overlapping capture groups. This allows remote attackers to...
CVE-2021-1053
NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer nvlddmkm.sys handler for DxgkDdiEscape or IOCTL in which improper validation of a user pointer may lead to denial of service...
CVE-2020-23895
A User Mode Write AV in Editor+0x76af of WildBit Viewer v6.6 allows attackers to cause a denial of service DoS via a crafted tiff file...
CVE-2025-30320
CVE-2025-30320 affects Adobe InDesign Desktop versions ID19.5.2, ID20.2 and earlier. The vulnerability is a NULL pointer dereference that could crash the application and cause a denial of service. Exploitation requires the user to open a malicious file, i.e., user interaction is needed. Remediati...
RHEL 9 : ruby:3.1 (RHSA-2025:4488)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:4488 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...
CVE-2025-3645
A flaw was found in Moodle. Insufficient capability checks in a messaging web service allowed users to view other users' names and online statuses...
CVE-2025-3645
A flaw was found in Moodle. Insufficient capability checks in a messaging web service allowed users to view other users' names and online statuses...
openSUSE Tumbleweed 安全漏洞
openSUSE Tumbleweed is a desktop and server operating system from openSUSE Germany. A security vulnerability exists in openSUSE Tumbleweed versions prior to 2.5.0-1.1, which stems from an incorrect default privilege that could cause a service user to elevate to root privileges...
CVE-2025-27185 After Effects | NULL Pointer Dereference (CWE-476)
After Effects versions 25.1, 24.6.4 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this iss...
CVE-2025-27170
Illustrator versions 29.2.1, 28.7.4 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial of service condition. Exploitation of this iss...
CVE-2025-27179 InDesign Desktop | NULL Pointer Dereference (CWE-476)
InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of...
LF Edge eKuiper 跨站脚本漏洞
LF Edge eKuiper is an edge lightweight IoT data analytics software from LF Edge open source. A cross-site scripting vulnerability exists in LF Edge eKuiper versions prior to 2.0.8, which originates from a user with Modify Service privileges being able to inject a cross-site scripting payload into...
CVE-2024-42019
A vulnerability that allows an attacker to access the NTLM hash of the Veeam Reporter Service service account. This attack requires user interaction and data collected from Veeam Backup & Replication...
BIT-MATTERMOST-2024-28949
Mattermost Server versions 9.5.x before 9.5.2, 9.4.x before 9.4.4, 9.3.x before 9.3.3, 8.1.x before 8.1.11 don't limit the number of user preferences which allows an attacker to send a large number of user preferences potentially causing denial of service...
CVE-2024-10771
Due to missing input validation during one step of the firmware update process, the product is vulnerable to remote code execution. With network access and the user level ”Service”, an attacker can execute arbitrary system commands in the root user’s contexts...