Total
1371 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-0064 | 2025-02-18 | N/A | 8.7 HIGH | ||
| Under specific conditions, the Central Management Console of the SAP BusinessObjects Business Intelligence platform allows an attacker with admin rights to generate or retrieve a secret passphrase, enabling them to impersonate any user in the system. This results in a high impact on confidentiality and integrity, with no impact on availability. | |||||
| CVE-2023-0225 | 1 Samba | 1 Samba | 2025-02-18 | N/A | 4.3 MEDIUM |
| A flaw was found in Samba. An incomplete access check on dnsHostName allows authenticated but otherwise unprivileged users to delete this attribute from any object in the directory. | |||||
| CVE-2023-38037 | 2025-02-15 | N/A | 5.5 MEDIUM | ||
| ActiveSupport::EncryptedFile writes contents that will be encrypted to a temporary file. The temporary file's permissions are defaulted to the user's current `umask` settings, meaning that it's possible for other users on the same system to read the contents of the temporary file. Attackers that have access to the file system could possibly read the contents of this temporary file while a user is editing it. All users running an affected release should either upgrade or use one of the workarounds immediately. | |||||
| CVE-2021-23874 | 1 Mcafee | 1 Total Protection | 2025-02-14 | 4.6 MEDIUM | 8.2 HIGH |
| Arbitrary Process Execution vulnerability in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated privileges and execute arbitrary code bypassing MTP self-defense. | |||||
| CVE-2023-0944 | 1 Imaworldhealth | 1 Bhima | 2025-02-13 | N/A | 4.3 MEDIUM |
| Bhima version 1.27.0 allows an authenticated attacker with regular user permissions to update arbitrary user session data such as username, email and password. This is possible because the application is vulnerable to IDOR, it does not correctly validate user permissions with respect to certain actions that can be performed by the user. | |||||
| CVE-2023-50292 | 1 Apache | 1 Solr | 2025-02-13 | N/A | 7.5 HIGH |
| Incorrect Permission Assignment for Critical Resource, Improper Control of Dynamically-Managed Code Resources vulnerability in Apache Solr. This issue affects Apache Solr: from 8.10.0 through 8.11.2, from 9.0.0 before 9.3.0. The Schema Designer was introduced to allow users to more easily configure and test new Schemas and configSets. However, when the feature was created, the "trust" (authentication) of these configSets was not considered. External library loading is only available to configSets that are "trusted" (created by authenticated users), thus non-authenticated users are unable to perform Remote Code Execution. Since the Schema Designer loaded configSets without taking their "trust" into account, configSets that were created by unauthenticated users were allowed to load external libraries when used in the Schema Designer. Users are recommended to upgrade to version 9.3.0, which fixes the issue. | |||||
| CVE-2022-22960 | 2 Linux, Vmware | 6 Linux Kernel, Cloud Foundation, Identity Manager and 3 more | 2025-02-12 | 7.2 HIGH | 7.8 HIGH |
| VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. A malicious actor with local access can escalate privileges to 'root'. | |||||
| CVE-2023-24626 | 1 Gnu | 1 Screen | 2025-02-12 | N/A | 6.5 MEDIUM |
| socket.c in GNU Screen through 4.9.0, when installed setuid or setgid (the default on platforms such as Arch Linux and FreeBSD), allows local users to send a privileged SIGHUP signal to any PID, causing a denial of service or disruption of the target process. | |||||
| CVE-2022-43309 | 1 Supermicro | 292 H11dsi, H11dsi-nt, H11dsi-nt Firmware and 289 more | 2025-02-11 | N/A | 5.5 MEDIUM |
| Supermicro X11SSL-CF HW Rev 1.01, BMC firmware v1.63 was discovered to contain insecure permissions. | |||||
| CVE-2025-23403 | 2025-02-11 | N/A | 7.0 HIGH | ||
| A vulnerability has been identified in SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions). The affected device do not properly restrict the user permission for the registry key. This could allow an authenticated attacker to load vulnerable drivers into the system leading to privilege escalation or bypassing endpoint protection and other security measures. | |||||
| CVE-2023-1939 | 1 Devolutions | 1 Remote Desktop Manager | 2025-02-10 | N/A | 4.3 MEDIUM |
| No access control for the OTP key on OTP entries in Devolutions Remote Desktop Manager Windows 2022.3.33.0 and prior versions and Remote Desktop Manager Linux 2022.3.2.0 and prior versions allows non admin users to see OTP keys via the user interface. | |||||
| CVE-2023-30512 | 1 Linuxfoundation | 1 Cubefs | 2025-02-07 | N/A | 6.5 MEDIUM |
| CubeFS through 3.2.1 allows Kubernetes cluster-level privilege escalation. This occurs because DaemonSet has cfs-csi-cluster-role and can thus list all secrets, including the admin secret. | |||||
| CVE-2024-25645 | 1 Sap | 1 Netweaver Enterprise Portal | 2025-02-07 | N/A | 5.3 MEDIUM |
| Under certain condition SAP NetWeaver (Enterprise Portal) - version 7.50 allows an attacker to access information which would otherwise be restricted causing low impact on confidentiality of the application and with no impact on Integrity and Availability of the application. | |||||
| CVE-2024-28163 | 1 Sap | 1 Netweaver Process Integration | 2025-02-07 | N/A | 5.3 MEDIUM |
| Under certain conditions, Support Web Pages of SAP NetWeaver Process Integration (PI) - versions 7.50, allows an attacker to access information which would otherwise be restricted, causing low impact on Confidentiality with no impact on Integrity and Availability of the application. | |||||
| CVE-2025-0374 | 2025-02-07 | N/A | 6.5 MEDIUM | ||
| When etcupdate encounters conflicts while merging files, it saves a version containing conflict markers in /var/db/etcupdate/conflicts. This version does not preserve the mode of the input file, and is world-readable. This applies to files that would normally have restricted visibility, such as /etc/master.passwd. An unprivileged local user may be able to read encrypted root and user passwords from the temporary master.passwd file created in /var/db/etcupdate/conflicts. This is possible only when conflicts within the password file arise during an update, and the unprotected file is deleted when conflicts are resolved. | |||||
| CVE-2025-21325 | 1 Microsoft | 6 Windows 10 21h2, Windows 10 22h2, Windows 11 22h2 and 3 more | 2025-02-07 | N/A | 7.8 HIGH |
| Windows Secure Kernel Mode Elevation of Privilege Vulnerability | |||||
| CVE-2024-57520 | 2025-02-06 | N/A | 9.8 CRITICAL | ||
| Insecure Permissions vulnerability in asterisk v22 allows a remote attacker to execute arbitrary code via the action_createconfig function | |||||
| CVE-2024-57068 | 2025-02-06 | N/A | 7.5 HIGH | ||
| A prototype pollution in the lib.mutateMergeDeep function of @tanstack/form-core v0.35.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. | |||||
| CVE-2023-28123 | 1 Ui | 1 Desktop | 2025-02-05 | N/A | 5.5 MEDIUM |
| A permission misconfiguration in UI Desktop for Windows (Version 0.59.1.71 and earlier) could allow an user to hijack VPN credentials while UID VPN is starting.This vulnerability is fixed in Version 0.62.3 and later. | |||||
| CVE-2024-45657 | 2025-02-04 | N/A | 5.0 MEDIUM | ||
| IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 could allow a local privileged user to perform unauthorized actions due to incorrect permissions assignment. | |||||