Filtered by NVD-CWE-noinfo
Total 35577 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-24198 1 Pymumu 1 Smartdns 2025-02-13 7.5 High
smartdns commit 54b4dc was discovered to contain a misaligned address at smartdns/src/util.c.
CVE-2024-24195 2 Robdns, Robertdavidgraham 2 Robdns, Robdns 2025-02-13 7.5 High
robdns commit d76d2e6 was discovered to contain a misaligned address at /src/zonefile-insertion.c.
CVE-2022-35797 1 Microsoft 2 Windows 10, Windows 11 2025-02-13 6.1 Medium
Windows Hello Security Feature Bypass Vulnerability
CVE-2022-35795 1 Microsoft 10 Windows 10, Windows 11, Windows 7 and 7 more 2025-02-13 7.8 High
Windows Error Reporting Service Elevation of Privilege Vulnerability
CVE-2022-35794 1 Microsoft 5 Windows 10, Windows 11, Windows Server 2016 and 2 more 2025-02-13 8.1 High
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
CVE-2023-26817 1 Pgyer 1 Codefever 2025-02-12 8.8 High
codefever before 2023.2.7-commit-b1c2e7f was discovered to contain a remote code execution (RCE) vulnerability via the component /controllers/api/user.php.
CVE-2022-35784 1 Microsoft 1 Azure Site Recovery Vmware To Azure 2025-02-12 6.5 Medium
Azure Site Recovery Elevation of Privilege Vulnerability
CVE-2022-35783 1 Microsoft 1 Azure Site Recovery Vmware To Azure 2025-02-12 4.4 Medium
Azure Site Recovery Elevation of Privilege Vulnerability
CVE-2025-20892 1 Samsung 1 Android 2025-02-12 5.9 Medium
Protection Mechanism Failure in bootloader prior to SMR Jan-2025 Release 1 allows physical attackers to allow to execute fastboot command. User interaction is required for triggering this vulnerability.
CVE-2025-0802 1 Mayurik 1 Best Employee Management System 2025-02-12 7.3 High
A vulnerability classified as critical was found in SourceCodester Best Employee Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/View_user.php of the component Administrative Endpoint. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-45626 1 Apache 1 James Server 2025-02-12 6.5 Medium
Apache James server JMAP HTML to text plain implementation in versions below 3.8.2 and 3.7.6 is subject to unbounded memory consumption that can result in a denial of service. Users are recommended to upgrade to version 3.7.6 and 3.8.2, which fix this issue.
CVE-2022-27597 1 Qnap 18 Qts, Quts Hero, Qutscloud and 15 more 2025-02-12 2.7 Low
A vulnerability has been reported to affect QNAP operating systems. If exploited, the out-of-bounds read vulnerability allows remote authenticated administrators to get secret values. The vulnerability affects the following QNAP operating systems: QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances) We have already fixed the vulnerability in the following versions: QTS 5.0.1.2346 build 20230322 and later QuTS hero h5.0.1.2348 build 20230324 and later
CVE-2022-27598 1 Qnap 17 Qts, Quts Hero, Qutscloud and 14 more 2025-02-12 2.7 Low
A vulnerability has been reported to affect QNAP operating systems. If exploited, the out-of-bounds read vulnerability allows remote authenticated administrators to get secret values. The vulnerability affects the following QNAP operating systems: QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances) We have already fixed the vulnerability in the following versions: QTS 5.0.1.2346 build 20230322 and later QuTS hero h5.0.1.2348 build 20230324 and later
CVE-2023-29108 1 Sap 2 Abap Platform Kernel, Web Dispatcher 2025-02-12 5 Medium
The IP filter in ABAP Platform and SAP Web Dispatcher - versions WEBDISP 7.85, 7.89, KERNEL 7.85, 7.89, 7.91, may be vulnerable by erroneous IP netmask handling. This may enable access to backend applications from unwanted sources.
CVE-2024-30269 1 Dataease 1 Dataease 2025-02-12 5.3 Medium
DataEase, an open source data visualization and analysis tool, has a database configuration information exposure vulnerability prior to version 2.5.0. Visiting the `/de2api/engine/getEngine;.js` path via a browser reveals that the platform's database configuration is returned. The vulnerability has been fixed in v2.5.0. No known workarounds are available aside from upgrading.
CVE-2023-29465 1 Sagemath 1 Flintqs 2025-02-12 5.5 Medium
SageMath FlintQS 1.0 relies on pathnames under TMPDIR (typically world-writable), which (for example) allows a local user to overwrite files with the privileges of a different user (who is running FlintQS).
CVE-2023-27180 1 Gdidees 1 Gdidees Cms 2025-02-12 7.5 High
GDidees CMS v3.9.1 was discovered to contain a source code disclosure vulnerability by the backup feature which is accessible via /_admin/backup.php.
CVE-2022-32871 1 Apple 1 Iphone Os 2025-02-12 2.4 Low
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16. A person with physical access to a device may be able to use Siri to access private calendar information
CVE-2023-28950 5 Hp, Ibm, Linux and 2 more 7 Hp-ux, Aix, I and 4 more 2025-02-12 5.1 Medium
IBM MQ 8.0, 9.0, 9.1, 9.2, and 9.3 could disclose sensitive user information from a trace file if that functionality has been enabled. IBM X-Force ID: 251358.
CVE-2023-6533 1 Silabs 1 Z-wave Pc-based Controller 2025-02-12 6.5 Medium
Malformed Device Reset Locally Command Class packets can be sent to the controller, causing the controller to assume the end device has left the network. After this, frames sent by the end device will not be acknowledged by the controller. This vulnerability exists in PC Controller v5.54.0, and earlier.