Search Results (34218 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-3544 1 Progress 1 Loadmaster 2025-02-03 7.5 High
Unauthenticated attackers can perform actions, using SSH private keys, by knowing the IP address and having access to the same network of one of the machines in the HA or Cluster group. This vulnerability has been closed by enhancing LoadMaster partner communications to require a shared secret that must be exchanged between the partners before communication can proceed.
CVE-2024-45331 1 Fortinet 4 Fortianalyzer, Fortianalyzer Cloud, Fortimanager and 1 more 2025-02-03 6.9 Medium
A incorrect privilege assignment in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15, FortiManager versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15, FortiAnalyzer Cloud versions 7.4.1 through 7.4.2, 7.2.1 through 7.2.6, 7.0.1 through 7.0.13, 6.4.1 through 6.4.7 allows attacker to escalate privilege via specific shell commands
CVE-2024-11263 2 Zephyrproject, Zephyrproject-rtos 2 Zephyr, Zephyr 2025-02-03 9.4 Critical
When the Global Pointer (GP) relative addressing is enabled (CONFIG_RISCV_GP=y), the gp reg points at 0x800 bytes past the start of the .sdata section which is then used by the linker to relax accesses to global symbols.
CVE-2023-31178 1 Agilepoint 1 Agilepoint Nx 2025-02-03 8.1 High
AgilePoint NX v8.0 SU2.2 & SU2.3 – Arbitrary File Delete Vulnerability allows arbitrary file deletion, by an unspecified request.
CVE-2021-44476 1 Odoo 1 Odoo 2025-02-03 6.8 Medium
A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to read local files on the server, including sensitive configuration files.
CVE-2022-25278 1 Drupal 1 Drupal 2025-02-03 6.5 Medium
Under certain circumstances, the Drupal core form API evaluates form element access incorrectly. This may lead to a user being able to alter data they should not have access to. No forms provided by Drupal core are known to be vulnerable. However, forms added through contributed or custom modules or themes may be affected.
CVE-2022-3405 3 Acronis, Linux, Microsoft 4 Cyber Backup, Cyber Protect, Linux Kernel and 1 more 2025-02-03 8.8 High
Code execution and sensitive information disclosure due to excessive privileges assigned to Acronis Agent. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 29486, Acronis Cyber Backup 12.5 (Windows, Linux) before build 16545.
CVE-2023-30404 1 Aigital 2 Wireless-n Repeater Mini Router, Wireless-n Repeater Mini Router Firmware 2025-02-03 9.8 Critical
Aigital Wireless-N Repeater Mini_Router v0.131229 was discovered to contain a remote code execution (RCE) vulnerability via the sysCmd parameter in the formSysCmd function. This vulnerability is exploited via a crafted HTTP request.
CVE-2023-2291 1 Zohocorp 3 Manageengine Access Manager Plus, Manageengine Pam360, Manageengine Password Manager Pro 2025-02-03 7.8 High
Static credentials exist in the PostgreSQL data used in ManageEngine Access Manager Plus (AMP) build 4309, ManageEngine Password Manager Pro, and ManageEngine PAM360. These credentials could allow a malicious actor to modify configuration data that would escalate their permissions from that of a low-privileged user to an Administrative user.
CVE-2023-29835 1 Wondershare 1 Dr.fone 2025-02-03 7.8 High
Insecure Permission vulnerability found in Wondershare Dr.Fone v.12.9.6 allows a remote attacker to escalate privileges via the service permission function.
CVE-2023-29779 1 Sengled 2 E1e-g7f, E1e-g7f Firmware 2025-02-03 7.5 High
Sengled Dimmer Switch V0.0.9 contains a denial of service (DOS) vulnerability, which allows a remote attacker to send malicious Zigbee messages to a vulnerable device and cause crashes. After receiving the malicious command, the device will keep reporting its status and finally drain its battery after receiving the 'Set_short_poll_interval' command.
CVE-2023-28087 1 Hp 1 Oneview 2025-02-03 5.5 Medium
An HPE OneView appliance dump may expose OneView user accounts
CVE-2023-28086 1 Hp 1 Oneview 2025-02-03 5.5 Medium
An HPE OneView appliance dump may expose proxy credential settings
CVE-2022-25091 1 Infopop 1 Ultimate Bulletin Board 2025-02-03 5.3 Medium
Infopop Ultimate Bulletin Board up to v5.47a was discovered to allow all messages posted inside private forums to be disclosed by unauthenticated users via the quote reply feature.
CVE-2021-44465 1 Odoo 1 Odoo 2025-02-03 4.3 Medium
Improper access control in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier allows authenticated attackers to subscribe to receive future notifications and comments related to arbitrary business records in the system, via crafted RPC requests.
CVE-2021-23166 1 Odoo 1 Odoo 2025-02-03 8.7 High
A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to read and write local files on the server.
CVE-2024-4263 1 Lfprojects 1 Mlflow 2025-02-03 5.4 Medium
A broken access control vulnerability exists in mlflow/mlflow versions before 2.10.1, where low privilege users with only EDIT permissions on an experiment can delete any artifacts. This issue arises due to the lack of proper validation for DELETE requests by users with EDIT permissions, allowing them to perform unauthorized deletions of artifacts. The vulnerability specifically affects the handling of artifact deletions within the application, as demonstrated by the ability of a low privilege user to delete a directory inside an artifact using a DELETE request, despite the official documentation stating that users with EDIT permission can only read and update artifacts, not delete them.
CVE-2024-25943 1 Dell 1 Idrac9 2025-02-03 7.6 High
iDRAC9, versions prior to 7.00.00.172 for 14th Generation and 7.10.50.00 for 15th and 16th Generations, contains a session hijacking vulnerability in IPMI. A remote attacker could potentially exploit this vulnerability, leading to arbitrary code execution on the vulnerable application.
CVE-2024-54557 1 Apple 1 Macos 2025-01-31 7.5 High
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sonoma 14.7.2, macOS Sequoia 15.2, macOS Ventura 13.7.2. An attacker may gain access to protected parts of the file system.
CVE-2024-54536 1 Apple 1 Macos 2025-01-31 5.5 Medium
The issue was addressed with improved validation of environment variables. This issue is fixed in macOS Sequoia 15.2. An app may be able to edit NVRAM variables.