Total
2666 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-29256 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Db2 and 3 more | 2025-02-13 | 5.3 Medium |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to an information disclosure due to improper privilege management when certain federation features are used. IBM X-Force ID: 252046. | ||||
| CVE-2023-27558 | 2 Ibm, Microsoft | 3 Db2, Db2 Windows, Windows | 2025-02-13 | 8.4 High |
| IBM Db2 on Windows 10.5, 11.1, and 11.5 may be vulnerable to a privilege escalation caused by at least one installed service using an unquoted service path. A local attacker could exploit this vulnerability to gain elevated privileges by inserting an executable file in the path of the affected service. IBM X-Force ID: 249194. | ||||
| CVE-2021-26697 | 1 Apache | 1 Airflow | 2025-02-13 | 5.3 Medium |
| The lineage endpoint of the deprecated Experimental API was not protected by authentication in Airflow 2.0.0. This allowed unauthenticated users to hit that endpoint. This is low-severity issue as the attacker needs to be aware of certain parameters to pass to that endpoint and even after can just get some metadata about a DAG and a Task. This issue affects Apache Airflow 2.0.0. | ||||
| CVE-2018-16838 | 2 Fedoraproject, Redhat | 2 Sssd, Enterprise Linux | 2025-02-13 | N/A |
| A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access. | ||||
| CVE-2018-1495 | 1 Ibm | 4 Flashsystem 840, Flashsystem 840 Firmware, Flashsystem 900 and 1 more | 2025-02-13 | N/A |
| IBM FlashSystem V840 and V900 products could allow an authenticated attacker with specialized access to overwrite arbitrary files which could cause a denial of service. IBM X-Force ID: 141148. | ||||
| CVE-2023-20680 | 2 Google, Mediatek | 22 Android, Mt6779, Mt6781 and 19 more | 2025-02-12 | 6.7 Medium |
| In adsp, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07664785; Issue ID: ALPS07664785. | ||||
| CVE-2023-1762 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-02-12 | 8.8 High |
| Improper Privilege Management in GitHub repository thorsten/phpmyfaq prior to 3.1.12. | ||||
| CVE-2024-34370 | 1 Wpfactory | 1 Ean For Woocommerce | 2025-02-12 | 7.2 High |
| Improper Privilege Management vulnerability in WPFactory EAN for WooCommerce allows Privilege Escalation.This issue affects EAN for WooCommerce: from n/a through 4.8.9. | ||||
| CVE-2023-51546 | 1 Webtoffee | 1 Woocommerce Pdf Invoices\, Packing Slips\, Delivery Notes And Shipping Labels | 2025-02-11 | 7.2 High |
| Improper Privilege Management vulnerability in WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels allows Privilege Escalation.This issue affects WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels: from n/a through 4.2.1. | ||||
| CVE-2024-11128 | 1 Bitdefender | 1 Virus Scanner | 2025-02-11 | 7.8 High |
| A vulnerability in the BitdefenderVirusScanner binary as used in Bitdefender Virus Scanner for MacOS may allow .dynamic library injection (DYLD injection) without being blocked by AppleMobileFileIntegrity (AMFI). This issue is caused by the absence of Hardened Runtime or Library Validation signing. This issue affects Bitdefender Virus Scanner versions before 3.18. | ||||
| CVE-2023-0192 | 4 Citrix, Nvidia, Redhat and 1 more | 4 Hypervisor, Virtual Gpu, Enterprise Linux Kernel-based Virtual Machine and 1 more | 2025-02-11 | 4.7 Medium |
| NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer handler, where improper privilege management can lead to escalation of privileges and information disclosure. | ||||
| CVE-2024-21118 | 1 Oracle | 1 Outside In Technology | 2025-02-10 | 5.3 Medium |
| Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Core). Supported versions that are affected are 8.5.6 and 8.5.7. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Outside In Technology executes to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. CVSS 3.1 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L). | ||||
| CVE-2024-21034 | 1 Oracle | 1 Complex Maintenance Repair And Overhaul | 2025-02-10 | 6.1 Medium |
| Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). | ||||
| CVE-2023-27645 | 1 Powerampapp | 1 Poweramp | 2025-02-10 | 9.8 Critical |
| An issue found in POWERAMP audioplayer build 925 bundle play and build 954 allows a remote attacker to gain privileges via the reverb and EQ preset parameters. | ||||
| CVE-2024-21989 | 1 Netapp | 1 Ontap Select Deploy Administration Utility | 2025-02-10 | 8.1 High |
| ONTAP Select Deploy administration utility versions 9.12.1.x, 9.13.1.x and 9.14.1.x are susceptible to a vulnerability which when successfully exploited could allow a read-only user to escalate their privileges. | ||||
| CVE-2023-28632 | 1 Glpi-project | 1 Glpi | 2025-02-10 | 8.1 High |
| GLPI is a free asset and IT management software package. Starting in version 0.83 and prior to versions 9.5.13 and 10.0.7, an authenticated user can modify emails of any user, and can therefore takeover another user account through the "forgotten password" feature. By modifying emails, the user can also receive sensitive data through GLPI notifications. Versions 9.5.13 and 10.0.7 contain a patch for this issue. As a workaround, account takeover can be prevented by deactivating all notifications related to `Forgotten password?` event. However, it will not prevent unauthorized modification of any user emails. | ||||
| CVE-2023-28855 | 1 Teclib-edition | 1 Fields | 2025-02-10 | 6.5 Medium |
| Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to versions 1.13.1 and 1.20.4, lack of access control check allows any authenticated user to write data to any fields container, including those to which they have no configured access. Versions 1.13.1 and 1.20.4 contain a patch for this issue. | ||||
| CVE-2023-27654 | 1 Whoapp | 1 Who | 2025-02-10 | 9.8 Critical |
| An issue found in WHOv.1.0.28, v.1.0.30, v.1.0.32 allows an attacker to cause a escalation of privileges via the TTMultiProvider component. | ||||
| CVE-2024-37484 | 1 Zephyr-one | 1 Zephyr Project Manager | 2025-02-10 | 8.8 High |
| Improper Privilege Management vulnerability in Dylan James Zephyr Project Manager allows Privilege Escalation.This issue affects Zephyr Project Manager: from n/a through 3.3.97. | ||||
| CVE-2023-47868 | 1 Gvectors | 1 Wpforo Forum | 2025-02-09 | 7.3 High |
| Improper Privilege Management vulnerability in wpForo wpForo Forum allows Privilege Escalation.This issue affects wpForo Forum: from n/a through 2.2.3. | ||||