Export limit exceeded: 35583 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (35583 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-23314 1 F5 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more 2025-01-23 7.5 High
When HTTP/2 is configured on BIG-IP or BIG-IP Next SPK systems, undisclosed responses can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
CVE-2023-26044 1 Reactphp 1 Http 2025-01-23 5.3 Medium
react/http is an event-driven, streaming HTTP client and server implementation for ReactPHP. Previous versions of ReactPHP's HTTP server component contain a potential DoS vulnerability that can cause high CPU load when processing large HTTP request bodies. This vulnerability has little to no impact on the default configuration, but can be exploited when explicitly using the RequestBodyBufferMiddleware with very large settings. This might lead to consuming large amounts of CPU time for processing requests and significantly delay or slow down the processing of legitimate user requests. This issue has been addressed in release 1.9.0. Users are advised to upgrade. Users unable to upgrade may keep the request body limited using RequestBodyBufferMiddleware with a sensible value which should mitigate the issue. An infrastructure or DevOps workaround could be to place a reverse proxy in front of the ReactPHP HTTP server to filter out any excessive HTTP request bodies.
CVE-2023-43748 1 Intel 2 Graphics Performance Analyzer, Graphics Performance Analyzers Framework 2025-01-23 7.8 High
Improper access control in some Intel(R) GPA Framework software installers before version 2023.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-40071 1 Intel 1 Graphics Performance Analyzers 2025-01-23 7.3 High
Improper access control in some Intel(R) GPA software installers before version 2023.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-31679 1 Videogo Project 1 Videogo 2025-01-23 7.5 High
Incorrect access control in Videogo v6.8.1 allows attackers to access images from other devices via modification of the Device Id parameter.
CVE-2023-31678 1 Videogo Project 1 Videogo 2025-01-23 5.3 Medium
Incorrect access control in Videogo v6.8.1 allows attackers to bind shared devices after the connection has been ended.
CVE-2023-31677 1 Luowice 1 Luowice 2025-01-23 7.5 High
Insecure permissions in luowice 3.5.18 allow attackers to view information for other alarm devices via modification of the eseeid parameter.
CVE-2023-29927 1 Sage 1 Sage 300 2025-01-23 4.3 Medium
Versions of Sage 300 through 2022 implement role-based access controls that are only enforced client-side. Low-privileged Sage users, particularly those on a workstation setup in the "Windows Peer-to-Peer Network" or "Client Server Network" Sage 300 configurations, could recover the SQL connection strings being used by Sage 300 and interact directly with the underlying database(s) to create, update, and delete all company records, bypassing the program’s role-based access controls.
CVE-2023-28078 1 Dell 1 Smartfabric Os10 2025-01-23 9.1 Critical
Dell OS10 Networking Switches running 10.5.2.x and above contain a vulnerability with zeroMQ when VLT is configured. A remote unauthenticated attacker could potentially exploit this vulnerability leading to information disclosure and a possible Denial of Service when a huge number of requests are sent to the switch. This is a high severity vulnerability as it allows an attacker to view sensitive data. Dell recommends customers to upgrade at the earliest opportunity.
CVE-2023-32484 1 Dell 1 Enterprise Sonic Distribution 2025-01-23 9.8 Critical
Dell Networking Switches running Enterprise SONiC versions 4.1.0, 4.0.5, 3.5.4 and below contains an improper input validation vulnerability. A remote unauthenticated malicious user may exploit this vulnerability and escalate privileges up to the highest administrative level. This is a Critical vulnerability affecting certain protocols, Dell recommends customers to upgrade at the earliest opportunity.
CVE-2023-39244 1 Dell 1 Enterprise Storage Integrator For Sap Landscape Management 2025-01-23 7.3 High
DELL ESI (Enterprise Storage Integrator) for SAP LAMA, version 10.0, contains an information disclosure vulnerability in EHAC component. An remote unauthenticated attacker could potentially exploit this vulnerability by eavesdropping the network traffic to gain admin level credentials.
CVE-2023-39245 1 Dell 1 Enterprise Storage Integrator For Sap Landscape Management 2025-01-23 9.8 Critical
DELL ESI (Enterprise Storage Integrator) for SAP LAMA, version 10.0, contains an information disclosure vulnerability in EHAC component. An remote unauthenticated attacker could potentially exploit this vulnerability by eavesdropping the network traffic to gain admin level credentials.
CVE-2024-0622 1 Microfocus 1 Operations Agent 2025-01-23 8.8 High
Local privilege escalation vulnerability affects OpenText Operations Agent product versions 12.15 and 12.20-12.25 when installed on Non-Windows platforms. The vulnerability could allow local privilege escalation. 
CVE-2024-25979 2 Fedoraproject, Moodle 2 Fedora, Moodle 2025-01-23 5.3 Medium
The URL parameters accepted by forum search were not limited to the allowed parameters.
CVE-2024-25980 2 Fedoraproject, Moodle 3 Fedora, H5p, Moodle 2025-01-23 4.3 Medium
Separate Groups mode restrictions were not honored in the H5P attempts report, which would display users from other groups. By default this only provided additional access to non-editing teachers.
CVE-2024-25981 2 Fedoraproject, Moodle 2 Fedora, Moodle 2025-01-23 4.3 Medium
Separate Groups mode restrictions were not honored when performing a forum export, which would export forum data for all groups. By default this only provided additional access to non-editing teachers.
CVE-2023-30281 1 Storecommander 1 Scquickaccounting 2025-01-23 7.5 High
Insecure permissions vulnerability was discovered, due to a lack of permissions’s control in scquickaccounting before v3.7.3 from Store Commander for PrestaShop, a guest can access exports from the module which can lead to leak of personnal informations from ps_customer table sush as name / surname / email
CVE-2024-21590 1 Juniper 1 Junos Os Evolved 2025-01-23 5.3 Medium
An Improper Input Validation vulnerability in Juniper Tunnel Driver (jtd) and ICMP module of Juniper Networks Junos OS Evolved allows an unauthenticated attacker within the MPLS administrative domain to send specifically crafted packets to the Routing Engine (RE) to cause a Denial of Service (DoS).  When specifically crafted transit MPLS IPv4 packets are received by the Packet Forwarding Engine (PFE), these packets are internally forwarded to the RE. Continued receipt of these packets may create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS: * All versions before 21.2R3-S8-EVO; * from 21.4-EVO before 21.4R3-S6-EVO; * from 22.2-EVO before 22.2R3-S4-EVO; * from 22.3-EVO before 22.3R3-S3-EVO; * from 22.4-EVO before 22.4R3-EVO; * from 23.2-EVO before 23.2R2-EVO. * from 23.4-EVO before 23.4R1-S1-EVO.
CVE-2023-31572 1 Bludit 1 Bludit 2025-01-23 8.8 High
An issue in Bludit 4.0.0-rc-2 allows authenticated attackers to change the Administrator password and escalate privileges via a crafted request.
CVE-2023-24934 1 Microsoft 1 Malware Protection Platform 2025-01-23 6.2 Medium
Microsoft Defender Security Feature Bypass Vulnerability