Export limit exceeded: 35583 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (35583 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-22459 | 1 Dell | 1 Elastic Cloud Storage | 2025-02-04 | 6.8 Medium |
| Dell ECS, versions 3.6 through 3.6.2.5, and 3.7 through 3.7.0.6, and 3.8 through 3.8.0.4 versions, contain an improper access control vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to unauthorized access to all buckets and their data within a namespace | ||||
| CVE-2024-30473 | 1 Dell | 1 Elastic Cloud Storage | 2025-02-04 | 4.9 Medium |
| Dell ECS, versions prior to 3.8.1, contain a privilege elevation vulnerability in user management. A remote high privileged attacker could potentially exploit this vulnerability, gaining access to unauthorized end points. | ||||
| CVE-2023-2250 | 1 Linuxfoundation | 1 Open Cluster Management | 2025-02-04 | 6.7 Medium |
| A flaw was found in the Open Cluster Management (OCM) when a user have access to the worker nodes which has the cluster-manager-registration-controller or cluster-manager deployments. A malicious user can take advantage of this and bind the cluster-admin to any service account or using the service account to list all secrets for all kubernetes namespaces, leading into a cluster-level privilege escalation. | ||||
| CVE-2023-29570 | 1 Cesanta | 1 Mjs | 2025-02-04 | 5.5 Medium |
| Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_ffi_cb_free at src/mjs_ffi.c. This vulnerability can lead to a Denial of Service (DoS). | ||||
| CVE-2023-20871 | 2 Apple, Vmware | 2 Mac Os X, Fusion | 2025-02-04 | 7.8 High |
| VMware Fusion contains a local privilege escalation vulnerability. A malicious actor with read/write access to the host operating system can elevate privileges to gain root access to the host operating system. | ||||
| CVE-2024-28963 | 1 Dell | 2 Telemetry Dashboard, Thinos | 2025-02-04 | 6.2 Medium |
| Telemetry Dashboard v1.0.0.7 for Dell ThinOS 2402 contains a sensitive information disclosure vulnerability. An unauthenticated user with local access to the device could exploit this vulnerability to read sensitive proxy settings information. | ||||
| CVE-2025-0849 | 1 Campcodes | 1 School Management Software | 2025-02-04 | 6.3 Medium |
| A vulnerability classified as critical has been found in CampCodes School Management Software 1.0. Affected is an unknown function of the file /edit-staff/ of the component Staff Handler. The manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-26560 | 1 Northern.tech | 1 Cfengine | 2025-02-04 | 6.5 Medium |
| Northern.tech CFEngine Enterprise before 3.21.1 allows a subset of authenticated users to leverage the Scheduled Reports feature to read arbitrary files and potentially discover credentials. | ||||
| CVE-2024-49600 | 1 Dell | 1 Power Manager | 2025-02-04 | 7.8 High |
| Dell Power Manager (DPM), versions prior to 3.17, contain an improper access control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution and Elevation of Privileges. | ||||
| CVE-2024-38296 | 1 Dell | 4 Edge Gateway 3200, Edge Gateway 5200, Edge Gateway 5200 Firmware and 1 more | 2025-02-04 | 6.7 Medium |
| Dell Edge Gateway 3200, versions prior to 15.40.30.2879, and Edge Gateway 5200, versions prior to 12.0.94.2380, contain an Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to information exposure. | ||||
| CVE-2024-47984 | 1 Dell | 1 Recoverpoint For Virtual Machines | 2025-02-04 | 4.4 Medium |
| Dell RecoverPoint for Virtual Machines 6.0.x contains Denial of Service vulnerability. A User with Remote access could potentially exploit this vulnerability, leading to the disruption of most functionalities of the RPA persistent after reboot, resulting in need of technical support intervention in getting system back to stable state. | ||||
| CVE-2024-24902 | 1 Dell | 1 Recoverpoint For Virtual Machines | 2025-02-04 | 6.6 Medium |
| Dell RecoverPoint for Virtual Machines 6.0.x contains an Improper access control vulnerability. A low privileged local attacker could potentially exploit this vulnerability leading to gaining access to unauthorized data for a limited time. | ||||
| CVE-2024-47238 | 1 Dell | 16 Edge Gateway 3000, Edge Gateway 3000 Firmware, Edge Gateway 3001 and 13 more | 2025-02-04 | 7.5 High |
| Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code execution. | ||||
| CVE-2024-29961 | 1 Broadcom | 1 Brocade Sannav | 2025-02-04 | 8.2 High |
| A vulnerability affects Brocade SANnav before v2.3.1 and v2.3.0a. It allows a Brocade SANnav service to send ping commands in the background at regular intervals to gridgain.com to check if updates are available for the Component. This could make an unauthenticated, remote attacker aware of the behavior and launch a supply-chain attack against a Brocade SANnav appliance. | ||||
| CVE-2025-22395 | 1 Dell | 1 Update Package Framework | 2025-02-04 | 8.2 High |
| Dell Update Package Framework, versions prior to 22.01.02, contain(s) a Local Privilege Escalation Vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary remote scripts on the server. Exploitation may lead to a denial of service by an attacker. | ||||
| CVE-2023-2282 | 2 Devolutions, Microsoft | 2 Remote Desktop Manager, Windows | 2025-02-04 | 3.1 Low |
| Improper access control in the Web Login listener in Devolutions Remote Desktop Manager 2023.1.22 and earlier on Windows allows an authenticated user to bypass administrator-enforced Web Login restrictions and gain access to entries via an unexpected vector. | ||||
| CVE-2023-23839 | 1 Solarwinds | 1 Solarwinds Platform | 2025-02-04 | 6.5 Medium |
| The SolarWinds Platform was susceptible to the Exposure of Sensitive Information Vulnerability. This vulnerability allows users to access Orion.WebCommunityStrings SWIS schema object and obtain sensitive information. | ||||
| CVE-2024-3544 | 1 Progress | 1 Loadmaster | 2025-02-03 | 7.5 High |
| Unauthenticated attackers can perform actions, using SSH private keys, by knowing the IP address and having access to the same network of one of the machines in the HA or Cluster group. This vulnerability has been closed by enhancing LoadMaster partner communications to require a shared secret that must be exchanged between the partners before communication can proceed. | ||||
| CVE-2024-45331 | 1 Fortinet | 4 Fortianalyzer, Fortianalyzer Cloud, Fortimanager and 1 more | 2025-02-03 | 6.9 Medium |
| A incorrect privilege assignment in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15, FortiManager versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15, FortiAnalyzer Cloud versions 7.4.1 through 7.4.2, 7.2.1 through 7.2.6, 7.0.1 through 7.0.13, 6.4.1 through 6.4.7 allows attacker to escalate privilege via specific shell commands | ||||
| CVE-2024-11263 | 2 Zephyrproject, Zephyrproject-rtos | 2 Zephyr, Zephyr | 2025-02-03 | 9.4 Critical |
| When the Global Pointer (GP) relative addressing is enabled (CONFIG_RISCV_GP=y), the gp reg points at 0x800 bytes past the start of the .sdata section which is then used by the linker to relax accesses to global symbols. | ||||