Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-47984 | 1 Dell | 1 Recoverpoint For Virtual Machines | 2025-02-04 | N/A | 4.4 MEDIUM |
|
Dell RecoverPoint for Virtual Machines 6.0.x contains Denial of Service vulnerability. A User with Remote access could potentially exploit this vulnerability, leading to the disruption of most functionalities of the RPA persistent after reboot, resulting in need of technical support intervention in getting system back to stable state.
|
|||||
| CVE-2024-24902 | 1 Dell | 1 Recoverpoint For Virtual Machines | 2025-02-04 | N/A | 6.6 MEDIUM |
|
Dell RecoverPoint for Virtual Machines 6.0.x contains an Improper access control vulnerability. A low privileged local attacker could potentially exploit this vulnerability leading to gaining access to unauthorized data for a limited time.
|
|||||
| CVE-2024-47238 | 1 Dell | 16 Edge Gateway 3000, Edge Gateway 3000 Firmware, Edge Gateway 3001 and 13 more | 2025-02-04 | N/A | 7.5 HIGH |
|
Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code execution.
|
|||||
| CVE-2024-29961 | 1 Broadcom | 1 Brocade Sannav | 2025-02-04 | N/A | 8.2 HIGH |
|
A vulnerability affects Brocade SANnav before v2.3.1 and v2.3.0a. It allows a Brocade SANnav service to send ping commands in the background at regular intervals to gridgain.com to check if updates are available for the Component. This could make an unauthenticated, remote attacker aware of the behavior and launch a supply-chain attack against a Brocade SANnav appliance.
|
|||||
| CVE-2025-22395 | 1 Dell | 1 Update Package Framework | 2025-02-04 | N/A | 8.2 HIGH |
|
Dell Update Package Framework, versions prior to 22.01.02, contain(s) a Local Privilege Escalation Vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary remote scripts on the server. Exploitation may lead to a denial of service by an attacker.
|
|||||
| CVE-2023-2282 | 2 Devolutions, Microsoft | 2 Remote Desktop Manager, Windows | 2025-02-04 | N/A | 6.5 MEDIUM |
|
Improper access control in the Web Login listener in Devolutions Remote Desktop Manager 2023.1.22 and earlier on Windows allows an authenticated user to bypass administrator-enforced Web Login restrictions and gain access to entries via an unexpected vector.
|
|||||
| CVE-2024-23450 | 1 Elastic | 1 Elasticsearch | 2025-02-04 | N/A | 4.9 MEDIUM |
|
A flaw was discovered in Elasticsearch, where processing a document in a deeply nested pipeline on an ingest node could cause the Elasticsearch node to crash.
|
|||||
| CVE-2024-3544 | 1 Progress | 1 Loadmaster | 2025-02-03 | N/A | 7.5 HIGH |
|
Unauthenticated attackers can perform actions, using SSH private keys, by knowing the IP address and having access to the same network of one of the machines in the HA or Cluster group. This vulnerability has been closed by enhancing LoadMaster partner communications to require a shared secret that must be exchanged between the partners before communication can proceed.
|
|||||
| CVE-2024-45331 | 1 Fortinet | 4 Fortianalyzer, Fortianalyzer Cloud, Fortimanager and 1 more | 2025-02-03 | N/A | 7.3 HIGH |
|
A incorrect privilege assignment in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15, FortiManager versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15, FortiAnalyzer Cloud versions 7.4.1 through 7.4.2, 7.2.1 through 7.2.6, 7.0.1 through 7.0.13, 6.4.1 through 6.4.7 allows attacker to escalate privilege via specific shell commands
|
|||||
| CVE-2024-11263 | 1 Zephyrproject | 1 Zephyr | 2025-02-03 | N/A | 9.3 CRITICAL |
|
When the Global Pointer (GP) relative addressing is enabled (CONFIG_RISCV_GP=y), the gp reg points at 0x800 bytes past the start of the .sdata section which is then used by the linker to relax accesses to global symbols.
|
|||||
| CVE-2022-25278 | 1 Drupal | 1 Drupal | 2025-02-03 | N/A | 6.5 MEDIUM |
|
Under certain circumstances, the Drupal core form API evaluates form element access incorrectly. This may lead to a user being able to alter data they should not have access to. No forms provided by Drupal core are known to be vulnerable. However, forms added through contributed or custom modules or themes may be affected.
|
|||||
| CVE-2023-30404 | 1 Aigital | 2 Wireless-n Repeater Mini Router, Wireless-n Repeater Mini Router Firmware | 2025-02-03 | N/A | 9.8 CRITICAL |
|
Aigital Wireless-N Repeater Mini_Router v0.131229 was discovered to contain a remote code execution (RCE) vulnerability via the sysCmd parameter in the formSysCmd function. This vulnerability is exploited via a crafted HTTP request.
|
|||||
| CVE-2023-2291 | 1 Zohocorp | 3 Manageengine Access Manager Plus, Manageengine Pam360, Manageengine Password Manager Pro | 2025-02-03 | N/A | 7.8 HIGH |
|
Static credentials exist in the PostgreSQL data used in ManageEngine Access Manager Plus (AMP) build 4309, ManageEngine Password Manager Pro, and ManageEngine PAM360. These credentials could allow a malicious actor to modify configuration data that would escalate their permissions from that of a low-privileged user to an Administrative user.
|
|||||
| CVE-2023-29835 | 1 Wondershare | 1 Dr.fone | 2025-02-03 | N/A | 7.8 HIGH |
|
Insecure Permission vulnerability found in Wondershare Dr.Fone v.12.9.6 allows a remote attacker to escalate privileges via the service permission function.
|
|||||
| CVE-2023-29779 | 1 Sengled | 2 E1e-g7f, E1e-g7f Firmware | 2025-02-03 | N/A | 7.5 HIGH |
|
Sengled Dimmer Switch V0.0.9 contains a denial of service (DOS) vulnerability, which allows a remote attacker to send malicious Zigbee messages to a vulnerable device and cause crashes. After receiving the malicious command, the device will keep reporting its status and finally drain its battery after receiving the 'Set_short_poll_interval' command.
|
|||||
| CVE-2023-28087 | 1 Hp | 1 Oneview | 2025-02-03 | N/A | 5.5 MEDIUM |
|
An HPE OneView appliance dump may expose OneView user accounts
|
|||||
| CVE-2023-28086 | 1 Hp | 1 Oneview | 2025-02-03 | N/A | 5.5 MEDIUM |
|
An HPE OneView appliance dump may expose proxy credential settings
|
|||||
| CVE-2023-24796 | 1 Vinga | 2 Wr-ac1200, Wr-ac1200 Firmware | 2025-02-03 | N/A | 9.8 CRITICAL |
|
Password vulnerability found in Vinga WR-AC1200 81.102.1.4370 and before allows a remote attacker to execute arbitrary code via the password parameter at the /goform/sysTools and /adm/systools.asp endpoints.
|
|||||
| CVE-2022-25091 | 1 Infopop | 1 Ultimate Bulletin Board | 2025-02-03 | N/A | 5.3 MEDIUM |
|
Infopop Ultimate Bulletin Board up to v5.47a was discovered to allow all messages posted inside private forums to be disclosed by unauthenticated users via the quote reply feature.
|
|||||
| CVE-2021-44465 | 1 Odoo | 1 Odoo | 2025-02-03 | N/A | 4.3 MEDIUM |
|
Improper access control in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier allows authenticated attackers to subscribe to receive future notifications and comments related to arbitrary business records in the system, via crafted RPC requests.
|
|||||
| CVE-2021-23166 | 1 Odoo | 1 Odoo | 2025-02-03 | N/A | 8.7 HIGH |
|
A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to read and write local files on the server.
|
|||||
| CVE-2024-26917 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-02-03 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
scsi: Revert "scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock"
This reverts commit 1a1975551943f681772720f639ff42fbaa746212.
This commit causes interrupts to be lost for FCoE devices, since it changed
sping locks from "bh" to "irqsave".
Instead, a work queue should be used, and will be addressed in a separate
commit.
|
|||||
| CVE-2024-4263 | 1 Lfprojects | 1 Mlflow | 2025-02-03 | N/A | 5.4 MEDIUM |
|
A broken access control vulnerability exists in mlflow/mlflow versions before 2.10.1, where low privilege users with only EDIT permissions on an experiment can delete any artifacts. This issue arises due to the lack of proper validation for DELETE requests by users with EDIT permissions, allowing them to perform unauthorized deletions of artifacts. The vulnerability specifically affects the handling of artifact deletions within the application, as demonstrated by the ability of a low privilege u ...
Show More |
|||||
| CVE-2024-25943 | 1 Dell | 1 Idrac9 | 2025-02-03 | N/A | 7.6 HIGH |
|
iDRAC9, versions prior to 7.00.00.172 for 14th Generation and 7.10.50.00 for 15th and 16th Generations, contains a session hijacking vulnerability in IPMI. A remote attacker could potentially exploit this vulnerability, leading to arbitrary code execution on the vulnerable application.
|
|||||
| CVE-2024-50157 | 1 Linux | 1 Linux Kernel | 2025-02-02 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
RDMA/bnxt_re: Avoid CPU lockups due fifo occupancy check loop
Driver waits indefinitely for the fifo occupancy to go below a threshold
as soon as the pacing interrupt is received. This can cause soft lockup on
one of the processors, if the rate of DB is very high.
Add a loop count for FPGA and exit the __wait_for_fifo_occupancy_below_th
if the loop is taking more time. Pacing will be continuing until the
occupancy is below th ...
Show More |
|||||
| CVE-2024-54557 | 1 Apple | 1 Macos | 2025-01-31 | N/A | 7.5 HIGH |
|
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sonoma 14.7.2, macOS Sequoia 15.2, macOS Ventura 13.7.2. An attacker may gain access to protected parts of the file system.
|
|||||
| CVE-2024-54536 | 1 Apple | 1 Macos | 2025-01-31 | N/A | 5.5 MEDIUM |
|
The issue was addressed with improved validation of environment variables. This issue is fixed in macOS Sequoia 15.2. An app may be able to edit NVRAM variables.
|
|||||
| CVE-2024-54516 | 1 Apple | 1 Macos | 2025-01-31 | N/A | 3.3 LOW |
|
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.7.2, macOS Sequoia 15.2. An app may be able to approve a launch daemon without user consent.
|
|||||
| CVE-2024-57726 | 1 Simple-help | 1 Simplehelp | 2025-01-31 | N/A | 9.9 CRITICAL |
|
SimpleHelp remote support software v5.5.7 and before has a vulnerability that allows low-privileges technicians to create API keys with excessive permissions. These API keys can be used to escalate privileges to the server admin role.
|
|||||
| CVE-2022-37326 | 1 Docker | 1 Desktop | 2025-01-31 | N/A | 7.8 HIGH |
|
Docker Desktop for Windows before 4.6.0 allows attackers to delete (or create) any file through the dockerBackendV2 windowscontainers/start API by controlling the pidfile field inside the DaemonJSON field in the WindowsContainerStartRequest class. This can indirectly lead to privilege escalation.
|
|||||
| CVE-2024-12102 | 1 Seventhqueen | 1 Typer Core | 2025-01-31 | N/A | 4.3 MEDIUM |
|
The Typer Core plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.9.6 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created by Elementor that they should not have access to.
|
|||||
| CVE-2023-30349 | 1 Jflyfox | 1 Jfinal Cms | 2025-01-31 | N/A | 9.8 CRITICAL |
|
JFinal CMS v5.1.0 was discovered to contain a remote code execution (RCE) vulnerability via the ActionEnter function.
|
|||||
| CVE-2023-28770 | 1 Zyxel | 2 Dx5401-b0, Dx5401-b0 Firmware | 2025-01-31 | N/A | 7.5 HIGH |
|
The sensitive information exposure vulnerability in the CGI “Export_Log” and the binary “zcmd” in Zyxel DX5401-B0 firmware versions prior to V5.17(ABYO.1)C0 could allow a remote unauthenticated attacker to read the system files and to retrieve the password of the supervisor from the encrypted file.
|
|||||
| CVE-2024-12861 | 1 Villatheme | 1 W2s | 2025-01-31 | N/A | 6.5 MEDIUM |
|
The W2S – Migrate WooCommerce to Shopify plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.2.1 via the 'viw2s_view_log' AJAX action. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.
|
|||||
| CVE-2024-13646 | 1 Aakashbhagat | 1 Single User Chat | 2025-01-31 | N/A | 8.1 HIGH |
|
The Single-user-chat plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to insufficient validation on the 'single_user_chat_update_login' function in all versions up to, and including, 0.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to update option values to 'login' on the WordPress site. This may be leveraged to update an option that would create an error on the site and deny service ...
Show More |
|||||
| CVE-2023-35685 | 1 Google | 1 Android | 2025-01-31 | N/A | 7.8 HIGH |
|
In DevmemIntMapPages of devicemem_server.c, there is a possible physical page uaf due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2023-33244 | 1 Obsidian | 1 Obsidian | 2025-01-31 | N/A | 8.2 HIGH |
|
Obsidian before 1.2.2 allows calls to unintended APIs (for microphone access, camera access, and desktop notification) via an embedded web page.
|
|||||
| CVE-2024-25046 | 1 Ibm | 1 Db2 | 2025-01-31 | N/A | 5.3 MEDIUM |
|
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to a denial of service by an authenticated user using a specially crafted query. IBM X-Force ID: 282953.
|
|||||
| CVE-2024-13671 | 1 Partitionnumerique | 1 Music Sheet Viewer | 2025-01-31 | N/A | 7.5 HIGH |
|
The Music Sheet Viewer plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 4.1 via the read_score_file() function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.
|
|||||
| CVE-2024-33503 | 1 Fortinet | 4 Fortianalyzer, Fortianalyzer Cloud, Fortimanager and 1 more | 2025-01-31 | N/A | 6.7 MEDIUM |
|
A improper privilege management in Fortinet FortiManager version 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14 allows attacker to escalation of privilege via specific shell commands
|
|||||