Total
35577 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-10360 | 1 Moveaddons | 1 Move Addons For Elementor | 2025-01-27 | 4.3 Medium |
| The Move Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.5 via the render function in includes/widgets/accordion/widget.php, includes/widgets/remote-template/widget.php, and other widget.php files. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data. | ||||
| CVE-2023-35888 | 1 Ibm | 1 Security Verify Governance | 2025-01-27 | 5.9 Medium |
| IBM Security Verify Governance 10.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 258375. | ||||
| CVE-2023-32082 | 2 Etcd, Redhat | 2 Etcd, Openstack | 2025-01-24 | 3.1 Low |
| etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.26 and 3.5.9, the LeaseTimeToLive API allows access to key names (not value) associated to a lease when `Keys` parameter is true, even a user doesn't have read permission to the keys. The impact is limited to a cluster which enables auth (RBAC). Versions 3.4.26 and 3.5.9 fix this issue. There are no known workarounds. | ||||
| CVE-2023-29195 | 1 Linuxfoundation | 1 Vitess | 2025-01-24 | 4.1 Medium |
| Vitess is a database clustering system for horizontal scaling of MySQL through generalized sharding. Prior to version 16.0.2, users can either intentionally or inadvertently create a shard containing `/` characters from VTAdmin such that from that point on, anyone who tries to create a new shard from VTAdmin will receive an error. Attempting to view the keyspace(s) will also no longer work. Creating a shard using `vtctldclient` does not have the same problem because the CLI validates the input correctly. Version 16.0.2, corresponding to version 0.16.2 of the `go` module, contains a patch for this issue. Some workarounds are available. Always use `vtctldclient` to create shards, instead of using VTAdmin; disable creating shards from VTAdmin using RBAC; and/or delete the topology record for the offending shard using the client for your topology server. | ||||
| CVE-2023-0859 | 1 Canon | 90 I-sensys Lbp621cw, I-sensys Lbp621cw Firmware, I-sensys Lbp623cdw and 87 more | 2025-01-24 | 2.2 Low |
| Arbitrary Files can be installed in the Setting Data Import function of Office / Small Office Multifunction Printers and Laser Printers(*). *:Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier sold in Japan. Color imageCLASS LBP660C Series/LBP 620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C firmware Ver.11.04 and earlier sold in US. i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series, C1127P, C1127iF, C1127i firmware Ver.11.04 and earlier sold in Europe. | ||||
| CVE-2023-32080 | 1 Pterodactyl | 1 Wings | 2025-01-24 | 9.1 Critical |
| Wings is the server control plane for Pterodactyl Panel. A vulnerability affecting versions prior to 1.7.5 and versions 1.11.0 prior to 1.11.6 impacts anyone running the affected versions of Wings. This vulnerability can be used to gain access to the host system running Wings if a user is able to modify an server's install script or the install script executes code supplied by the user (either through environment variables, or commands that execute commands based off of user data). This vulnerability has been resolved in version `v1.11.6` of Wings, and has been back-ported to the 1.7 release series in `v1.7.5`. Anyone running `v1.11.x` should upgrade to `v1.11.6` and anyone running `v1.7.x` should upgrade to `v1.7.5`. There are no workarounds aside from upgrading. Running Wings with a rootless container runtime may mitigate the severity of any attacks, however the majority of users are using container runtimes that run as root as per the Wings documentation. SELinux may prevent attackers from performing certain operations against the host system, however privileged containers have a lot of freedom even on systems with SELinux enabled. It should be noted that this was a known attack vector, for attackers to easily exploit this attack it would require compromising an administrator account on a Panel. However, certain eggs (the data structure that holds the install scripts that get passed to Wings) have an issue where they are unknowingly executing shell commands with escalated privileges provided by untrusted user data. | ||||
| CVE-2023-31914 | 1 Jerryscript | 1 Jerryscript | 2025-01-24 | 5.5 Medium |
| Jerryscript 3.0 (commit 05dbbd1) was discovered to contain out-of-memory issue in malloc. | ||||
| CVE-2023-30330 | 1 Softexpert | 1 Excellence Suite | 2025-01-24 | 9.8 Critical |
| SoftExpert (SE) Excellence Suite 2.x versions before 2.1.3 is vulnerable to Local File Inclusion in the function /se/v42300/generic/gn_defaultframe/2.0/defaultframe_filter.php. | ||||
| CVE-2023-29790 | 1 Kodcloud | 1 Kodbox | 2025-01-24 | 7.5 High |
| kodbox 1.2.x through 1.3.7 has a Sensitive Information Leakage issue. | ||||
| CVE-2022-36329 | 1 Westerndigital | 6 My Cloud Home, My Cloud Home Duo, My Cloud Home Duo Firmware and 3 more | 2025-01-24 | 4.4 Medium |
| An improper privilege management issue that could allow an attacker to cause a denial of service over the OTA mechanism was discovered in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi devices.This issue affects My Cloud Home and My Cloud Home Duo: before 9.4.0-191; ibi: before 9.4.0-191. | ||||
| CVE-2023-21109 | 1 Google | 1 Android | 2025-01-24 | 7.8 High |
| In multiple places of AccessibilityService, there is a possible way to hide the app from the user due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-261589597 | ||||
| CVE-2023-21102 | 2 Google, Redhat | 2 Android, Enterprise Linux | 2025-01-24 | 7.8 High |
| In __efi_rt_asm_wrapper of efi-rt-wrapper.S, there is a possible bypass of shadow stack protection due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-260821414References: Upstream kernel | ||||
| CVE-2023-25772 | 1 Intel | 1 Retail Edge Program | 2025-01-24 | 5 Medium |
| Improper input validation in the Intel(R) Retail Edge Mobile Android application before version 3.0.301126-RELEASE may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2023-23573 | 1 Intel | 1 Unite | 2025-01-24 | 4.4 Medium |
| Improper access control in the Intel(R) Unite(R) android application before Release 17 may allow a privileged user to potentially enable information disclosure via local access. | ||||
| CVE-2023-2646 | 1 Tp-link | 2 Archer C7, Archer C7 Firmware | 2025-01-24 | 4.5 Medium |
| A vulnerability has been found in TP-Link Archer C7v2 v2_en_us_180114 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component GET Request Parameter Handler. The manipulation leads to denial of service. The attack can only be done within the local network. The associated identifier of this vulnerability is VDB-228775. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-24540 | 2 Golang, Redhat | 20 Go, Acm, Advanced Cluster Security and 17 more | 2025-01-24 | 9.8 Critical |
| Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution. | ||||
| CVE-2023-20717 | 2 Google, Mediatek | 26 Android, Mt6768, Mt6769 and 23 more | 2025-01-24 | 4.1 Medium |
| In vcu, there is a possible leak of dma buffer due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07645185; Issue ID: ALPS07645185. | ||||
| CVE-2021-0877 | 1 Google | 1 Android | 2025-01-24 | 9.8 Critical |
| Product: AndroidVersions: Android SoCAndroid ID: A-273754094 | ||||
| CVE-2023-29242 | 1 Intel | 6 Oneapi Ai Analytics Toolkit, Oneapi Base Toolkit, Oneapi Dl Framework Developer Toolkit and 3 more | 2025-01-24 | 6.7 Medium |
| Improper access control for Intel(R) oneAPI Toolkits before version 2021.1 Beta 10 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-30768 | 1 Intel | 128 Server Board S1200btl, Server Board S1200btl Firmware, Server Board S1200btlr and 125 more | 2025-01-24 | 7.1 High |
| Improper access control in the Intel(R) Server Board S2600WTT belonging to the Intel(R) Server Board S2600WT Family with the BIOS version 0016 may allow a privileged user to potentially enable escalation of privilege via local access. | ||||