Search Results (35583 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-30330 1 Softexpert 1 Excellence Suite 2025-01-24 9.8 Critical
SoftExpert (SE) Excellence Suite 2.x versions before 2.1.3 is vulnerable to Local File Inclusion in the function /se/v42300/generic/gn_defaultframe/2.0/defaultframe_filter.php.
CVE-2023-29790 1 Kodcloud 1 Kodbox 2025-01-24 7.5 High
kodbox 1.2.x through 1.3.7 has a Sensitive Information Leakage issue.
CVE-2022-36329 1 Westerndigital 6 My Cloud Home, My Cloud Home Duo, My Cloud Home Duo Firmware and 3 more 2025-01-24 4.4 Medium
An improper privilege management issue that could allow an attacker to cause a denial of service over the OTA mechanism was discovered in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi devices.This issue affects My Cloud Home and My Cloud Home Duo: before 9.4.0-191; ibi: before 9.4.0-191.
CVE-2023-21109 1 Google 1 Android 2025-01-24 7.8 High
In multiple places of AccessibilityService, there is a possible way to hide the app from the user due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-261589597
CVE-2023-21102 2 Google, Redhat 2 Android, Enterprise Linux 2025-01-24 7.8 High
In __efi_rt_asm_wrapper of efi-rt-wrapper.S, there is a possible bypass of shadow stack protection due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-260821414References: Upstream kernel
CVE-2023-25772 1 Intel 1 Retail Edge Program 2025-01-24 5 Medium
Improper input validation in the Intel(R) Retail Edge Mobile Android application before version 3.0.301126-RELEASE may allow an authenticated user to potentially enable denial of service via local access.
CVE-2023-23573 1 Intel 1 Unite 2025-01-24 4.4 Medium
Improper access control in the Intel(R) Unite(R) android application before Release 17 may allow a privileged user to potentially enable information disclosure via local access.
CVE-2023-2646 1 Tp-link 2 Archer C7, Archer C7 Firmware 2025-01-24 4.5 Medium
A vulnerability has been found in TP-Link Archer C7v2 v2_en_us_180114 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component GET Request Parameter Handler. The manipulation leads to denial of service. The attack can only be done within the local network. The associated identifier of this vulnerability is VDB-228775. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2023-24540 2 Golang, Redhat 20 Go, Acm, Advanced Cluster Security and 17 more 2025-01-24 9.8 Critical
Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution.
CVE-2023-20717 2 Google, Mediatek 26 Android, Mt6768, Mt6769 and 23 more 2025-01-24 4.1 Medium
In vcu, there is a possible leak of dma buffer due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07645185; Issue ID: ALPS07645185.
CVE-2021-0877 1 Google 1 Android 2025-01-24 9.8 Critical
Product: AndroidVersions: Android SoCAndroid ID: A-273754094
CVE-2023-29242 1 Intel 6 Oneapi Ai Analytics Toolkit, Oneapi Base Toolkit, Oneapi Dl Framework Developer Toolkit and 3 more 2025-01-24 6.7 Medium
Improper access control for Intel(R) oneAPI Toolkits before version 2021.1 Beta 10 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-30768 1 Intel 128 Server Board S1200btl, Server Board S1200btl Firmware, Server Board S1200btlr and 125 more 2025-01-24 7.1 High
Improper access control in the Intel(R) Server Board S2600WTT belonging to the Intel(R) Server Board S2600WT Family with the BIOS version 0016 may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2023-32075 1 Pimcore 1 Customer Management Framework 2025-01-24 4.3 Medium
The Customer Management Framework (CMF) for Pimcore adds functionality for customer data management. In `pimcore/customer-management-framework-bundle` prior to version 3.3.9, business logic errors are possible in the `Conditions` tab since the counter can be a negative number. This vulnerability is capable of the unlogic in the counter value in the Conditions tab. Users should update to version 3.3.9 to receive a patch or, as a workaround, or apply the patch manually.
CVE-2024-5913 1 Paloaltonetworks 1 Pan-os 2025-01-24 6.1 Medium
An improper input validation vulnerability in Palo Alto Networks PAN-OS software enables an attacker with the ability to tamper with the physical file system to elevate privileges.
CVE-2023-32059 1 Vyperlang 1 Vyper 2025-01-24 7.5 High
Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, internal calls with default arguments are compiled incorrectly. Depending on the number of arguments provided in the call, the defaults are added not right-to-left, but left-to-right. If the types are incompatible, typechecking is bypassed. The ability to pass kwargs to internal functions is an undocumented feature that is not well known about. The issue is patched in version 0.3.8.
CVE-2023-2181 1 Gitlab 1 Gitlab 2025-01-24 6.3 Medium
An issue has been discovered in GitLab affecting all versions before 15.9.8, 15.10.0 before 15.10.7, and 15.11.0 before 15.11.3. A malicious developer could use a git feature called refs/replace to smuggle content into a merge request which would not be visible during review in the UI.
CVE-2024-28193 1 Yooooomi 1 Your Spotify 2025-01-24 6.5 Medium
your_spotify is an open source, self hosted Spotify tracking dashboard. YourSpotify version <1.8.0 allows users to create a public token in the settings, which can be used to provide guest-level access to the information of that specific user in YourSpotify. The /me API endpoint discloses Spotify API access and refresh tokens to guest users. Attackers with access to a public token for guest access to YourSpotify can therefore obtain access to Spotify API tokens of YourSpotify users. As a consequence, attackers may extract profile information, information about listening habits, playlists and other information from the corresponding Spotify profile. In addition, the attacker can pause and resume playback in the Spotify app at will. This issue has been resolved in version 1.8.0. Users are advised to upgrade. There are no known workarounds for this issue.
CVE-2024-47760 1 Glpi-project 1 Glpi 2025-01-23 8.8 High
GLPI is a free asset and IT management software package. Starting in version 9.1.0 and prior to version 10.0.17, a technician with an access to the API can take control of an account with higher privileges. Version 10.0.17 contains a patch for this issue.
CVE-2023-27863 2 Ibm, Linux 2 Spectrum Protect, Linux Kernel 2025-01-23 4.4 Medium
IBM Spectrum Protect Plus Server 10.1.13, under specific configurations, could allow an elevated user to obtain SMB credentials that may be used to access vSnap data stores. IBM X-Force ID: 249325.