Search Results (34218 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-29580 1 Yasm Project 1 Yasm 2025-02-08 5.5 Medium
yasm 1.3.0.55.g101bc was discovered to contain a segmentation violation via the component yasm_expr_create at /libyasm/expr.c.
CVE-2023-29574 1 Axiosys 1 Bento4 2025-02-08 5.5 Medium
Bento4 v1.6.0-639 was discovered to contain an out-of-memory bug in the mp42avc component.
CVE-2023-29571 1 Cesanta 1 Mjs 2025-02-08 5.5 Medium
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via gc_sweep at src/mjs_gc.c. This vulnerability can lead to a Denial of Service (DoS).
CVE-2022-45180 1 Liveboxcloud 1 Vdesk 2025-02-07 6.5 Medium
An issue was discovered in LIVEBOX Collaboration vDesk through v018. Broken Access Control exists under the /api/v1/vdesk_{DOMAIN]/export endpoint. A malicious user, authenticated to the product without any specific privilege, can use the API for exporting information about all users of the system (an operation intended to only be available to the system administrator).
CVE-2022-45178 1 Liveboxcloud 1 Vdesk 2025-02-07 8.8 High
An issue was discovered in LIVEBOX Collaboration vDesk through v018. Broken Access Control exists under the /api/v1/vdeskintegration/saml/user/createorupdate endpoint, the /settings/guest-settings endpoint, the /settings/samlusers-settings endpoint, and the /settings/users-settings endpoint. A malicious user (already logged in as a SAML User) is able to achieve privilege escalation from a low-privilege user (FGM user) to an administrative user (GGU user), including the administrator, or create new users even without an admin role.
CVE-2024-20864 1 Samsung 1 Android 2025-02-07 5.5 Medium
Improper access control vulnerability in DarManagerService prior to SMR May-2024 Release 1 allows local attackers to monitor system resources.
CVE-2024-20855 1 Samsung 1 Android 2025-02-07 2.4 Low
Improper access control vulnerability in multitasking framework prior to SMR May-2024 Release 1 allows physical attackers to access unlocked screen for a while.
CVE-2024-39557 1 Juniper 1 Junos Os Evolved 2025-02-07 6.5 Medium
An Uncontrolled Resource Consumption vulnerability in the Layer 2 Address Learning Daemon (l2ald) of Juniper Networks Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a memory leak, eventually exhausting all system memory, leading to a system crash and Denial of Service (DoS). Certain MAC table updates cause a small amount of memory to leak.  Once memory utilization reaches its limit, the issue will result in a system crash and restart. To identify the issue, execute the CLI command: user@device> show platform application-info allocations app l2ald-agent EVL Object Allocation Statistics: Node   Application     Context Name                               Live   Allocs   Fails     Guids re0   l2ald-agent               net::juniper::rtnh::L2Rtinfo       1069096 1069302   0         1069302 re0   l2ald-agent               net::juniper::rtnh::NHOpaqueTlv     114     195       0         195 This issue affects Junos OS Evolved: * All versions before 21.4R3-S8-EVO, * from 22.2-EVO before 22.2R3-S4-EVO, * from 22.3-EVO before 22.3R3-S3-EVO, * from 22.4-EVO before 22.4R3-EVO, * from 23.2-EVO before 23.2R2-EVO.
CVE-2024-5868 1 Wpwebelite 1 Woocommerce Social Login 2025-02-07 6.5 Medium
The WooCommerce - Social Login plugin for WordPress is vulnerable to Email Verification in all versions up to, and including, 2.6.2 via the use of insufficiently random activation code. This makes it possible for unauthenticated attackers to bypass the email verification.
CVE-2024-39513 1 Juniper 1 Junos Os Evolved 2025-02-07 5.5 Medium
An Improper Input Validation vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved allows a local, low-privileged attacker to cause a Denial of Service (DoS). When a specific "clear" command is run, the Advanced Forwarding Toolkit manager (evo-aftmand-bt or evo-aftmand-zx) crashes and restarts. The crash impacts all traffic going through the FPCs, causing a DoS. Running the command repeatedly leads to a sustained DoS condition. This issue affects Junos OS Evolved:  * All versions before 20.4R3-S9-EVO,  * from 21.2-EVO before 21.2R3-S7-EVO,  * from 21.3-EVO before 21.3R3-S5-EVO,  * from 21.4-EVO before 21.4R3-S6-EVO,  * from 22.1-EVO before 22.1R3-S4-EVO,  * from 22.2-EVO before 22.2R3-S3-EVO,  * from 22.3-EVO before 22.3R3-S3-EVO,  * from 22.4-EVO before 22.4R3-EVO, * from 23.2-EVO before 23.2R2-EVO.
CVE-2023-28808 1 Hikvision 20 Ds-a71024, Ds-a71024 Firmware, Ds-a71048 and 17 more 2025-02-07 9.1 Critical
Some Hikvision Hybrid SAN/Cluster Storage products have an access control vulnerability which can be used to obtain the admin permission. The attacker can exploit the vulnerability by sending crafted messages to the affected devices.
CVE-2024-0631 1 Duitku 1 Duitku Payment Gateway 2025-02-07 5.3 Medium
The Duitku Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the check_duitku_response function in all versions up to, and including, 2.11.4. This makes it possible for unauthenticated attackers to change the payment status of orders to failed.
CVE-2023-29189 1 Sap 2 Customer Relationship Management S4fnd, Customer Relationship Management Webclient Ui 2025-02-07 5.4 Medium
SAP CRM (WebClient UI) - versions S4FND 102, 103, 104, 105, 106, 107, WEBCUIF, 700, 701, 731, 730, 746, 747, 748, 800, 801, allows an authenticated attacker to modify HTTP verbs used in requests to the web server. This application is exposed over the network and successful exploitation can lead to exposure of form fields
CVE-2024-39511 1 Juniper 1 Junos 2025-02-07 5.5 Medium
An Improper Input Validation vulnerability in the 802.1X Authentication (dot1x) Daemon of Juniper Networks Junos OS allows a local, low-privileged attacker with access to the CLI to cause a Denial of Service (DoS). On running a specific operational dot1x command, the dot1x daemon crashes. An attacker can cause a sustained DoS condition by running this command repeatedly. When the crash occurs, the authentication status of any 802.1x clients is cleared, and any authorized dot1x port becomes unauthorized. The client cannot re-authenticate until the dot1x daemon restarts. This issue affects Junos OS: * All versions before 20.4R3-S10; * 21.2 versions before 21.2R3-S7; * 21.4 versions before 21.4R3-S6; * 22.1 versions before 22.1R3-S5; * 22.2 versions before 22.2R3-S3; * 22.3 versions before 22.3R3-S2; * 22.4 versions before 22.4R3-S1; * 23.2 versions before 23.2R2.
CVE-2024-2088 1 Nextscripts 1 Social Networks Auto Poster 2025-02-07 8.5 High
The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.4.3 via the 'nxs_getExpSettings' function. This makes it possible for authenticated attackers, with subscriber access and above, to extract sensitive data including social network API keys and secrets.
CVE-2024-20847 1 Samsung 1 Android 2025-02-07 4 Medium
Improper Access Control vulnerability in StorageManagerService prior to SMR Apr-2024 Release 1 allows local attackers to read sdcard information.
CVE-2023-30636 1 Tikv 1 Tikv 2025-02-07 7.5 High
TiKV 6.1.2 allows remote attackers to cause a denial of service (fatal error, with RpcStatus UNAVAILABLE for "not leader") upon an attempt to start a node in a situation where the context deadline is exceeded
CVE-2023-30635 1 Tikv 1 Tikv 2025-02-07 7.5 High
TiKV 6.1.2 allows remote attackers to cause a denial of service (fatal error) upon an attempt to get a timestamp from the Placement Driver.
CVE-2023-30524 1 Jenkins 1 Report Portal 2025-02-07 4.3 Medium
Jenkins Report Portal Plugin 0.5 and earlier does not mask ReportPortal access tokens displayed on the configuration form, increasing the potential for attackers to observe and capture them.
CVE-2023-20866 1 Vmware 1 Spring Session 2025-02-07 6.5 Medium
In Spring Session version 3.0.0, the session id can be logged to the standard output stream. This vulnerability exposes sensitive information to those who have access to the application logs and can be used for session hijacking. Specifically, an application is vulnerable if it is using HeaderHttpSessionIdResolver.