Search Results (34218 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-2507 1 Octopus 1 Octopus Server 2025-02-05 5.3 Medium
In affected versions of Octopus Deploy it is possible to render user supplied input into the webpage
CVE-2022-29608 1 Opennetworking 1 Onos 2025-02-05 7.5 High
An issue was discovered in ONOS 2.5.1. An intent with a port that is an intermediate point of its path installs an invalid flow rule, causing a network loop.
CVE-2023-48747 1 Booster 1 Booster For Woocommerce 2025-02-05 6.5 Medium
Improper Authentication vulnerability in Pluggabl LLC Booster for WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Booster for WooCommerce: from n/a through 7.1.2.
CVE-2023-47504 1 Elementor 1 Website Builder 2025-02-05 7.5 High
Improper Authentication vulnerability in Elementor Elementor Website Builder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Elementor Website Builder: from n/a through 3.16.4.
CVE-2023-30611 1 Discourse 1 Reactions 2025-02-05 4.3 Medium
Discourse-reactions is a plugin that allows user to add their reactions to the post in the Discourse messaging platform. In affected versions data about what reactions were performed on a post in a private topic could be leaked. This issue has been addressed in version 0.3. Users are advised to upgrade. Users unable to upgrade should disable the discourse-reactions plugin to fully mitigate the issue.
CVE-2023-29926 1 Powerjob 1 Powerjob 2025-02-05 9.8 Critical
PowerJob V4.3.2 has unauthorized interface that causes remote code execution.
CVE-2024-54549 1 Apple 1 Macos 2025-02-04 5.5 Medium
This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sequoia 15.2. An app may be able to access user-sensitive data.
CVE-2024-54512 1 Apple 3 Ipados, Iphone Os, Watchos 2025-02-04 9.1 Critical
The issue was addressed by removing the relevant flags. This issue is fixed in watchOS 11.2, iOS 18.2 and iPadOS 18.2. A system binary could be used to fingerprint a user's Apple Account.
CVE-2024-13562 1 Importwp 1 Import Wp 2025-02-04 7.5 High
The Import WP – Export and Import CSV and XML files to WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.14.5 via the uploads directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads/ directory which can contain information like imported or local user data and files.
CVE-2023-31060 1 Repetier-server 1 Repetier-server 2025-02-04 9.8 Critical
Repetier Server through 1.4.10 executes as SYSTEM. This can be leveraged in conjunction with CVE-2023-31059 for full compromise.
CVE-2023-2118 1 Devolutions 1 Devolutions Server 2025-02-04 4.3 Medium
Insufficient access control in support ticket feature in Devolutions Server 2023.1.5.0 and below allows an authenticated attacker to send support tickets and download diagnostic files via specific endpoints.
CVE-2024-11090 1 Stellarwp 1 Membership Plugin - Restrict Content 2025-02-04 5.3 Medium
The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.13 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator.
CVE-2023-0206 1 Nvidia 2 Dgx A100, Dgx A100 Firmware 2025-02-04 7.5 High
NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may modify arbitrary memory of SMRAM by exploiting the NVME SMM API. A successful exploit of this vulnerability may lead to denial of service, escalation of privileges, and information disclosure.
CVE-2023-0202 1 Nvidia 2 Dgx A100, Dgx A100 Firmware 2025-02-04 7.5 High
NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may modify arbitrary memory of SMRAM by exploiting the GenericSio and LegacySmmSredir SMM APIs. A successful exploit of this vulnerability may lead to denial of service, escalation of privileges, and information disclosure.
CVE-2023-0203 1 Nvidia 4 Connectx-5, Connectx-6, Connectx-6-dx and 1 more 2025-02-04 5 Medium
NVIDIA ConnectX-5, ConnectX-6, and ConnectX6-DX contain a vulnerability in the NIC firmware, where an unprivileged user can exploit insufficient granularity of access control, which may lead to denial of service.
CVE-2024-36488 1 Intel 2 Driver \& Support Assistant, Dsa Software 2025-02-04 7.3 High
Improper Access Control in some Intel(R) DSA before version 24.3.26.8 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-43489 1 Intel 1 Computing Improvement Program 2025-02-04 5.5 Medium
Improper access control for some Intel(R) CIP software before version 2.4.10717 may allow an authenticated user to potentially enable denial of service via local access.
CVE-2024-36482 1 Intel 2 Cip Software, Computing Improvement Program 2025-02-04 8.2 High
Improper input validation in some Intel(R) CIP software before version 2.4.10852 may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2024-50386 1 Apache 1 Cloudstack 2025-02-04 8.5 High
Account users in Apache CloudStack by default are allowed to register templates to be downloaded directly to the primary storage for deploying instances. Due to missing validation checks for KVM-compatible templates in CloudStack 4.0.0 through 4.18.2.4 and 4.19.0.0 through 4.19.1.2, an attacker that can register templates, can use them to deploy malicious instances on KVM-based environments and exploit this to gain access to the host filesystems that could result in the compromise of resource integrity and confidentiality, data loss, denial of service, and availability of KVM-based infrastructure managed by CloudStack. Users are recommended to upgrade to Apache CloudStack 4.18.2.5 or 4.19.1.3, or later, which addresses this issue. Additionally, all user-registered KVM-compatible templates can be scanned and checked that they are flat files that should not be using any additional or unnecessary features. For example, operators can run the following command on their file-based primary storage(s) and inspect the output. An empty output for the disk being validated means it has no references to the host filesystems; on the other hand, if the output for the disk being validated is not empty, it might indicate a compromised disk. However, bear in mind that (i) volumes created from templates will have references for the templates at first and (ii) volumes can be consolidated while migrating, losing their references to the templates. Therefore, the command execution for the primary storages can show both false positives and false negatives. for file in $(find /path/to/storage/ -type f -regex [a-f0-9\-]*.*); do echo "Retrieving file [$file] info. If the output is not empty, that might indicate a compromised disk; check it carefully."; qemu-img info -U $file | grep file: ; printf "\n\n"; done For checking the whole template/volume features of each disk, operators can run the following command: for file in $(find /path/to/storage/ -type f -regex [a-f0-9\-]*.*); do echo "Retrieving file [$file] info."; qemu-img info -U $file; printf "\n\n"; done
CVE-2024-45761 3 Dell, Linux, Microsoft 3 Openmanage Server Administrator, Linux Kernel, Windows 2025-02-04 5.4 Medium
Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, contains an improper input validation vulnerability. A remote low-privileged malicious user could potentially exploit this vulnerability to load any web plugins or Java class leading to the possibility of altering the behavior of certain apps/OS or Denial of Service.