Searching...
Please wait while we search the database
| CVE ID | Severity | Description | Published | Actions |
|---|---|---|---|---|
|
CVE-2025-2729
|
HIGH |
A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014 and classified as critical. This issue affects some unknown processing of the file /api/wizard/networkSetup of the component HTTP POST Request Handler. The manipulation leads to command injection. The attack can only be done within the local network. The exploit has been disclosed to the public and may be used.
|
25 Mar 2025
|
|
|
CVE-2025-2728
|
HIGH |
A vulnerability has been found in H3C Magic NX30 Pro and Magic NX400 up to V100R014 and classified as critical. This vulnerability affects unknown code of the file /api/wizard/getNetworkConf. The manipulation leads to command injection. The attack needs to be approached within the local network.
|
25 Mar 2025
|
|
|
CVE-2025-2727
|
HIGH |
A vulnerability, which was classified as critical, was found in H3C Magic NX30 Pro up to V100R007. This affects an unknown part of the file /api/wizard/getNetworkStatus of the component HTTP POST Request Handler. The manipulation leads to command injection. Access to the local network is required for this attack to succeed. The exploit has been disclosed to the public and may be used.
|
25 Mar 2025
|
|
|
CVE-2025-2726
|
HIGH |
A vulnerability, which was classified as critical, has been found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. Affected by this issue is some unknown functionality of the file /api/esps of the component HTTP POST Request Handler. The manipulation leads to command injection. Access to the local network is required for this attack. The exploit has been disclosed to the public and may be used.
|
25 Mar 2025
|
|
|
CVE-2025-2725
|
HIGH |
A vulnerability classified as critical was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. Affected by this vulnerability is an unknown functionality of the file /api/login/auth of the component HTTP POST Request Handler. The manipulation leads to command injection. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used.
|
25 Mar 2025
|
|
|
CVE-2025-2724
|
MEDIUM |
A vulnerability classified as problematic has been found in GNOME libgsf up to 1.14.53. Affected is the function sorting_key_copy. The manipulation of the argument Name leads to out-of-bounds read. It is possible to launch the attack on the local host. The vendor was contacted early about this disclosure but did not respond in any way.
|
25 Mar 2025
|
|
|
CVE-2025-2723
|
MEDIUM |
A vulnerability was found in GNOME libgsf up to 1.14.53. It has been rated as critical. This issue affects the function gsf_property_settings_collec. The manipulation of the argument n_alloced_params leads to heap-based buffer overflow. Attacking locally is a requirement. The vendor was contacted early about this disclosure but did not respond in any way.
|
25 Mar 2025
|
|
|
CVE-2025-2722
|
MEDIUM |
A vulnerability was found in GNOME libgsf up to 1.14.53. It has been declared as critical. This vulnerability affects the function gsf_prop_settings_collect_va. The manipulation of the argument n_alloced_params leads to heap-based buffer overflow. Local access is required to approach this attack. The vendor was contacted early about this disclosure but did not respond in any way.
|
25 Mar 2025
|
|
|
CVE-2025-2721
|
MEDIUM |
A vulnerability was found in GNOME libgsf up to 1.14.53. It has been classified as critical. This affects the function gsf_base64_encode_simple. The manipulation of the argument size_t leads to heap-based buffer overflow. An attack has to be approached locally. The vendor was contacted early about this disclosure but did not respond in any way.
|
25 Mar 2025
|
|
|
CVE-2025-30741
|
N/A |
Pixelfed before 0.12.5 allows anyone to follow private accounts and see private posts on other Fediverse servers. This affects users elsewhere in the Fediverse, if they otherwise have any followers from a Pixelfed instance.
|
25 Mar 2025
|
|
|
CVE-2025-27837
|
N/A |
An issue was discovered in Artifex Ghostscript before 10.05.0. Access to arbitrary files can occur through a truncated path with invalid UTF-8 characters, for base/gp_mswin.c and base/winrtsup.cpp.
|
25 Mar 2025
|
|
|
CVE-2025-27836
|
N/A |
An issue was discovered in Artifex Ghostscript before 10.05.0. The BJ10V device has a Print buffer overflow in contrib/japanese/gdev10v.c.
|
25 Mar 2025
|
|
|
CVE-2025-27835
|
N/A |
An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs when converting glyphs to Unicode in psi/zbfont.c.
|
25 Mar 2025
|
|
|
CVE-2025-27833
|
N/A |
An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs for a long TTF font name to pdf/pdf_fmap.c.
|
25 Mar 2025
|
|
|
CVE-2025-27832
|
N/A |
An issue was discovered in Artifex Ghostscript before 10.05.0. The NPDL device has a Compression buffer overflow for contrib/japanese/gdevnpdl.c.
|
25 Mar 2025
|
|
|
CVE-2025-27831
|
N/A |
An issue was discovered in Artifex Ghostscript before 10.05.0. The DOCXWRITE TXTWRITE device has a text buffer overflow via long characters to devices/vector/doc_common.c.
|
25 Mar 2025
|
|
|
CVE-2025-27830
|
N/A |
An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs during serialization of DollarBlend in a font, for base/write_t1.c and psi/zfapi.c.
|
25 Mar 2025
|
|
|
CVE-2025-27834
|
N/A |
An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs via an oversized Type 4 function in a PDF document to pdf/pdf_func.c.
|
25 Mar 2025
|
|
|
CVE-2025-25374
|
N/A |
In NASA cFS (Core Flight System) Aquila, it is possible to put the onboard software in a state that will prevent the launch of any external application, causing a platform denial of service.
|
25 Mar 2025
|
|
|
CVE-2025-25373
|
N/A |
The Memory Management Module of NASA cFS (Core Flight System) Aquila has insecure permissions, which can be exploited to gain an RCE on the platform.
|
25 Mar 2025
|
|
|
CVE-2025-25372
|
N/A |
NASA cFS (Core Flight System) Aquila is vulnerable to segmentation fault via sending a malicious telecommand to the Memory Management Module.
|
25 Mar 2025
|
|
|
CVE-2025-25371
|
N/A |
NASA cFS (Core Flight System) Aquila is vulnerable to path traversal in the OSAL module, allowing the override of any arbitrary file on the system.
|
25 Mar 2025
|
|
|
CVE-2024-55030
|
N/A |
A command injection vulnerability in the Command Dispatcher Service of NASA Fprime v3.4.3 allows attackers to execute arbitrary commands.
|
25 Mar 2025
|
|
|
CVE-2024-55029
|
N/A |
NASA Fprime v3.4.3 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities.
|
25 Mar 2025
|
|
|
CVE-2024-55028
|
N/A |
A template injection vulnerability in the Dashboard of NASA Fprime v3.4.3 allows attackers to execute arbitrary code via uploading a crafted Vue file.
|
25 Mar 2025
|
CVE-2025-2729
HIGH
25 Mar 2025
A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014 and classified as critical. This issue affects some unknown processing of the file /api/wizard/networkSetup of the component HTTP POST Request Handler. The manipulation leads to command injection. The attack can only be done within the local network. The exploit has been disclosed to the public and may be used.
CVE-2025-2728
HIGH
25 Mar 2025
A vulnerability has been found in H3C Magic NX30 Pro and Magic NX400 up to V100R014 and classified as critical. This vulnerability affects unknown code of the file /api/wizard/getNetworkConf. The manipulation leads to command injection. The attack needs to be approached within the local network.
CVE-2025-2727
HIGH
25 Mar 2025
A vulnerability, which was classified as critical, was found in H3C Magic NX30 Pro up to V100R007. This affects an unknown part of the file /api/wizard/getNetworkStatus of the component HTTP POST Request Handler. The manipulation leads to command injection. Access to the local network is required for this attack to succeed. The exploit has been disclosed to the public and may be used.
CVE-2025-2726
HIGH
25 Mar 2025
A vulnerability, which was classified as critical, has been found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. Affected by this issue is some unknown functionality of the file /api/esps of the component HTTP POST Request Handler. The manipulation leads to command injection. Access to the local network is required for this attack. The exploit has been disclosed to the public and may be used.
CVE-2025-2725
HIGH
25 Mar 2025
A vulnerability classified as critical was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. Affected by this vulnerability is an unknown functionality of the file /api/login/auth of the component HTTP POST Request Handler. The manipulation leads to command injection. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used.
CVE-2025-2724
MEDIUM
25 Mar 2025
A vulnerability classified as problematic has been found in GNOME libgsf up to 1.14.53. Affected is the function sorting_key_copy. The manipulation of the argument Name leads to out-of-bounds read. It is possible to launch the attack on the local host. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-2723
MEDIUM
25 Mar 2025
A vulnerability was found in GNOME libgsf up to 1.14.53. It has been rated as critical. This issue affects the function gsf_property_settings_collec. The manipulation of the argument n_alloced_params leads to heap-based buffer overflow. Attacking locally is a requirement. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-2722
MEDIUM
25 Mar 2025
A vulnerability was found in GNOME libgsf up to 1.14.53. It has been declared as critical. This vulnerability affects the function gsf_prop_settings_collect_va. The manipulation of the argument n_alloced_params leads to heap-based buffer overflow. Local access is required to approach this attack. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-2721
MEDIUM
25 Mar 2025
A vulnerability was found in GNOME libgsf up to 1.14.53. It has been classified as critical. This affects the function gsf_base64_encode_simple. The manipulation of the argument size_t leads to heap-based buffer overflow. An attack has to be approached locally. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-30741
N/A
25 Mar 2025
Pixelfed before 0.12.5 allows anyone to follow private accounts and see private posts on other Fediverse servers. This affects users elsewhere in the Fediverse, if they otherwise have any followers from a Pixelfed instance.
CVE-2025-27837
N/A
25 Mar 2025
An issue was discovered in Artifex Ghostscript before 10.05.0. Access to arbitrary files can occur through a truncated path with invalid UTF-8 characters, for base/gp_mswin.c and base/winrtsup.cpp.
CVE-2025-27836
N/A
25 Mar 2025
An issue was discovered in Artifex Ghostscript before 10.05.0. The BJ10V device has a Print buffer overflow in contrib/japanese/gdev10v.c.
CVE-2025-27835
N/A
25 Mar 2025
An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs when converting glyphs to Unicode in psi/zbfont.c.
CVE-2025-27833
N/A
25 Mar 2025
An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs for a long TTF font name to pdf/pdf_fmap.c.
CVE-2025-27832
N/A
25 Mar 2025
An issue was discovered in Artifex Ghostscript before 10.05.0. The NPDL device has a Compression buffer overflow for contrib/japanese/gdevnpdl.c.
CVE-2025-27831
N/A
25 Mar 2025
An issue was discovered in Artifex Ghostscript before 10.05.0. The DOCXWRITE TXTWRITE device has a text buffer overflow via long characters to devices/vector/doc_common.c.
CVE-2025-27830
N/A
25 Mar 2025
An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs during serialization of DollarBlend in a font, for base/write_t1.c and psi/zfapi.c.
CVE-2025-27834
N/A
25 Mar 2025
An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs via an oversized Type 4 function in a PDF document to pdf/pdf_func.c.
CVE-2025-25374
N/A
25 Mar 2025
In NASA cFS (Core Flight System) Aquila, it is possible to put the onboard software in a state that will prevent the launch of any external application, causing a platform denial of service.
CVE-2025-25373
N/A
25 Mar 2025
The Memory Management Module of NASA cFS (Core Flight System) Aquila has insecure permissions, which can be exploited to gain an RCE on the platform.
CVE-2025-25372
N/A
25 Mar 2025
NASA cFS (Core Flight System) Aquila is vulnerable to segmentation fault via sending a malicious telecommand to the Memory Management Module.
CVE-2025-25371
N/A
25 Mar 2025
NASA cFS (Core Flight System) Aquila is vulnerable to path traversal in the OSAL module, allowing the override of any arbitrary file on the system.
CVE-2024-55030
N/A
25 Mar 2025
A command injection vulnerability in the Command Dispatcher Service of NASA Fprime v3.4.3 allows attackers to execute arbitrary commands.
CVE-2024-55029
N/A
25 Mar 2025
NASA Fprime v3.4.3 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities.
CVE-2024-55028
N/A
25 Mar 2025
A template injection vulnerability in the Dashboard of NASA Fprime v3.4.3 allows attackers to execute arbitrary code via uploading a crafted Vue file.
Page 355 of 689
Page 355 of 689