Total
32208 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-54497 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2025-02-04 | N/A | 6.5 MEDIUM |
| The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.2, tvOS 18.2, watchOS 11.2, iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2. Processing web content may lead to a denial-of-service. | |||||
| CVE-2021-3129 | 2 Facade, Laravel | 2 Ignition, Laravel | 2025-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of file_get_contents() and file_put_contents(). This is exploitable on sites using debug mode with Laravel before 8.4.2. | |||||
| CVE-2024-13562 | 1 Importwp | 1 Import Wp | 2025-02-04 | N/A | 7.5 HIGH |
| The Import WP – Export and Import CSV and XML files to WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.14.5 via the uploads directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads/ directory which can contain information like imported or local user data and files. | |||||
| CVE-2023-31060 | 1 Repetier-server | 1 Repetier-server | 2025-02-04 | N/A | 9.8 CRITICAL |
| Repetier Server through 1.4.10 executes as SYSTEM. This can be leveraged in conjunction with CVE-2023-31059 for full compromise. | |||||
| CVE-2023-2118 | 1 Devolutions | 1 Devolutions Server | 2025-02-04 | N/A | 5.4 MEDIUM |
| Insufficient access control in support ticket feature in Devolutions Server 2023.1.5.0 and below allows an authenticated attacker to send support tickets and download diagnostic files via specific endpoints. | |||||
| CVE-2024-11090 | 1 Stellarwp | 1 Membership Plugin - Restrict Content | 2025-02-04 | N/A | 5.3 MEDIUM |
| The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.13 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator. | |||||
| CVE-2024-36488 | 1 Intel | 1 Driver \& Support Assistant | 2025-02-04 | N/A | 7.3 HIGH |
| Improper Access Control in some Intel(R) DSA before version 24.3.26.8 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-43489 | 1 Intel | 1 Computing Improvement Program | 2025-02-04 | N/A | 5.5 MEDIUM |
| Improper access control for some Intel(R) CIP software before version 2.4.10717 may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2024-36482 | 1 Intel | 1 Computing Improvement Program | 2025-02-04 | N/A | 8.2 HIGH |
| Improper input validation in some Intel(R) CIP software before version 2.4.10852 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-50386 | 1 Apache | 1 Cloudstack | 2025-02-04 | N/A | 8.5 HIGH |
| Account users in Apache CloudStack by default are allowed to register templates to be downloaded directly to the primary storage for deploying instances. Due to missing validation checks for KVM-compatible templates in CloudStack 4.0.0 through 4.18.2.4 and 4.19.0.0 through 4.19.1.2, an attacker that can register templates, can use them to deploy malicious instances on KVM-based environments and exploit this to gain access to the host filesystems that could result in the compromise of resource integrity and confidentiality, data loss, denial of service, and availability of KVM-based infrastructure managed by CloudStack. Users are recommended to upgrade to Apache CloudStack 4.18.2.5 or 4.19.1.3, or later, which addresses this issue. Additionally, all user-registered KVM-compatible templates can be scanned and checked that they are flat files that should not be using any additional or unnecessary features. For example, operators can run the following command on their file-based primary storage(s) and inspect the output. An empty output for the disk being validated means it has no references to the host filesystems; on the other hand, if the output for the disk being validated is not empty, it might indicate a compromised disk. However, bear in mind that (i) volumes created from templates will have references for the templates at first and (ii) volumes can be consolidated while migrating, losing their references to the templates. Therefore, the command execution for the primary storages can show both false positives and false negatives. for file in $(find /path/to/storage/ -type f -regex [a-f0-9\-]*.*); do echo "Retrieving file [$file] info. If the output is not empty, that might indicate a compromised disk; check it carefully."; qemu-img info -U $file | grep file: ; printf "\n\n"; done For checking the whole template/volume features of each disk, operators can run the following command: for file in $(find /path/to/storage/ -type f -regex [a-f0-9\-]*.*); do echo "Retrieving file [$file] info."; qemu-img info -U $file; printf "\n\n"; done | |||||
| CVE-2024-45761 | 3 Dell, Linux, Microsoft | 3 Openmanage Server Administrator, Linux Kernel, Windows | 2025-02-04 | N/A | 5.4 MEDIUM |
| Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, contains an improper input validation vulnerability. A remote low-privileged malicious user could potentially exploit this vulnerability to load any web plugins or Java class leading to the possibility of altering the behavior of certain apps/OS or Denial of Service. | |||||
| CVE-2024-0172 | 1 Dell | 186 Dss 8440, Dss 8440 Firmware, Emc Storage Nx3240 and 183 more | 2025-02-04 | N/A | 7.9 HIGH |
| Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper privilege management security vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to privilege escalation. | |||||
| CVE-2024-0161 | 1 Dell | 172 Dss 8440, Dss 8440 Firmware, Emc Storage Nx3240 and 169 more | 2025-02-04 | N/A | 7.2 HIGH |
| Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A local low privileged attacker could potentially exploit this vulnerability leading to arbitrary writes to SMRAM. | |||||
| CVE-2024-22459 | 1 Dell | 1 Elastic Cloud Storage | 2025-02-04 | N/A | 6.8 MEDIUM |
| Dell ECS, versions 3.6 through 3.6.2.5, and 3.7 through 3.7.0.6, and 3.8 through 3.8.0.4 versions, contain an improper access control vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to unauthorized access to all buckets and their data within a namespace | |||||
| CVE-2024-30473 | 1 Dell | 1 Elastic Cloud Storage | 2025-02-04 | N/A | 4.9 MEDIUM |
| Dell ECS, versions prior to 3.8.1, contain a privilege elevation vulnerability in user management. A remote high privileged attacker could potentially exploit this vulnerability, gaining access to unauthorized end points. | |||||
| CVE-2023-2250 | 1 Linuxfoundation | 1 Open Cluster Management | 2025-02-04 | N/A | 6.7 MEDIUM |
| A flaw was found in the Open Cluster Management (OCM) when a user have access to the worker nodes which has the cluster-manager-registration-controller or cluster-manager deployments. A malicious user can take advantage of this and bind the cluster-admin to any service account or using the service account to list all secrets for all kubernetes namespaces, leading into a cluster-level privilege escalation. | |||||
| CVE-2023-29570 | 1 Cesanta | 1 Mjs | 2025-02-04 | N/A | 5.5 MEDIUM |
| Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_ffi_cb_free at src/mjs_ffi.c. This vulnerability can lead to a Denial of Service (DoS). | |||||
| CVE-2023-20871 | 2 Apple, Vmware | 2 Mac Os X, Fusion | 2025-02-04 | N/A | 7.8 HIGH |
| VMware Fusion contains a local privilege escalation vulnerability. A malicious actor with read/write access to the host operating system can elevate privileges to gain root access to the host operating system. | |||||
| CVE-2024-28963 | 1 Dell | 2 Telemetry Dashboard, Thinos | 2025-02-04 | N/A | 6.2 MEDIUM |
| Telemetry Dashboard v1.0.0.7 for Dell ThinOS 2402 contains a sensitive information disclosure vulnerability. An unauthenticated user with local access to the device could exploit this vulnerability to read sensitive proxy settings information. | |||||
| CVE-2025-0849 | 1 Campcodes | 1 School Management Software | 2025-02-04 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as critical has been found in CampCodes School Management Software 1.0. Affected is an unknown function of the file /edit-staff/ of the component Staff Handler. The manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||