Total
29893 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-10408 | 1 Qualcomm | 10 9206 Lte Modem, 9206 Lte Modem Firmware, Apq8037 and 7 more | 2025-01-09 | 7.8 High |
| QSEE will randomly experience a fatal error during execution due to speculative instruction fetches from device memory. Device memory is not valid executable memory. | ||||
| CVE-2023-28657 | 1 Contec | 1 Conprosys Hmi System | 2025-01-09 | 8.8 High |
| Improper access control vulnerability exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. A user of the PC where the affected product is installed may gain an administrative privilege. As a result, information regarding the product may be obtained and/or altered by the user. | ||||
| CVE-2024-6449 | 1 Hyperview | 1 Geoportal Toolkit | 2025-01-09 | 6.5 Medium |
| HyperView Geoportal Toolkit in versions lower than 8.5.0 does not restrict cross-domain requests when fetching remote content pointed by one of GET request parameters. An unauthenticated remote attacker can prepare links, which upon opening will load scripts from a remote location controlled by the attacker and execute them in the user space. By manipulating this parameter it is also possible to enumerate some of the devices in Local Area Network in which the server resides. | ||||
| CVE-2023-22647 | 1 Suse | 1 Rancher | 2025-01-09 | 9.9 Critical |
| An Improper Privilege Management vulnerability in SUSE Rancher allowed standard users to leverage their existing permissions to manipulate Kubernetes secrets in the local cluster, resulting in the secret being deleted, but their read-level permissions to the secret being preserved. When this operation was followed-up by other specially crafted commands, it could result in the user gaining access to tokens belonging to service accounts in the local cluster. This issue affects Rancher: from >= 2.6.0 before < 2.6.13, from >= 2.7.0 before < 2.7.4. | ||||
| CVE-2024-25964 | 1 Dell | 1 Powerscale Onefs | 2025-01-09 | 5.3 Medium |
| Dell PowerScale OneFS 9.5.0.x through 9.7.0.x contain a covert timing channel vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service. | ||||
| CVE-2024-25966 | 1 Dell | 1 Powerscale Onefs | 2025-01-09 | 5.3 Medium |
| Dell PowerScale OneFS versions 8.2.x through 9.7.0.2 contains an improper handling of unexpected data type vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service. | ||||
| CVE-2024-25965 | 1 Dell | 1 Powerscale Onefs | 2025-01-09 | 6.1 Medium |
| Dell PowerScale OneFS versions 8.2.x through 9.7.0.2 contains an external control of file name or path vulnerability. A local high privilege attacker could potentially exploit this vulnerability, leading to denial of service. | ||||
| CVE-2023-43553 | 1 Qualcomm | 262 Ar8035, Ar8035 Firmware, Csr8811 and 259 more | 2025-01-09 | 9.8 Critical |
| Memory corruption while parsing beacon/probe response frame when AP sends more supported links in MLIE. | ||||
| CVE-2024-25967 | 1 Dell | 1 Powerscale Onefs | 2025-01-09 | 6.7 Medium |
| Dell PowerScale OneFS versions 8.2.x through 9.7.0.1 contains an execution with unnecessary privileges vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to escalation of privileges. | ||||
| CVE-2024-49603 | 1 Dell | 1 Powerscale Onefs | 2025-01-09 | 4.3 Medium |
| Dell PowerScale OneFS Versions 8.2.2.x through 9.9.0.x contain an incorrect specified argument vulnerability. A remote low privileged legitimate user could potentially exploit this vulnerability, leading to information disclosure. | ||||
| CVE-2023-39470 | 1 Papercut | 1 Papercut Ng | 2025-01-09 | 7.2 High |
| PaperCut NG print.script.sandboxed Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PaperCut NG. Authentication is required to exploit this vulnerability. The specific flaw exists within the management of the print.script.sandboxed setting. The issue results from the exposure of a dangerous function. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-20965. | ||||
| CVE-2022-43841 | 1 Ibm | 1 Aspera Console | 2025-01-08 | 4 Medium |
| IBM Aspera Console 3.4.0 through 3.4.2 PL9 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 239078. | ||||
| CVE-2024-24901 | 1 Dell | 1 Powerscale Onefs | 2025-01-08 | 3 Low |
| Dell PowerScale OneFS 8.2.x through 9.6.0.x contain an insufficient logging vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability, causing audit messages lost and not recorded for a specific time period. | ||||
| CVE-2024-31904 | 1 Ibm | 1 App Connect Enterprise | 2025-01-07 | 6.5 Medium |
| IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 integration nodes could allow an authenticated user to cause a denial of service due to an uncaught exception. IBM X-Force ID: 289647. | ||||
| CVE-2023-0508 | 1 Gitlab | 1 Gitlab | 2025-01-07 | 3.1 Low |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. Open redirection was possible via HTTP response splitting in the NPM package API. | ||||
| CVE-2023-34958 | 1 Chamilo | 1 Chamilo Lms | 2025-01-06 | 4.3 Medium |
| Incorrect access control in Chamilo 1.11.* up to 1.11.18 allows a student subscribed to a given course to download documents belonging to another student if they know the document's ID. | ||||
| CVE-2023-34962 | 1 Chamilo | 1 Chamilo Lms | 2025-01-06 | 8.1 High |
| Incorrect access control in Chamilo v1.11.x up to v1.11.18 allows a student to arbitrarily access and modify another student's personal notes. | ||||
| CVE-2023-33847 | 3 Hp, Ibm, Linux | 5 Hp-ux, Aix, Cics Tx and 2 more | 2025-01-06 | 3.7 Low |
| IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 257102. | ||||
| CVE-2023-30766 | 1 Kbdevice | 12 Kb-ahr04d, Kb-ahr04d Firmware, Kb-ahr08d and 9 more | 2025-01-06 | 9.8 Critical |
| Hidden functionality issue exists in KB-AHR series and KB-IRIP series. If this vulnerability is exploited, an arbitrary OS command may be executed on the product or the device settings may be altered. Affected products and versions are as follows: KB-AHR04D versions prior to 91110.1.101106.78, KB-AHR08D versions prior to 91210.1.101106.78, KB-AHR16D versions prior to 91310.1.101106.78, KB-IRIP04A versions prior to 95110.1.100290.78A, KB-IRIP08A versions prior to 95210.1.100290.78A, and KB-IRIP16A versions prior to 95310.1.100290.78A. | ||||
| CVE-2024-30372 | 1 Alltena | 1 Allegra | 2025-01-03 | 6.3 Medium |
| Allegra getLinkText Server-Side Template Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of getLinkText method. The issue results from the lack of proper validation of a user-supplied string before processing it with the template engine. An attacker can leverage this vulnerability to execute code in the context of LOCAL SERVICE. Was ZDI-CAN-23609. | ||||