Export limit exceeded: 34583 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (5522 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-26646 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-05-21 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: thermal: intel: hfi: Add syscore callbacks for system-wide PM The kernel allocates a memory buffer and provides its location to the hardware, which uses it to update the HFI table. This allocation occurs during boot and remains constant throughout runtime. When resuming from hibernation, the restore kernel allocates a second memory buffer and reprograms the HFI hardware with the new location as part of a normal boot. The location of the second memory buffer may differ from the one allocated by the image kernel. When the restore kernel transfers control to the image kernel, its HFI buffer becomes invalid, potentially leading to memory corruption if the hardware writes to it (the hardware continues to use the buffer from the restore kernel). It is also possible that the hardware "forgets" the address of the memory buffer when resuming from "deep" suspend. Memory corruption may also occur in such a scenario. To prevent the described memory corruption, disable HFI when preparing to suspend or hibernate. Enable it when resuming. Add syscore callbacks to handle the package of the boot CPU (packages of non-boot CPUs are handled via CPU offline). Syscore ops always run on the boot CPU. Additionally, HFI only needs to be disabled during "deep" suspend and hibernation. Syscore ops only run in these cases. [ rjw: Comment adjustment, subject and changelog edits ] | ||||
| CVE-2021-47374 | 1 Linux | 1 Linux Kernel | 2025-05-21 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: dma-debug: prevent an error message from causing runtime problems For some drivers, that use the DMA API. This error message can be reached several millions of times per second, causing spam to the kernel's printk buffer and bringing the CPU usage up to 100% (so, it should be rate limited). However, since there is at least one driver that is in the mainline and suffers from the error condition, it is more useful to err_printk() here instead of just rate limiting the error message (in hopes that it will make it easier for other drivers that suffer from this issue to be spotted). | ||||
| CVE-2022-41846 | 1 Axiosys | 1 Bento4 | 2025-05-20 | 5.5 Medium |
| An issue was discovered in Bento4 1.6.0-639. There ie excessive memory consumption in the function AP4_DataBuffer::ReallocateBuffer in Core/Ap4DataBuffer.cpp. | ||||
| CVE-2022-41845 | 1 Axiosys | 1 Bento4 | 2025-05-20 | 5.5 Medium |
| An issue was discovered in Bento4 1.6.0-639. There ie excessive memory consumption in the function AP4_Array<AP4_ElstEntry>::EnsureCapacity in Core/Ap4Array.h. | ||||
| CVE-2022-41870 | 1 Innovaphone | 1 Innovaphone Firmware | 2025-05-20 | 7.2 High |
| AP Manager in Innovaphone before 13r2 Service Release 17 allows command injection via a modified service ID during app upload. | ||||
| CVE-2022-3364 | 1 Ikus-soft | 1 Rdiffweb | 2025-05-20 | 7.5 High |
| Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0a3. | ||||
| CVE-2022-3371 | 1 Ikus-soft | 1 Rdiffweb | 2025-05-20 | 7.5 High |
| Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0a3. | ||||
| CVE-2022-34430 | 1 Dell | 1 Hybrid Client | 2025-05-19 | 7.1 High |
| Dell Hybrid Client below 1.8 version contains a Zip Bomb Vulnerability in UI. A guest privilege attacker could potentially exploit this vulnerability, leading to system files modification. | ||||
| CVE-2022-34432 | 1 Dell | 1 Hybrid Client | 2025-05-19 | 7.3 High |
| Dell Hybrid Client below 1.8 version contains a gedit vulnerability. A guest attacker could potentially exploit this vulnerability, allowing deletion of user and some system files and folders. | ||||
| CVE-2025-45798 | 1 Totolink | 2 A950rg, A950rg Firmware | 2025-05-19 | 6.5 Medium |
| A command execution vulnerability exists in the TOTOLINK A950RG V4.1.2cu.5204_B20210112. The vulnerability is located in the setNoticeCfg interface within the /lib/cste_modules/system.so library, specifically in the processing of the IpTo parameter. | ||||
| CVE-2025-4747 | 2025-05-16 | 6.3 Medium | ||
| A vulnerability was found in Bohua NetDragon Firewall 1.0 and classified as critical. This issue affects some unknown processing of the file /systemstatus/ip_status.php. The manipulation of the argument subnet leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-0291 | 1 Totolink | 2 Lr1200gb, Lr1200gb Firmware | 2025-05-16 | 6.3 Medium |
| A vulnerability was found in Totolink LR1200GB 9.1.0u.6619_B20230130. It has been rated as critical. This issue affects the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249857 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2022-42160 | 1 Dlink | 6 Covr 1200, Covr 1200 Firmware, Covr 1202 and 3 more | 2025-05-16 | 8.8 High |
| D-Link COVR 1200,1202,1203 v1.08 was discovered to contain a command injection vulnerability via the system_time_timezone parameter at function SetNTPServerSettings. | ||||
| CVE-2022-32149 | 2 Golang, Redhat | 10 Text, Acm, Container Native Virtualization and 7 more | 2025-05-15 | 7.5 High |
| An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse. | ||||
| CVE-2024-23749 | 1 9bis | 1 Kitty | 2025-05-15 | 7.8 High |
| KiTTY versions 0.76.1.13 and before is vulnerable to command injection via the filename variable, occurs due to insufficient input sanitization and validation, failure to escape special characters, and insecure system calls (at lines 2369-2390). This allows an attacker to add inputs inside the filename variable, leading to arbitrary code execution. | ||||
| CVE-2024-22107 | 1 Gttb | 1 Gtb Central Console | 2025-05-15 | 7.2 High |
| An issue was discovered in GTB Central Console 15.17.1-30814.NG. The method systemSettingsDnsDataAction at /opt/webapp/src/AppBundle/Controller/React/SystemSettingsController.php is vulnerable to command injection via the /old/react/v1/api/system/dns/data endpoint. An authenticated attacker can abuse it to inject an arbitrary command and compromise the platform. | ||||
| CVE-2023-41281 | 1 Qnap | 3 Qts, Quts Hero, Qutscloud | 2025-05-15 | 5.5 Medium |
| An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later QuTScloud c5.1.5.2651 and later | ||||
| CVE-2022-42897 | 1 Arraynetworks | 15 Ag1000, Ag1000t, Ag1000v5 and 12 more | 2025-05-15 | 9.8 Critical |
| Array Networks AG/vxAG with ArrayOS AG before 9.4.0.469 allows unauthenticated command injection that leads to privilege escalation and control of the system. NOTE: ArrayOS AG 10.x is unaffected. | ||||
| CVE-2022-42161 | 1 Dlink | 6 Covr 1200, Covr 1200 Firmware, Covr 1202 and 3 more | 2025-05-15 | 8.8 High |
| D-Link COVR 1200,1202,1203 v1.08 was discovered to contain a command injection vulnerability via the /SetTriggerWPS/PIN parameter at function SetTriggerWPS. | ||||
| CVE-2022-42906 | 2 Debian, Powerline Gitstatus Project | 2 Debian Linux, Powerline Gitstatus | 2025-05-15 | 7.8 High |
| powerline-gitstatus (aka Powerline Gitstatus) before 1.3.2 allows arbitrary code execution. git repositories can contain per-repository configuration that changes the behavior of git, including running arbitrary commands. When using powerline-gitstatus, changing to a directory automatically runs git commands in order to display information about the current repository in the prompt. If an attacker can convince a user to change their current directory to one controlled by the attacker, such as in a shared filesystem or extracted archive, powerline-gitstatus will run arbitrary commands under the attacker's control. NOTE: this is similar to CVE-2022-20001. | ||||