Filtered by NVD-CWE-noinfo
Total 35577 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-0838 1 Gitlab 1 Gitlab 2025-02-10 5.5 Medium
An issue has been discovered in GitLab affecting versions starting from 15.1 before 15.8.5, 15.9 before 15.9.4, and 15.10 before 15.10.1. A maintainer could modify a webhook URL to leak masked webhook secrets by adding a new parameter to the url. This addresses an incomplete fix for CVE-2022-4342.
CVE-2024-20857 1 Samsung 1 Android 2025-02-10 4 Medium
Improper access control vulnerability in startListening of CocktailBarService prior to SMR May-2024 Release 1 allows local attackers to access information of current application.
CVE-2024-20858 2 Samsung, Samsung Mobile 2 Android, Cocktailbarservice 2025-02-10 4 Medium
Improper access control vulnerability in setCocktailHostCallbacks of CocktailBarService prior to SMR May-2024 Release 1 allows local attackers to access information of current application.
CVE-2024-21989 1 Netapp 1 Ontap Select Deploy Administration Utility 2025-02-10 8.1 High
ONTAP Select Deploy administration utility versions 9.12.1.x, 9.13.1.x and 9.14.1.x are susceptible to a vulnerability which when successfully exploited could allow a read-only user to escalate their privileges.
CVE-2023-1980 1 Devolutions 1 Remote Desktop Manager 2025-02-10 6.5 Medium
Two factor authentication bypass on login in Devolutions Remote Desktop Manager 2022.3.35 and earlier allow user to cancel the two factor authentication via the application user interface and open entries.
CVE-2024-38370 1 Glpi-project 1 Glpi 2025-02-10 5.3 Medium
GLPI is a free asset and IT management software package. Starting in 9.2.0 and prior to 11.0.0, it is possible to download a document from the API without appropriate rights. Upgrade to 10.0.16.
CVE-2023-27703 1 Mypikpak 1 Pikpak 2025-02-10 3.3 Low
The Android version of pikpak v1.29.2 was discovered to contain an information leak via the debug interface.
CVE-2023-27654 1 Whoapp 1 Who 2025-02-10 9.8 Critical
An issue found in WHOv.1.0.28, v.1.0.30, v.1.0.32 allows an attacker to cause a escalation of privileges via the TTMultiProvider component.
CVE-2023-27653 1 Whoapp 1 Who 2025-02-10 7.5 High
An issue found in WHOv.1.0.28, v.1.0.30, v.1.0.32 allows an attacker to cause a denial of service via the SharedPreference files.
CVE-2023-27647 1 Dualspace 1 Lock Master 2025-02-10 7.1 High
An issue found in DUALSPACE Lock Master v.2.2.4 allows a local attacker to cause a denial of service or gain sensitive information via the com.ludashi.superlock.util.pref.SharedPrefProviderEntryMethod: insert of the android.net.Uri.insert method.
CVE-2023-23591 1 Terminalfour 1 Terminalfour 2025-02-10 4.9 Medium
The Logback component in Terminalfour before 8.3.14.1 allows OS administrators to obtain sensitive information from application server logs when debug logging is enabled. The fixed versions are 8.2.18.7, 8.2.18.2.2, 8.3.11.1, and 8.3.14.1.
CVE-2018-15472 1 Gitlab 1 Gitlab 2025-02-10 7.5 High
An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. The diff formatter using rouge can block for a long time in Sidekiq jobs without any timeout.
CVE-2022-33959 1 Ibm 1 Sterling Order Management 2025-02-10 5.4 Medium
IBM Sterling Order Management 10.0 could allow a user to bypass validation and perform unauthorized actions on behalf of other users. IBM X-Force ID: 229320.
CVE-2022-43928 1 Ibm 1 Db2 Mirror For I 2025-02-10 4.9 Medium
The IBM Toolbox for Java (Db2 Mirror for i 7.4 and 7.5) could allow a user to obtain sensitive information, caused by utilizing a Java string for processing. Since Java strings are immutable, their contents exist in memory until garbage collected. This means sensitive data could be visible in memory over an indefinite amount of time. IBM has addressed this issue by reducing the amount of time the sensitive data is visible in memory. IBM X-Force ID: 241675.
CVE-2024-37484 1 Zephyr-one 1 Zephyr Project Manager 2025-02-10 8.8 High
Improper Privilege Management vulnerability in Dylan James Zephyr Project Manager allows Privilege Escalation.This issue affects Zephyr Project Manager: from n/a through 3.3.97.
CVE-2023-29580 1 Yasm Project 1 Yasm 2025-02-08 5.5 Medium
yasm 1.3.0.55.g101bc was discovered to contain a segmentation violation via the component yasm_expr_create at /libyasm/expr.c.
CVE-2023-29574 1 Axiosys 1 Bento4 2025-02-08 5.5 Medium
Bento4 v1.6.0-639 was discovered to contain an out-of-memory bug in the mp42avc component.
CVE-2023-29571 1 Cesanta 1 Mjs 2025-02-08 5.5 Medium
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via gc_sweep at src/mjs_gc.c. This vulnerability can lead to a Denial of Service (DoS).
CVE-2022-45180 1 Liveboxcloud 1 Vdesk 2025-02-07 6.5 Medium
An issue was discovered in LIVEBOX Collaboration vDesk through v018. Broken Access Control exists under the /api/v1/vdesk_{DOMAIN]/export endpoint. A malicious user, authenticated to the product without any specific privilege, can use the API for exporting information about all users of the system (an operation intended to only be available to the system administrator).
CVE-2022-45178 1 Liveboxcloud 1 Vdesk 2025-02-07 8.8 High
An issue was discovered in LIVEBOX Collaboration vDesk through v018. Broken Access Control exists under the /api/v1/vdeskintegration/saml/user/createorupdate endpoint, the /settings/guest-settings endpoint, the /settings/samlusers-settings endpoint, and the /settings/users-settings endpoint. A malicious user (already logged in as a SAML User) is able to achieve privilege escalation from a low-privilege user (FGM user) to an administrative user (GGU user), including the administrator, or create new users even without an admin role.