Export limit exceeded: 366369 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 35583 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (35583 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-0635 1 Abb 38 Aspect-ent-12, Aspect-ent-12 Firmware, Aspect-ent-2 and 35 more 2025-01-08 7.8 High
Improper Privilege Management vulnerability in ABB Ltd. ASPECT®-Enterprise on ASPECT®-Enterprise, Linux (2CQG103201S3021, 2CQG103202S3021, 2CQG103203S3021, 2CQG103204S3021 modules), ABB Ltd. NEXUS Series on NEXUS Series, Linux (2CQG100102R2021, 2CQG100104R2021, 2CQG100105R2021, 2CQG100106R2021, 2CQG100110R2021, 2CQG100112R2021, 2CQG100103R2021, 2CQG100107R2021, 2CQG100108R2021, 2CQG100109R2021, 2CQG100111R2021, 2CQG100113R2021 modules), ABB Ltd. MATRIX Series on MATRIX Series, Linux (2CQG100102R1021, 2CQG100103R1021, 2CQG100104R1021, 2CQG100105R1021, 2CQG100106R1021 modules) allows Privilege Escalation.This issue affects ASPECT®-Enterprise: from 3.0;0 before 3.07.01; NEXUS Series: from 3.0;0 before 3.07.01; MATRIX Series: from 3.0;0 before 3.07.01.
CVE-2022-4569 1 Lenovo 2 Thinkpad Hybrid Usb-c With Usb-a Dock, Thinkpad Hybrid Usb-c With Usb-a Dock Firmware 2025-01-08 7.8 High
A local privilege escalation vulnerability in the ThinkPad Hybrid USB-C with USB-A Dock Firmware Update Tool could allow an attacker with local access to execute code with elevated privileges during the package upgrade or installation.
CVE-2023-33653 1 Sitecore 1 Experience Platform 2025-01-08 8.8 High
Sitecore Experience Platform (XP) v9.3 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the component /Applications/Content%20Manager/Execute.aspx?cmd=convert&mode=HTML.
CVE-2023-2961 1 Advancemame 1 Advancecomp 2025-01-07 3.3 Low
A segmentation fault flaw was found in the Advancecomp package. This may lead to decreased availability.
CVE-2023-1621 1 Gitlab 1 Gitlab 2025-01-07 6.5 Medium
An issue has been discovered in GitLab EE affecting all versions starting from 12.0 before 15.10.5, all versions starting from 15.11 before 15.11.1. A malicious group member may continue to commit to projects even from a restricted IP address.
CVE-2024-21259 1 Oracle 1 Vm Virtualbox 2025-01-07 7.5 High
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.22 and prior to 7.1.2. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).
CVE-2023-1779 1 Mbconnectline 2 Mbconnect24, Mymbconnect24 2025-01-07 4.3 Medium
Exposure of Sensitive Information to an unauthorized actor vulnerability in MB Connect Lines mbCONNECT24, mymbCONNECT24 and Helmholz' myREX24 and myREX24.virtual in versions <=2.13.3 allow an authorized remote attacker with low privileges to view a limited amount of another accounts contact information.
CVE-2023-41718 2 Ivanti, Microsoft 2 Secure Access Client, Windows 2025-01-07 7.8 High
When a particular process flow is initiated, an attacker may be able to gain unauthorized elevated privileges on the affected system when having control over a specific file.
CVE-2023-38543 2 Ivanti, Microsoft 2 Secure Access Client, Windows 2025-01-07 7.8 High
A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to a denial of service (DoS) condition on the user machine.
CVE-2023-35080 2 Ivanti, Microsoft 2 Secure Access Client, Windows 2025-01-07 7.8 High
A vulnerability has been identified in the Ivanti Secure Access Windows client, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to various security risks, including the escalation of privileges, denial of service, or information disclosure.
CVE-2023-2589 1 Gitlab 1 Gitlab 2025-01-07 5.9 Medium
An issue has been discovered in GitLab EE affecting all versions starting from 12.0 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. An attacker can clone a repository from a public project, from a disallowed IP, even after the top-level group has enabled IP restrictions on the group.
CVE-2023-2013 1 Gitlab 1 Gitlab 2025-01-07 2.6 Low
An issue has been discovered in GitLab CE/EE affecting all versions starting from 1.2 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. An issue was found that allows someone to abuse a discrepancy between the Web application display and the git command line interface to social engineer victims into cloning non-trusted code.
CVE-2023-2001 1 Gitlab 1 Gitlab 2025-01-07 4.3 Medium
An issue has been discovered in GitLab CE/EE affecting all versions before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. An attacker was able to spoof protected tags, which could potentially lead a victim to download malicious code.
CVE-2022-31693 2 Microsoft, Vmware 2 Windows, Tools 2025-01-07 5.5 Medium
VMware Tools for Windows (12.x.y prior to 12.1.5, 11.x.y and 10.x.y) contains a denial-of-service vulnerability in the VM3DMP driver. A malicious actor with local user privileges in the Windows guest OS, where VMware Tools is installed, can trigger a PANIC in the VM3DMP driver leading to a denial-of-service condition in the Windows guest OS.
CVE-2024-43416 1 Glpi-project 1 Glpi 2025-01-07 7.5 High
GLPI is a free asset and IT management software package. Starting in version 0.80 and prior to version 10.0.17, an unauthenticated user can use an application endpoint to check if an email address corresponds to a valid GLPI user. Version 10.0.17 fixes the issue.
CVE-2024-37147 1 Glpi-project 1 Glpi 2025-01-07 4.3 Medium
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated user can attach a document to any item, even if the user has no write access on it. Upgrade to 10.0.16.
CVE-2024-52001 1 Combodo 1 Itop 2025-01-07 4.3 Medium
Combodo iTop is a simple, web based IT Service Management tool. In affected versions portal users are able to access forbidden services information. This issue has been addressed in version 3.2.0. All users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2024-37980 1 Microsoft 5 Sql Server, Sql Server 2016, Sql Server 2017 and 2 more 2025-01-07 8.8 High
Microsoft SQL Server Elevation of Privilege Vulnerability
CVE-2024-43474 1 Microsoft 3 Sql Server, Sql Server 2017, Sql Server 2019 2025-01-07 7.6 High
Microsoft SQL Server Information Disclosure Vulnerability
CVE-2023-38946 1 Multilaser 2 Re160, Re160 Firmware 2025-01-07 8.8 High
An issue in Multilaser RE160 firmware v5.07.51_pt_MTL01 and v5.07.52_pt_MTL01 allows attackers to bypass the access control and gain complete access to the application via supplying a crafted cookie.