Search Results (35583 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-54038 1 Adobe 1 Connect 2025-01-15 4.3 Medium
Adobe Connect versions 12.6, 11.4.7 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confidentiality. Exploitation of this issue does not require user interaction.
CVE-2024-43729 1 Adobe 1 Experience Manager 2025-01-15 6.5 Medium
Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a high impact on integrity. Exploitation of this issue does not require user interaction.
CVE-2024-43717 1 Adobe 1 Experience Manager 2025-01-15 4.3 Medium
Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confidentiality. Exploitation of this issue does not require user interaction.
CVE-2024-43716 1 Adobe 1 Experience Manager 2025-01-15 4.3 Medium
Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confidentiality. Exploitation of this issue does not require user interaction.
CVE-2023-22970 2 Fedoraproject, Usebottles 2 Fedora, Bottles 2025-01-15 7.8 High
Bottles before 51.0 mishandles YAML load, which allows remote code execution via a crafted file.
CVE-2023-21515 1 Samsung 1 Galaxy Store 2025-01-15 7.5 High
InstantPlay which included vulnerable script which could execute javascript in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store.
CVE-2020-9222 1 Huawei 1 Fusioncompute 2025-01-15 7 High
There is a privilege escalation vulnerability in Huawei FusionCompute product. Due to insufficient verification on specific files that need to be deserialized, local attackers can exploit this vulnerability to elevate permissions. (Vulnerability ID: HWPSIRT-2020-05241) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9222.
CVE-2023-33440 1 Faculty Evaluation System Project 1 Faculty Evaluation System 2025-01-14 7.2 High
Sourcecodester Faculty Evaluation System v1.0 is vulnerable to arbitrary code execution via /eval/ajax.php?action=save_user.
CVE-2023-33779 1 Xuxueli 1 Xxl-job 2025-01-14 8.8 High
A lateral privilege escalation vulnerability in XXL-Job v2.4.1 allows users to execute arbitrary commands on another user's account via a crafted POST request to the component /jobinfo/.
CVE-2018-7185 6 Canonical, Hpe, Netapp and 3 more 23 Ubuntu Linux, Hpux-ntp, Hci and 20 more 2025-01-14 7.5 High
The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the "other side" of an interleaved association causing the victim ntpd to reset its association.
CVE-2018-7170 4 Hpe, Netapp, Ntp and 1 more 10 Hpux-ntp, Hci, Solidfire and 7 more 2025-01-14 5.3 Medium
ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. This issue exists because of an incomplete fix for CVE-2016-1549.
CVE-2018-7184 5 Canonical, Netapp, Ntp and 2 more 10 Ubuntu Linux, Cloud Backup, Steelstore Cloud Integrated Storage and 7 more 2025-01-14 N/A
ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset and setting the contents of the packet as the most recent timestamp. This issue is a result of an incomplete fix for CVE-2015-7704.
CVE-2022-22680 1 Synology 1 Diskstation Manager 2025-01-14 5.3 Medium
Exposure of sensitive information to an unauthorized actor vulnerability in Web Server in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to obtain sensitive information via unspecified vectors.
CVE-2023-31873 1 Gin Project 1 Gin 2025-01-14 7.8 High
Gin 0.7.4 allows execution of arbitrary code when a crafted file is opened, e.g., via require('child_process').
CVE-2023-30350 1 Fs 2 S3900 24t4s, S3900 24t4s Firmware 2025-01-14 8.8 High
FS S3900-24T4S devices allow authenticated attackers with guest access to escalate their privileges and reset the admin password.
CVE-2023-32321 1 Okfn 1 Ckan 2025-01-14 9.8 Critical
CKAN is an open-source data management system for powering data hubs and data portals. Multiple vulnerabilities have been discovered in Ckan which may lead to remote code execution. An arbitrary file write in `resource_create` and `package_update` actions, using the `ResourceUploader` object. Also reachable via `package_create`, `package_revise`, and `package_patch` via calls to `package_update`. Remote code execution via unsafe pickle loading, via Beaker's session store when configured to use the file session store backend. Potential DOS due to lack of a length check on the resource id. Information disclosure: A user with permission to create a resource can access any other resource on the system if they know the id, even if they don't have access to it. Resource overwrite: A user with permission to create a resource can overwrite any resource if they know the id, even if they don't have access to it. A user with permissions to create or edit a dataset can upload a resource with a specially crafted id to write the uploaded file in an arbitrary location. This can be leveraged to Remote Code Execution via Beaker's insecure pickle loading. All the above listed vulnerabilities have been fixed in CKAN 2.9.9 and CKAN 2.10.1. Users are advised to upgrade. There are no known workarounds for these issues.
CVE-2020-9236 1 Huawei 1 Fusioncompute 2025-01-14 8.8 High
There is an improper interface design vulnerability in Huawei product. A module interface of the impated product does not deal with some operations properly. Attackers can exploit this vulnerability to perform malicious operatation to compromise module service. (Vulnerability ID: HWPSIRT-2020-05010) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9236.
CVE-2024-54100 1 Huawei 2 Emui, Harmonyos 2025-01-14 6.2 Medium
Vulnerability of improper access control in the secure input module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.
CVE-2023-28153 1 Kiddoware 1 Kiddoware 2025-01-14 6.4 Medium
An issue was discovered in the Kiddoware Kids Place Parental Control application before 3.8.50 for Android. The child can remove all restrictions temporarily without the parents noticing by rebooting into Android Safe Mode and disabling the "Display over other apps" permission.
CVE-2023-24604 1 Open-xchange 1 Ox App Suite 2025-01-14 4.3 Medium
OX App Suite before backend 7.10.6-rev37 does not check HTTP header lengths when downloading, e.g., potentially allowing a crafted iCal feed to provide an unlimited amount of header data.