Filtered by NVD-CWE-noinfo
Total 35577 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-26280 1 Ibm 1 Jazz Foundation 2025-01-16 5.3 Medium
IBM Jazz Foundation 7.0.2 and 7.0.3 could allow a user to change their dashboard using a specially crafted HTTP request due to improper access control.
CVE-2023-20882 1 Cloudfoundry 2 Cf-deployment, Routing Release 2025-01-16 5.9 Medium
In Cloud foundry routing release versions from 0.262.0 and prior to 0.266.0,a bug in the gorouter process can lead to a denial of service of applications hosted on Cloud Foundry. Under the right circumstances, when client connections are closed prematurely, gorouter marks the currently selected backend as failed and removes it from the routing pool.
CVE-2024-37966 1 Microsoft 4 Sql Server, Sql Server 2017, Sql Server 2019 and 1 more 2025-01-15 7.1 High
Microsoft SQL Server Native Scoring Information Disclosure Vulnerability
CVE-2023-31227 1 Huawei 1 Emui 2025-01-15 7.5 High
The hwPartsDFR module has a vulnerability in API calling verification. Successful exploitation of this vulnerability may affect device confidentiality.
CVE-2024-43755 1 Adobe 1 Experience Manager 2025-01-15 3.5 Low
Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and affect the integrity of the page. Exploitation of this issue requires user interaction.
CVE-2024-43731 1 Adobe 1 Experience Manager 2025-01-15 4.3 Medium
Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction.
CVE-2024-52831 1 Adobe 1 Experience Manager 2025-01-15 3.5 Low
Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and affect the integrity of the page. Exploitation of this issue requires user interaction.
CVE-2024-54038 1 Adobe 1 Connect 2025-01-15 4.3 Medium
Adobe Connect versions 12.6, 11.4.7 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confidentiality. Exploitation of this issue does not require user interaction.
CVE-2024-43729 1 Adobe 1 Experience Manager 2025-01-15 6.5 Medium
Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a high impact on integrity. Exploitation of this issue does not require user interaction.
CVE-2024-43717 1 Adobe 1 Experience Manager 2025-01-15 4.3 Medium
Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confidentiality. Exploitation of this issue does not require user interaction.
CVE-2024-43716 1 Adobe 1 Experience Manager 2025-01-15 4.3 Medium
Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confidentiality. Exploitation of this issue does not require user interaction.
CVE-2023-22970 2 Fedoraproject, Usebottles 2 Fedora, Bottles 2025-01-15 7.8 High
Bottles before 51.0 mishandles YAML load, which allows remote code execution via a crafted file.
CVE-2023-21515 1 Samsung 1 Galaxy Store 2025-01-15 7.5 High
InstantPlay which included vulnerable script which could execute javascript in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store.
CVE-2020-9222 1 Huawei 1 Fusioncompute 2025-01-15 7 High
There is a privilege escalation vulnerability in Huawei FusionCompute product. Due to insufficient verification on specific files that need to be deserialized, local attackers can exploit this vulnerability to elevate permissions. (Vulnerability ID: HWPSIRT-2020-05241) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9222.
CVE-2023-33440 1 Faculty Evaluation System Project 1 Faculty Evaluation System 2025-01-14 7.2 High
Sourcecodester Faculty Evaluation System v1.0 is vulnerable to arbitrary code execution via /eval/ajax.php?action=save_user.
CVE-2023-33779 1 Xuxueli 1 Xxl-job 2025-01-14 8.8 High
A lateral privilege escalation vulnerability in XXL-Job v2.4.1 allows users to execute arbitrary commands on another user's account via a crafted POST request to the component /jobinfo/.
CVE-2022-22680 1 Synology 1 Diskstation Manager 2025-01-14 5.3 Medium
Exposure of sensitive information to an unauthorized actor vulnerability in Web Server in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to obtain sensitive information via unspecified vectors.
CVE-2018-7184 5 Canonical, Netapp, Ntp and 2 more 10 Ubuntu Linux, Cloud Backup, Steelstore Cloud Integrated Storage and 7 more 2025-01-14 N/A
ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset and setting the contents of the packet as the most recent timestamp. This issue is a result of an incomplete fix for CVE-2015-7704.
CVE-2018-7170 4 Hpe, Netapp, Ntp and 1 more 10 Hpux-ntp, Hci, Solidfire and 7 more 2025-01-14 5.3 Medium
ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. This issue exists because of an incomplete fix for CVE-2016-1549.
CVE-2018-7185 6 Canonical, Hpe, Netapp and 3 more 23 Ubuntu Linux, Hpux-ntp, Hci and 20 more 2025-01-14 7.5 High
The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the "other side" of an interleaved association causing the victim ntpd to reset its association.