Filtered by NVD-CWE-noinfo
Total 35577 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-22235 1 Vmware 2 Aria Operations, Cloud Foundation 2025-03-20 6.7 Medium
VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'.
CVE-2024-31399 1 Cybozu 1 Garoon 2025-03-20 5.3 Medium
Excessive platform resource consumption within a loop issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, processing a crafted mail may cause a denial-of-service (DoS) condition.
CVE-2023-25758 1 Onekey 4 Onekey Mini, Onekey Mini Firmware, Onekey Touch and 1 more 2025-03-20 4.2 Medium
Onekey Touch devices through 4.0.0 and Onekey Mini devices through 2.10.0 allow man-in-the-middle attackers to obtain the seed phase. The man-in-the-middle access can only be obtained after disassembling a device (i.e., here, "man-in-the-middle" does not refer to the attacker's position on an IP network). NOTE: the vendor states that "our hardware team has updated the security patch without anyone being affected."
CVE-2024-3174 1 Google 1 Chrome 2025-03-20 8.8 High
Inappropriate implementation in V8 in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2024-38970 1 Vaethink 1 Vaethink 2025-03-20 4.9 Medium
vaeThink 1.0.2 is vulnerable to Information Disclosure via the system backend,access management administrator function.
CVE-2024-5691 2 Mozilla, Redhat 8 Firefox, Firefox Esr, Thunderbird and 5 more 2025-03-19 4.7 Medium
By tricking the browser with a `X-Frame-Options` header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.
CVE-2023-42957 1 Apple 4 Ipados, Iphone Os, Macos and 1 more 2025-03-19 3.3 Low
A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10. An app may be able to read sensitive location information.
CVE-2023-28452 1 Coredns.io 1 Coredns 2025-03-19 7.5 High
An issue was discovered in CoreDNS through 1.10.1. There is a vulnerability in DNS resolving software, which triggers a resolver to ignore valid responses, thus causing denial of service for normal resolution. In an exploit, the attacker could just forge a response targeting the source port of a vulnerable resolver without the need to guess the correct TXID.
CVE-2023-23458 1 Sunellsecurity 14 Sn-adr3804e1, Sn-adr3804e1 Firmware, Sn-adr3808e1 and 11 more 2025-03-19 6.5 Medium
Sunell DVR, latest version, CWE-200: Exposure of Sensitive Information to an Unauthorized Actor through an unspecified request.
CVE-2023-24499 1 Butterfly-button Project 1 Butterfly-button 2025-03-19 4.3 Medium
Butterfly Button plugin may leave traces of its use on user's device. Since it is used for reporting domestic problems, this may lead to spouse knowing about its use.
CVE-2023-22938 1 Splunk 2 Splunk, Splunk Cloud Platform 2025-03-19 4.3 Medium
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘sendemail’ REST API endpoint lets any authenticated user send an email as the Splunk instance. The endpoint is now restricted to the ‘splunk-system-user’ account on the local instance.
CVE-2024-33880 2 Microsoft, Virtosoftware 2 Sharepoint Server, Sharepoint Bulk File Download 2025-03-19 5.3 Medium
An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. It discloses full pathnames via Virto.SharePoint.FileDownloader/Api/Download.ashx?action=archive.
CVE-2024-31315 1 Google 1 Android 2025-03-19 5.3 Medium
In multiple functions of ManagedServices.java, there is a possible way to hide an app with notification access in the Device & app notifications settings due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
CVE-2024-0034 1 Google 1 Android 2025-03-19 7.8 High
In BackgroundLaunchProcessController, there is a possible way to launch arbitrary activity from the background due to BAL Bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2023-20927 1 Google 1 Android 2025-03-19 7.8 High
In permissions of AndroidManifest.xml, there is a possible way to grant signature permissions due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-244216503
CVE-2022-42455 1 Asus 1 Armoury Crate 2025-03-19 7.8 High
ASUS EC Tool driver (aka d.sys) 1beb15c90dcf7a5234ed077833a0a3e900969b60be1d04fcebce0a9f8994bdbb, as signed by ASUS and shipped with multiple ASUS software products, contains multiple IOCTL handlers that provide raw read and write access to port I/O and MSRs via unprivileged IOCTL calls. Local users can gain privileges.
CVE-2022-38935 1 Niter 1 Niterforum 2025-03-19 8.8 High
An issue was discovered in NiterForum version 2.5.0-beta in /src/main/java/cn/niter/forum/api/SsoApi.java and /src/main/java/cn/niter/forum/controller/AdminController.java, allows attackers to gain escalated privileges.
CVE-2018-9412 1 Google 1 Android 2025-03-19 5.5 Medium
In removeUnsynchronization of ID3.cpp there is a possible resource exhaustion due to improper input validation. This could lead to denial of service with no additional execution privileges needed. User interaction is needed for exploitation.
CVE-2024-7974 1 Google 1 Chrome 2025-03-19 8.8 High
Insufficient data validation in V8 API in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Medium)
CVE-2023-25765 1 Jenkins 1 Email Extension 2025-03-19 9.9 Critical
In Jenkins Email Extension Plugin 2.93 and earlier, templates defined inside a folder were not subject to Script Security protection, allowing attackers able to define email templates in folders to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.