Filtered by NVD-CWE-noinfo
Total 35577 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-30611 1 Discourse 1 Reactions 2025-02-05 4.3 Medium
Discourse-reactions is a plugin that allows user to add their reactions to the post in the Discourse messaging platform. In affected versions data about what reactions were performed on a post in a private topic could be leaked. This issue has been addressed in version 0.3. Users are advised to upgrade. Users unable to upgrade should disable the discourse-reactions plugin to fully mitigate the issue.
CVE-2023-29926 1 Powerjob 1 Powerjob 2025-02-05 9.8 Critical
PowerJob V4.3.2 has unauthorized interface that causes remote code execution.
CVE-2023-31060 1 Repetier-server 1 Repetier-server 2025-02-04 9.8 Critical
Repetier Server through 1.4.10 executes as SYSTEM. This can be leveraged in conjunction with CVE-2023-31059 for full compromise.
CVE-2023-2118 1 Devolutions 1 Devolutions Server 2025-02-04 4.3 Medium
Insufficient access control in support ticket feature in Devolutions Server 2023.1.5.0 and below allows an authenticated attacker to send support tickets and download diagnostic files via specific endpoints.
CVE-2023-0206 1 Nvidia 2 Dgx A100, Dgx A100 Firmware 2025-02-04 7.5 High
NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may modify arbitrary memory of SMRAM by exploiting the NVME SMM API. A successful exploit of this vulnerability may lead to denial of service, escalation of privileges, and information disclosure.
CVE-2023-0202 1 Nvidia 2 Dgx A100, Dgx A100 Firmware 2025-02-04 7.5 High
NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may modify arbitrary memory of SMRAM by exploiting the GenericSio and LegacySmmSredir SMM APIs. A successful exploit of this vulnerability may lead to denial of service, escalation of privileges, and information disclosure.
CVE-2023-0203 1 Nvidia 4 Connectx-5, Connectx-6, Connectx-6-dx and 1 more 2025-02-04 5 Medium
NVIDIA ConnectX-5, ConnectX-6, and ConnectX6-DX contain a vulnerability in the NIC firmware, where an unprivileged user can exploit insufficient granularity of access control, which may lead to denial of service.
CVE-2024-36488 1 Intel 2 Driver \& Support Assistant, Dsa Software 2025-02-04 7.3 High
Improper Access Control in some Intel(R) DSA before version 24.3.26.8 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-43489 1 Intel 1 Computing Improvement Program 2025-02-04 5.5 Medium
Improper access control for some Intel(R) CIP software before version 2.4.10717 may allow an authenticated user to potentially enable denial of service via local access.
CVE-2024-36482 1 Intel 2 Cip Software, Computing Improvement Program 2025-02-04 8.2 High
Improper input validation in some Intel(R) CIP software before version 2.4.10852 may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2024-50386 1 Apache 1 Cloudstack 2025-02-04 8.5 High
Account users in Apache CloudStack by default are allowed to register templates to be downloaded directly to the primary storage for deploying instances. Due to missing validation checks for KVM-compatible templates in CloudStack 4.0.0 through 4.18.2.4 and 4.19.0.0 through 4.19.1.2, an attacker that can register templates, can use them to deploy malicious instances on KVM-based environments and exploit this to gain access to the host filesystems that could result in the compromise of resource integrity and confidentiality, data loss, denial of service, and availability of KVM-based infrastructure managed by CloudStack. Users are recommended to upgrade to Apache CloudStack 4.18.2.5 or 4.19.1.3, or later, which addresses this issue. Additionally, all user-registered KVM-compatible templates can be scanned and checked that they are flat files that should not be using any additional or unnecessary features. For example, operators can run the following command on their file-based primary storage(s) and inspect the output. An empty output for the disk being validated means it has no references to the host filesystems; on the other hand, if the output for the disk being validated is not empty, it might indicate a compromised disk. However, bear in mind that (i) volumes created from templates will have references for the templates at first and (ii) volumes can be consolidated while migrating, losing their references to the templates. Therefore, the command execution for the primary storages can show both false positives and false negatives. for file in $(find /path/to/storage/ -type f -regex [a-f0-9\-]*.*); do echo "Retrieving file [$file] info. If the output is not empty, that might indicate a compromised disk; check it carefully."; qemu-img info -U $file | grep file: ; printf "\n\n"; done For checking the whole template/volume features of each disk, operators can run the following command: for file in $(find /path/to/storage/ -type f -regex [a-f0-9\-]*.*); do echo "Retrieving file [$file] info."; qemu-img info -U $file; printf "\n\n"; done
CVE-2024-45761 3 Dell, Linux, Microsoft 3 Openmanage Server Administrator, Linux Kernel, Windows 2025-02-04 5.4 Medium
Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, contains an improper input validation vulnerability. A remote low-privileged malicious user could potentially exploit this vulnerability to load any web plugins or Java class leading to the possibility of altering the behavior of certain apps/OS or Denial of Service.
CVE-2024-0172 1 Dell 186 Dss 8440, Dss 8440 Firmware, Emc Storage Nx3240 and 183 more 2025-02-04 7.9 High
Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper privilege management security vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to privilege escalation.
CVE-2024-0161 1 Dell 172 Dss 8440, Dss 8440 Firmware, Emc Storage Nx3240 and 169 more 2025-02-04 7.2 High
Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A local low privileged attacker could potentially exploit this vulnerability leading to arbitrary writes to SMRAM.
CVE-2024-22459 1 Dell 1 Elastic Cloud Storage 2025-02-04 6.8 Medium
Dell ECS, versions 3.6 through 3.6.2.5, and 3.7 through 3.7.0.6, and 3.8 through 3.8.0.4 versions, contain an improper access control vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to unauthorized access to all buckets and their data within a namespace
CVE-2024-30473 1 Dell 1 Elastic Cloud Storage 2025-02-04 4.9 Medium
Dell ECS, versions prior to 3.8.1, contain a privilege elevation vulnerability in user management. A remote high privileged attacker could potentially exploit this vulnerability, gaining access to unauthorized end points.
CVE-2023-2250 1 Linuxfoundation 1 Open Cluster Management 2025-02-04 6.7 Medium
A flaw was found in the Open Cluster Management (OCM) when a user have access to the worker nodes which has the cluster-manager-registration-controller or cluster-manager deployments. A malicious user can take advantage of this and bind the cluster-admin to any service account or using the service account to list all secrets for all kubernetes namespaces, leading into a cluster-level privilege escalation.
CVE-2023-29570 1 Cesanta 1 Mjs 2025-02-04 5.5 Medium
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_ffi_cb_free at src/mjs_ffi.c. This vulnerability can lead to a Denial of Service (DoS).
CVE-2023-20871 2 Apple, Vmware 2 Mac Os X, Fusion 2025-02-04 7.8 High
VMware Fusion contains a local privilege escalation vulnerability. A malicious actor with read/write access to the host operating system can elevate privileges to gain root access to the host operating system.
CVE-2024-28963 1 Dell 2 Telemetry Dashboard, Thinos 2025-02-04 6.2 Medium
Telemetry Dashboard v1.0.0.7 for Dell ThinOS 2402 contains a sensitive information disclosure vulnerability. An unauthenticated user with local access to the device could exploit this vulnerability to read sensitive proxy settings information.