Export limit exceeded: 35583 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (35583 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-30630 | 2 Nongnu, Redhat | 2 Dmidecode, Enterprise Linux | 2025-03-04 | 7.1 High |
| Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible. NOTE: Some third parties have indicated the fix in 3.5 does not adequately address the vulnerability. The argument is that the proposed patch prevents dmidecode from writing to an existing file. However, there are multiple attack vectors that would not require overwriting an existing file that would provide the same level of unauthorized privilege escalation (e.g. creating a new file in /etc/cron.hourly). | ||||
| CVE-2023-37412 | 1 Ibm | 1 Aspera Faspex | 2025-03-04 | 4.4 Medium |
| IBM Aspera Faspex 5.0.0 through 5.0.10 could allow a privileged user to make system changes without proper access controls. | ||||
| CVE-2021-33639 | 1 Openatom | 1 Openeuler Kernel | 2025-03-04 | 7.5 High |
| REMAP cmd of SVM driver can be used to remap read only memory as read-write, then cause read only memory/file modified. | ||||
| CVE-2024-45426 | 1 Zoom | 6 Meeting Software Development Kit, Rooms, Rooms Controller and 3 more | 2025-03-04 | 4.9 Medium |
| Incorrect ownership assignment in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network access. | ||||
| CVE-2024-45417 | 1 Zoom | 4 Meeting Software Development Kit, Rooms, Video Software Development Kit and 1 more | 2025-03-04 | 6 Medium |
| Uncontrolled resource consumption in the installer for some Zoom apps for macOS before version 6.1.5 may allow a privileged user to conduct a disclosure of information via local access. | ||||
| CVE-2025-21626 | 1 Glpi-project | 1 Glpi | 2025-03-04 | 5.8 Medium |
| GLPI is a free asset and IT management software package. Starting in version 0.71 and prior to version 10.0.18, an anonymous user can fetch sensitive information from the `status.php` endpoint. Version 10.0.18 contains a fix for the issue. Some workarounds are available. One may delete the `status.php` file, restrict its access, or remove any sensitive values from the `name` field of the active LDAP directories, mail servers authentication providers and mail receivers. | ||||
| CVE-2024-1619 | 1 Kaspersky | 1 Security | 2025-03-04 | 6.1 Medium |
| Kaspersky has fixed a security issue in the Kaspersky Security 8.0 for Linux Mail Server. The issue was that an attacker could potentially force an administrator to click on a malicious link to perform unauthorized actions. | ||||
| CVE-2024-0819 | 4 Apple, Linux, Microsoft and 1 more | 4 Macos, Linux Kernel, Windows and 1 more | 2025-03-03 | 7.3 High |
| Improper initialization of default settings in TeamViewer Remote Client prior version 15.51.5 for Windows, Linux and macOS, allow a low privileged user to elevate privileges by changing the personal password setting and establishing a remote connection to a logged-in admin account. | ||||
| CVE-2023-24033 | 1 Samsung | 10 Exynos 1080, Exynos 1080 Firmware, Exynos 980 and 7 more | 2025-03-03 | 7.5 High |
| The Samsung Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, and Exynos Auto T512 baseband modem chipsets do not properly check format types specified by the Session Description Protocol (SDP) module, which can lead to a denial of service. | ||||
| CVE-2022-2259 | 1 Octopus | 1 Octopus Server | 2025-03-03 | 4.3 Medium |
| In affected versions of Octopus Deploy it is possible for a user to view Workerpools without being explicitly assigned permissions to view these items | ||||
| CVE-2023-24579 | 1 Mcafee | 1 Total Protection | 2025-03-03 | 7.8 High |
| McAfee Total Protection prior to 16.0.51 allows attackers to trick a victim into uninstalling the application via the command prompt. | ||||
| CVE-2023-30769 | 1 Dogecoin | 1 Dogecoin | 2025-03-03 | 9.1 Critical |
| Vulnerability discovered is related to the peer-to-peer (p2p) communications, attackers can craft consensus messages, send it to individual nodes and take them offline. An attacker can crawl the network peers using getaddr message and attack the unpatched nodes. | ||||
| CVE-2023-28141 | 1 Qualys | 1 Cloud Agent | 2025-03-03 | 6.7 Medium |
| An NTFS Junction condition exists in the Qualys Cloud Agent for Windows platform in versions before 4.8.0.31. Attackers may write files to arbitrary locations via a local attack vector. This allows attackers to assume the privileges of the process, and they may delete or otherwise on unauthorized files, allowing for the potential modification or deletion of sensitive files limited only to that specific directory/file object. This vulnerability is bounded to the time of installation/uninstallation and can only be exploited locally. At the time of this disclosure, versions before 4.0 are classified as End of Life. | ||||
| CVE-2023-30540 | 1 Nextcloud | 1 Talk | 2025-03-03 | 3.5 Low |
| Nextcloud Talk is a chat, video & audio call extension for Nextcloud. In affected versions a user that was added later to a conversation can use this information to get access to data that was deleted before they were added to the conversation. This issue has been patched in version 15.0.5 and it is recommended that users upgrad to 15.0.5. There are no known workarounds for this issue. | ||||
| CVE-2025-21126 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2025-03-03 | 5.5 Medium |
| InDesign Desktop versions ID20.0, ID19.5.1 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service condition. An attacker could exploit this vulnerability to cause the application to crash, resulting in a denial of service. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2024-5354 | 1 Anji-plus | 1 Aj-report | 2025-03-01 | 4.3 Medium |
| A vulnerability classified as problematic was found in anji-plus AJ-Report up to 1.4.1. This vulnerability affects unknown code of the file /reportShare/detailByCode. The manipulation of the argument shareToken leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-266266 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-27119 | 1 Webassembly | 1 Wabt | 2025-02-28 | 5.5 Medium |
| WebAssembly v1.0.29 was discovered to contain a segmentation fault via the component wabt::Decompiler::WrapChild. | ||||
| CVE-2023-1084 | 1 Gitlab | 1 Gitlab | 2025-02-28 | 2.7 Low |
| An issue has been discovered in GitLab CE/EE affecting all versions before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. A malicious project Maintainer may create a Project Access Token with Owner level privileges using a crafted request. | ||||
| CVE-2023-0483 | 1 Gitlab | 1 Gitlab | 2025-02-28 | 5.5 Medium |
| An issue has been discovered in GitLab affecting all versions starting from 12.1 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. It was possible for a project maintainer to extract a Datadog integration API key by modifying the site. | ||||
| CVE-2023-0223 | 1 Gitlab | 1 Gitlab | 2025-02-28 | 5.3 Medium |
| An issue has been discovered in GitLab affecting all versions starting from 15.5 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. Non-project members could retrieve release descriptions via the API, even if the release visibility is restricted to project members only in the project settings. | ||||