Search Results (35583 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-26371 1 Amd 256 Amd 3015ce, Amd 3015ce Firmware, Amd 3015e and 253 more 2025-01-28 5.5 Medium
A compromised or malicious ABL or UApp could send a SHA256 system call to the bootloader, which may result in exposure of ASP memory to userspace, potentially leading to information disclosure.
CVE-2023-29752 1 Ekatox 1 Facemoji Emoji Keyboard 2025-01-28 7.8 High
An issue found in Facemoji Emoji Keyboard v.2.9.1.2 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the component.
CVE-2023-25650 1 Zte 1 Zxcloud Irai 2025-01-28 6.5 Medium
There is an arbitrary file download vulnerability in ZXCLOUD iRAI. Since the backend does not escape special strings or restrict paths, an attacker with user permission could access the download interface by modifying the request parameter, causing arbitrary file downloads.
CVE-2023-27510 1 Jubei 1 Jb Inquiry Form 2025-01-28 5.3 Medium
JB Inquiry form contains an exposure of private personal information to an unauthorized actor vulnerability, which may allow a remote unauthenticated attacker to obtain information entered from forms created using the affected product. The affected products and versions are as follows: JB Inquiry form versions 0.6.1 and 0.6.0, JB Inquiry form versions 0.5.2, 0.5.1 and 0.5.0, and JB Inquiry form version 0.40.
CVE-2023-22361 1 Seiko-sol 4 Skybridge Mb-a100, Skybridge Mb-a100 Firmware, Skybridge Mb-a110 and 1 more 2025-01-28 4.3 Medium
Improper privilege management vulnerability in SkyBridge MB-A100/110 firmware Ver. 4.2.0 and earlier allows a remote authenticated attacker to alter a WebUI password of the product.
CVE-2023-27563 1 N8n 1 N8n 2025-01-27 8.8 High
The n8n package 0.218.0 for Node.js allows Escalation of Privileges.
CVE-2023-31587 1 Tenda 2 Ac5, Ac5 Firmware 2025-01-27 9.8 Critical
Tenda AC5 router V15.03.06.28 was discovered to contain a remote code execution (RCE) vulnerability via the Mac parameter at ip/goform/WriteFacMac.
CVE-2023-31471 1 Gl-inet 64 Gl-a1300, Gl-a1300 Firmware, Gl-ap1300 and 61 more 2025-01-27 9.8 Critical
An issue was discovered on GL.iNet devices before 3.216. Through the software installation feature, it is possible to install arbitrary software, such as a reverse shell, because the restrictions on the available package list are limited to client-side verification. It is possible to install software from the filesystem, the package list, or a URL.
CVE-2023-31555 1 Podofo Project 1 Podofo 2025-01-27 6.5 Medium
podofoinfo 0.10.0 was discovered to contain a segmentation violation via the function PoDoFo::PdfObject::DelayedLoad.
CVE-2023-1096 1 Netapp 1 Snapcenter 2025-01-27 9.8 Critical
SnapCenter versions 4.7 prior to 4.7P2 and 4.8 prior to 4.8P1 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to gain access as an admin user.
CVE-2022-36937 1 Facebook 1 Hhvm 2025-01-27 9.8 Critical
HHVM 4.172.0 and all prior versions use TLS 1.0 for secure connections when handling tls:// URLs in the stream extension. TLS1.0 has numerous published vulnerabilities and is deprecated. HHVM 4.153.4, 4.168.2, 4.169.2, 4.170.2, 4.171.1, 4.172.1, 4.173.0 replaces TLS1.0 with TLS1.3. Applications that call stream_socket_server or stream_socket_client functions with a URL starting with tls:// are affected.
CVE-2022-26840 1 Intel 1 Quartus Prime 2025-01-27 7.3 High
Improper neutralization in the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-30258 1 Eprosima 1 Fast Dds 2025-01-27 8.2 High
FastDDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). Prior to versions 2.14.1, 2.13.5, 2.10.4, and 2.6.8, when a publisher serves a malformed `RTPS` packet, the subscriber crashes when creating `pthread`. This can remotely crash any Fast-DDS process, potentially leading to a DOS attack. Versions 2.14.1, 2.13.5, 2.10.4, and 2.6.8 contain a patch for the issue.
CVE-2023-20880 1 Vmware 2 Aria Operations, Cloud Foundation 2025-01-27 6.7 Medium
VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'.
CVE-2023-20877 1 Vmware 2 Cloud Foundation, Vrealize Operations 2025-01-27 8.8 High
VMware Aria Operations contains a privilege escalation vulnerability. An authenticated malicious user with ReadOnly privileges can perform code execution leading to privilege escalation.
CVE-2022-38056 1 Intel 1 Endpoint Management Assistant 2025-01-27 3.8 Low
Improper neutralization in the Intel(R) EMA software before version 1.8.1.0 may allow a privileged user to potentially enable escalation of privilege via network access.
CVE-2022-36339 1 Intel 26 Cm11ebc4w, Cm11ebc4w Firmware, Cm11ebi38w and 23 more 2025-01-27 7.5 High
Improper input validation in firmware for Intel(R) NUC 8 Compute Element, Intel(R) NUC 11 Compute Element, Intel(R) NUC 12 Compute Element may allow a privileged user to enable escalation of privilege via local access.
CVE-2022-34147 1 Intel 82 Cm8ccb4r, Cm8ccb4r Firmware, Cm8i3cb4n and 79 more 2025-01-27 7.5 High
Improper input validation in BIOS firmware for some Intel(R) NUC 9 Extreme Laptop Kits, Intel(R) NUC Performance Kits, Intel(R) NUC Performance Mini PC, Intel(R) NUC 8 Compute Element, Intel(R) NUC Pro Kit, Intel(R) NUC Pro Board, and Intel(R) NUC Compute Element may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2023-22312 1 Intel 82 Lapkc51e, Lapkc51e Firmware, Lapkc71e and 79 more 2025-01-27 7.2 High
Improper access control for some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2022-32766 1 Intel 2 Compute Stick Stk2mv64cc, Compute Stick Stk2mv64cc Firmware 2025-01-27 7.2 High
Improper input validation for some Intel(R) BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.