Search

Search Results (366888 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-48493 1 Yiiframework 1 Yii2-redis 2025-09-18 6.5 Medium
The Yii 2 Redis extension provides the redis key-value store support for the Yii framework 2.0. On failing connection, the extension writes commands sequence to logs. Prior to version 2.0.20, AUTH parameters are written in plain text exposing username and password. That might be an issue if attacker has access to logs. Version 2.0.20 fixes the issue.
CVE-2024-36025 2 Linux, Redhat 6 Linux Kernel, Enterprise Linux, Rhel Aus and 3 more 2025-09-18 5.5 Medium
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix off by one in qla_edif_app_getstats() The app_reply->elem[] array is allocated earlier in this function and it has app_req.num_ports elements. Thus this > comparison needs to be >= to prevent memory corruption.
CVE-2022-48643 1 Linux 1 Linux Kernel 2025-09-18 5.5 Medium
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix nft_counters_enabled underflow at nf_tables_addchain() syzbot is reporting underflow of nft_counters_enabled counter at nf_tables_addchain() [1], for commit 43eb8949cfdffa76 ("netfilter: nf_tables: do not leave chain stats enabled on error") missed that nf_tables_chain_destroy() after nft_basechain_init() in the error path of nf_tables_addchain() decrements the counter because nft_basechain_init() makes nft_is_base_chain() return true by setting NFT_CHAIN_BASE flag. Increment the counter immediately after returning from nft_basechain_init().
CVE-2025-23252 1 Nvidia 1 Nvdebug 2025-09-18 4.5 Medium
The NVIDIA NVDebug tool contains a vulnerability that may allow an actor to gain access to restricted components. A successful exploit of this vulnerability may lead to information disclosure.
CVE-2023-52647 1 Linux 1 Linux Kernel 2025-09-18 5.5 Medium
In the Linux kernel, the following vulnerability has been resolved: media: nxp: imx8-isi: Check whether crossbar pad is non-NULL before access When translating source to sink streams in the crossbar subdev, the driver tries to locate the remote subdev connected to the sink pad. The remote pad may be NULL, if userspace tries to enable a stream that ends at an unconnected crossbar sink. When that occurs, the driver dereferences the NULL pad, leading to a crash. Prevent the crash by checking if the pad is NULL before using it, and return an error if it is.
CVE-2025-54237 3 Adobe, Apple, Microsoft 3 Substance 3d Stager, Macos, Windows 2025-09-18 5.5 Medium
Substance3D - Stager versions 3.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2025-6375 1 Pocoproject 1 Poco 2025-09-18 3.3 Low
A vulnerability was found in poco up to 1.14.1. It has been rated as problematic. Affected by this issue is the function MultipartInputStream of the file Net/src/MultipartReader.cpp. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 1.14.2 is able to address this issue. The patch is identified as 6f2f85913c191ab9ddfb8fae781f5d66afccf3bf. It is recommended to upgrade the affected component.
CVE-2025-6499 1 Vstakhov 1 Libucl 2025-09-18 3.3 Low
A vulnerability classified as problematic was found in vstakhov libucl up to 0.9.2. Affected by this vulnerability is the function ucl_parse_multiline_string of the file src/ucl_parser.c. The manipulation leads to heap-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.
CVE-2024-9136 1 Huawei 2 Emui, Harmonyos 2025-09-18 6.7 Medium
Access permission verification vulnerability in the App Multiplier module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2024-56434 1 Huawei 2 Emui, Harmonyos 2025-09-18 4.4 Medium
UAF vulnerability in the device node access module Impact: Successful exploitation of this vulnerability may cause service exceptions of the device.
CVE-2024-54113 1 Huawei 1 Harmonyos 2025-09-18 6.5 Medium
Process residence vulnerability in abnormal scenarios in the print module Impact: Successful exploitation of this vulnerability may affect power consumption.
CVE-2024-54112 1 Huawei 1 Harmonyos 2025-09-18 5.5 Medium
Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2024-54110 1 Huawei 1 Harmonyos 2025-09-18 6.2 Medium
Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2024-54109 1 Huawei 1 Harmonyos 2025-09-18 6.5 Medium
Read/Write vulnerability in the image decoding module Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2024-54108 1 Huawei 1 Harmonyos 2025-09-18 6.5 Medium
Read/Write vulnerability in the image decoding module Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2024-54107 1 Huawei 1 Harmonyos 2025-09-18 7.1 High
Read/Write vulnerability in the image decoding module Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2024-54103 1 Huawei 1 Harmonyos 2025-09-18 6.1 Medium
Vulnerability of improper access control in the album module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2024-54099 1 Huawei 2 Emui, Harmonyos 2025-09-18 6.7 Medium
File replacement vulnerability on some devices Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.
CVE-2024-51525 1 Huawei 1 Harmonyos 2025-09-18 6.2 Medium
Permission control vulnerability in the clipboard module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2024-51516 1 Huawei 1 Harmonyos 2025-09-18 6.2 Medium
Permission control vulnerability in the ability module Impact: Successful exploitation of this vulnerability may cause features to function abnormally.