Total
35577 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-0838 | 1 Gitlab | 1 Gitlab | 2025-02-10 | 5.5 Medium |
| An issue has been discovered in GitLab affecting versions starting from 15.1 before 15.8.5, 15.9 before 15.9.4, and 15.10 before 15.10.1. A maintainer could modify a webhook URL to leak masked webhook secrets by adding a new parameter to the url. This addresses an incomplete fix for CVE-2022-4342. | ||||
| CVE-2024-20857 | 1 Samsung | 1 Android | 2025-02-10 | 4 Medium |
| Improper access control vulnerability in startListening of CocktailBarService prior to SMR May-2024 Release 1 allows local attackers to access information of current application. | ||||
| CVE-2024-20858 | 2 Samsung, Samsung Mobile | 2 Android, Cocktailbarservice | 2025-02-10 | 4 Medium |
| Improper access control vulnerability in setCocktailHostCallbacks of CocktailBarService prior to SMR May-2024 Release 1 allows local attackers to access information of current application. | ||||
| CVE-2024-21989 | 1 Netapp | 1 Ontap Select Deploy Administration Utility | 2025-02-10 | 8.1 High |
| ONTAP Select Deploy administration utility versions 9.12.1.x, 9.13.1.x and 9.14.1.x are susceptible to a vulnerability which when successfully exploited could allow a read-only user to escalate their privileges. | ||||
| CVE-2023-1980 | 1 Devolutions | 1 Remote Desktop Manager | 2025-02-10 | 6.5 Medium |
| Two factor authentication bypass on login in Devolutions Remote Desktop Manager 2022.3.35 and earlier allow user to cancel the two factor authentication via the application user interface and open entries. | ||||
| CVE-2024-38370 | 1 Glpi-project | 1 Glpi | 2025-02-10 | 5.3 Medium |
| GLPI is a free asset and IT management software package. Starting in 9.2.0 and prior to 11.0.0, it is possible to download a document from the API without appropriate rights. Upgrade to 10.0.16. | ||||
| CVE-2023-27703 | 1 Mypikpak | 1 Pikpak | 2025-02-10 | 3.3 Low |
| The Android version of pikpak v1.29.2 was discovered to contain an information leak via the debug interface. | ||||
| CVE-2023-27654 | 1 Whoapp | 1 Who | 2025-02-10 | 9.8 Critical |
| An issue found in WHOv.1.0.28, v.1.0.30, v.1.0.32 allows an attacker to cause a escalation of privileges via the TTMultiProvider component. | ||||
| CVE-2023-27653 | 1 Whoapp | 1 Who | 2025-02-10 | 7.5 High |
| An issue found in WHOv.1.0.28, v.1.0.30, v.1.0.32 allows an attacker to cause a denial of service via the SharedPreference files. | ||||
| CVE-2023-27647 | 1 Dualspace | 1 Lock Master | 2025-02-10 | 7.1 High |
| An issue found in DUALSPACE Lock Master v.2.2.4 allows a local attacker to cause a denial of service or gain sensitive information via the com.ludashi.superlock.util.pref.SharedPrefProviderEntryMethod: insert of the android.net.Uri.insert method. | ||||
| CVE-2023-23591 | 1 Terminalfour | 1 Terminalfour | 2025-02-10 | 4.9 Medium |
| The Logback component in Terminalfour before 8.3.14.1 allows OS administrators to obtain sensitive information from application server logs when debug logging is enabled. The fixed versions are 8.2.18.7, 8.2.18.2.2, 8.3.11.1, and 8.3.14.1. | ||||
| CVE-2018-15472 | 1 Gitlab | 1 Gitlab | 2025-02-10 | 7.5 High |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. The diff formatter using rouge can block for a long time in Sidekiq jobs without any timeout. | ||||
| CVE-2022-33959 | 1 Ibm | 1 Sterling Order Management | 2025-02-10 | 5.4 Medium |
| IBM Sterling Order Management 10.0 could allow a user to bypass validation and perform unauthorized actions on behalf of other users. IBM X-Force ID: 229320. | ||||
| CVE-2022-43928 | 1 Ibm | 1 Db2 Mirror For I | 2025-02-10 | 4.9 Medium |
| The IBM Toolbox for Java (Db2 Mirror for i 7.4 and 7.5) could allow a user to obtain sensitive information, caused by utilizing a Java string for processing. Since Java strings are immutable, their contents exist in memory until garbage collected. This means sensitive data could be visible in memory over an indefinite amount of time. IBM has addressed this issue by reducing the amount of time the sensitive data is visible in memory. IBM X-Force ID: 241675. | ||||
| CVE-2024-37484 | 1 Zephyr-one | 1 Zephyr Project Manager | 2025-02-10 | 8.8 High |
| Improper Privilege Management vulnerability in Dylan James Zephyr Project Manager allows Privilege Escalation.This issue affects Zephyr Project Manager: from n/a through 3.3.97. | ||||
| CVE-2023-29580 | 1 Yasm Project | 1 Yasm | 2025-02-08 | 5.5 Medium |
| yasm 1.3.0.55.g101bc was discovered to contain a segmentation violation via the component yasm_expr_create at /libyasm/expr.c. | ||||
| CVE-2023-29574 | 1 Axiosys | 1 Bento4 | 2025-02-08 | 5.5 Medium |
| Bento4 v1.6.0-639 was discovered to contain an out-of-memory bug in the mp42avc component. | ||||
| CVE-2023-29571 | 1 Cesanta | 1 Mjs | 2025-02-08 | 5.5 Medium |
| Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via gc_sweep at src/mjs_gc.c. This vulnerability can lead to a Denial of Service (DoS). | ||||
| CVE-2022-45180 | 1 Liveboxcloud | 1 Vdesk | 2025-02-07 | 6.5 Medium |
| An issue was discovered in LIVEBOX Collaboration vDesk through v018. Broken Access Control exists under the /api/v1/vdesk_{DOMAIN]/export endpoint. A malicious user, authenticated to the product without any specific privilege, can use the API for exporting information about all users of the system (an operation intended to only be available to the system administrator). | ||||
| CVE-2022-45178 | 1 Liveboxcloud | 1 Vdesk | 2025-02-07 | 8.8 High |
| An issue was discovered in LIVEBOX Collaboration vDesk through v018. Broken Access Control exists under the /api/v1/vdeskintegration/saml/user/createorupdate endpoint, the /settings/guest-settings endpoint, the /settings/samlusers-settings endpoint, and the /settings/users-settings endpoint. A malicious user (already logged in as a SAML User) is able to achieve privilege escalation from a low-privilege user (FGM user) to an administrative user (GGU user), including the administrator, or create new users even without an admin role. | ||||