Export limit exceeded: 11157 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11157 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-29580 | 1 Yasm Project | 1 Yasm | 2025-02-08 | 5.5 Medium |
| yasm 1.3.0.55.g101bc was discovered to contain a segmentation violation via the component yasm_expr_create at /libyasm/expr.c. | ||||
| CVE-2023-26458 | 1 Sap | 1 Landscape Management | 2025-02-07 | 6.8 Medium |
| An information disclosure vulnerability exists in SAP Landscape Management - version 3.0, enterprise edition. It allows an authenticated SAP Landscape Management user to obtain privileged access to other systems making those other systems vulnerable to information disclosure and modification.The disclosed information is for Diagnostics Agent Connection via Java SCS Message Server of an SAP Solution Manager system and can only be accessed by authenticated SAP Landscape Management users, but they can escalate their privileges to the SAP Solution Manager system. | ||||
| CVE-2024-2223 | 1 Bitdefender | 2 Endpoint Security, Gravityzone Control Center | 2025-02-07 | 8.1 High |
| An Incorrect Regular Expression vulnerability in Bitdefender GravityZone Update Server allows an attacker to cause a Server Side Request Forgery and reconfigure the relay. This issue affects the following products that include the vulnerable component: Bitdefender Endpoint Security for Linux version 7.0.5.200089 Bitdefender Endpoint Security for Windows version 7.9.9.380 GravityZone Control Center (On Premises) version 6.36.1 | ||||
| CVE-2024-32685 | 1 Wpmet | 1 Wp Ultimate Review | 2025-02-07 | 5.3 Medium |
| Client-Side Enforcement of Server-Side Security vulnerability in Wpmet Wp Ultimate Review allows Functionality Bypass.This issue affects Wp Ultimate Review: from n/a through 2.2.5. | ||||
| CVE-2023-6317 | 1 Lg | 5 Lg43um7000pla, Oled48c1pub, Oled55a23la and 2 more | 2025-02-07 | 7.2 High |
| A prompt bypass exists in the secondscreen.gateway service running on webOS version 4 through 7. An attacker can create a privileged account without asking the user for the security PIN. Full versions and TV models affected: webOS 4.9.7 - 5.30.40 running on LG43UM7000PLA webOS 5.5.0 - 04.50.51 running on OLED55CXPUA webOS 6.3.3-442 (kisscurl-kinglake) - 03.36.50 running on OLED48C1PUB webOS 7.3.1-43 (mullet-mebin) - 03.33.85 running on OLED55A23LA | ||||
| CVE-2023-26263 | 1 Talend | 1 Data Catalog | 2025-02-07 | 5.5 Medium |
| All versions of Talend Data Catalog before 8.0-20230110 are potentially vulnerable to XML External Entity (XXE) attacks in the /MIMBWebServices/license endpoint of the remote harvesting server. | ||||
| CVE-2023-25954 | 3 Kyocera, Olivetti, Triumph-adler | 3 Mobile Print, Mobile Print, Mobile Print | 2025-02-07 | 5.5 Medium |
| KYOCERA Mobile Print' v3.2.0.230119 and earlier, 'UTAX/TA MobilePrint' v3.2.0.230119 and earlier, and 'Olivetti Mobile Print' v3.2.0.230119 and earlier are vulnerable to improper intent handling. When a malicious app is installed on the victim user's Android device, the app may send an intent and direct the affected app to download malicious files or apps to the device without notification. | ||||
| CVE-2023-22950 | 1 Tigergraph | 1 Tigergraph | 2025-02-07 | 6.5 Medium |
| An issue was discovered in TigerGraph Enterprise Free Edition 3.x. Data loading jobs in gsql_server, created by any user with designer permissions, can read sensitive data from arbitrary locations. | ||||
| CVE-2022-45175 | 1 Liveboxcloud | 1 Vdesk | 2025-02-07 | 6.5 Medium |
| An issue was discovered in LIVEBOX Collaboration vDesk through v018. An Insecure Direct Object Reference can occur under the 5.6.5-3/doc/{ID-FILE]/c/{N]/{C]/websocket endpoint. A malicious unauthenticated user can access cached files in the OnlyOffice backend of other users by guessing the file ID of a target file. | ||||
| CVE-2023-29192 | 1 Silverwaregames | 1 Silverwaregames | 2025-02-07 | 2.7 Low |
| SilverwareGames.io versions before 1.2.19 allow users with access to the game upload panel to edit download links for games uploaded by other developers. This has been fixed in version 1.2.19. | ||||
| CVE-2018-17449 | 1 Gitlab | 1 Gitlab | 2025-02-07 | 7.5 High |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Remote attackers could obtain sensitive information about issues, comments, and project titles via events API insecure direct object reference. | ||||
| CVE-2023-6154 | 1 Bitdefender | 4 Antivirus, Antivirus Plus, Internet Security and 1 more | 2025-02-07 | 7.8 High |
| A configuration setting issue in seccenter.exe as used in Bitdefender Total Security, Bitdefender Internet Security, Bitdefender Antivirus Plus, Bitdefender Antivirus Free allows an attacker to change the product's expected behavior and potentially load a third-party library upon execution. This issue affects Total Security: 27.0.25.114; Internet Security: 27.0.25.114; Antivirus Plus: 27.0.25.114; Antivirus Free: 27.0.25.114. | ||||
| CVE-2023-28828 | 1 Siemens | 1 Polarion Alm | 2025-02-07 | 5.9 Medium |
| A vulnerability has been identified in Polarion ALM (All versions < V22R2). The application contains a XML External Entity Injection (XXE) vulnerability. This could allow an attacker to view files on the application server filesystem. | ||||
| CVE-2023-28062 | 1 Dell | 1 Powerprotect Data Manager | 2025-02-07 | 8.8 High |
| Dell PPDM versions 19.12, 19.11 and 19.10, contain an improper access control vulnerability. A remote authenticated malicious user with low privileges could potentially exploit this vulnerability to bypass intended access restrictions and perform unauthorized actions. | ||||
| CVE-2023-26264 | 1 Talend | 1 Data Catalog | 2025-02-07 | 5.5 Medium |
| All versions of Talend Data Catalog before 8.0-20220907 are potentially vulnerable to XML External Entity (XXE) attacks in the license parsing code. | ||||
| CVE-2024-46978 | 1 Xwiki | 2 Xwiki, Xwiki-platform | 2025-02-07 | 6.5 Medium |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible for any user knowing the ID of a notification filter preference of another user, to enable/disable it or even delete it. The impact is that the target user might start loosing notifications on some pages because of this. This vulnerability is present in XWiki since 13.2-rc-1. This vulnerability has been patched in XWiki 14.10.21, 15.5.5, 15.10.1, 16.0-rc-1. The patch consists in checking properly the rights of the user before performing any action on the filters. Users are advised to upgrade. It's possible to fix manually the vulnerability by editing the document `XWiki.Notifications.Code.NotificationPreferenceService` to apply the changes performed in commit e8acc9d8e6af7dfbfe70716ded431642ae4a6dd4. | ||||
| CVE-2022-46886 | 1 Servicenow | 1 Servicenow | 2025-02-06 | 5.5 Medium |
| There exists an open redirect within the response list update functionality of ServiceNow. This allows attackers to redirect users to arbitrary domains when clicking on a URL within a service-now domain. | ||||
| CVE-2018-17455 | 1 Gitlab | 1 Gitlab | 2025-02-06 | 7.5 High |
| An issue was discovered in GitLab Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Attackers could obtain sensitive information about group names, avatars, LDAP settings, and descriptions via an insecure direct object reference to the "merge request approvals" feature. | ||||
| CVE-2023-45808 | 1 Combodo | 1 Itop | 2025-02-06 | 4.1 Medium |
| iTop is an IT service management platform. When creating or updating an object, extkey values aren't checked to be in the current user silo. In other words, by forging an http request, the user can create objects pointing to out of silo objects (for example a UserRequest in an out of scope Organization). Fixed in iTop 2.7.10, 3.0.4, 3.1.1, and 3.2.0. | ||||
| CVE-2024-30387 | 1 Juniper | 3 Acx5448, Acx710, Junos | 2025-02-06 | 6.5 Medium |
| A Missing Synchronization vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on ACX5448 and ACX710 allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS). If an interface flaps while the system gathers statistics on that interface, two processes simultaneously access a shared resource which leads to a PFE crash and restart. This issue affects Junos OS: * All versions before 20.4R3-S9, * 21.2 versions before 21.2R3-S5, * 21.3 versions before 21.3R3-S5, * 21.4 versions before 21.4R3-S4, * 22.1 versions before 22.1R3-S2, * 22.2 versions before 22.2R3-S2, * 22.3 versions before 22.3R2-S2, 22.3R3, * 22.4 versions before 22.4R2. | ||||