Filtered by NVD-CWE-noinfo
Total 35577 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2025-0849 1 Campcodes 1 School Management Software 2025-02-04 6.3 Medium
A vulnerability classified as critical has been found in CampCodes School Management Software 1.0. Affected is an unknown function of the file /edit-staff/ of the component Staff Handler. The manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2023-26560 1 Northern.tech 1 Cfengine 2025-02-04 6.5 Medium
Northern.tech CFEngine Enterprise before 3.21.1 allows a subset of authenticated users to leverage the Scheduled Reports feature to read arbitrary files and potentially discover credentials.
CVE-2024-49600 1 Dell 1 Power Manager 2025-02-04 7.8 High
Dell Power Manager (DPM), versions prior to 3.17, contain an improper access control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution and Elevation of Privileges.
CVE-2024-38296 1 Dell 4 Edge Gateway 3200, Edge Gateway 5200, Edge Gateway 5200 Firmware and 1 more 2025-02-04 6.7 Medium
Dell Edge Gateway 3200, versions prior to 15.40.30.2879, and Edge Gateway 5200, versions prior to 12.0.94.2380, contain an Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to information exposure.
CVE-2024-47984 1 Dell 1 Recoverpoint For Virtual Machines 2025-02-04 4.4 Medium
Dell RecoverPoint for Virtual Machines 6.0.x contains Denial of Service vulnerability. A User with Remote access could potentially exploit this vulnerability, leading to the disruption of most functionalities of the RPA persistent after reboot, resulting in need of technical support intervention in getting system back to stable state.
CVE-2024-24902 1 Dell 1 Recoverpoint For Virtual Machines 2025-02-04 6.6 Medium
Dell RecoverPoint for Virtual Machines 6.0.x contains an Improper access control vulnerability. A low privileged local attacker could potentially exploit this vulnerability leading to gaining access to unauthorized data for a limited time.
CVE-2024-47238 1 Dell 16 Edge Gateway 3000, Edge Gateway 3000 Firmware, Edge Gateway 3001 and 13 more 2025-02-04 7.5 High
Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code execution.
CVE-2024-29961 1 Broadcom 1 Brocade Sannav 2025-02-04 8.2 High
A vulnerability affects Brocade SANnav before v2.3.1 and v2.3.0a. It allows a Brocade SANnav service to send ping commands in the background at regular intervals to gridgain.com to check if updates are available for the Component. This could make an unauthenticated, remote attacker aware of the behavior and launch a supply-chain attack against a Brocade SANnav appliance.
CVE-2025-22395 1 Dell 1 Update Package Framework 2025-02-04 8.2 High
Dell Update Package Framework, versions prior to 22.01.02, contain(s) a Local Privilege Escalation Vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary remote scripts on the server. Exploitation may lead to a denial of service by an attacker.
CVE-2024-47239 1 Dell 1 Powerscale Onefs 2025-02-04 6.5 Medium
Dell PowerScale OneFS versions 8.2.2.x through 9.9.0.0 contain an uncontrolled resource consumption vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to denial of service.
CVE-2023-2282 2 Devolutions, Microsoft 2 Remote Desktop Manager, Windows 2025-02-04 3.1 Low
Improper access control in the Web Login listener in Devolutions Remote Desktop Manager 2023.1.22 and earlier on Windows allows an authenticated user to bypass administrator-enforced Web Login restrictions and gain access to entries via an unexpected vector.
CVE-2023-23839 1 Solarwinds 1 Solarwinds Platform 2025-02-04 6.5 Medium
The SolarWinds Platform was susceptible to the Exposure of Sensitive Information Vulnerability. This vulnerability allows users to access Orion.WebCommunityStrings SWIS schema object and obtain sensitive information.
CVE-2024-3544 1 Progress 1 Loadmaster 2025-02-03 7.5 High
Unauthenticated attackers can perform actions, using SSH private keys, by knowing the IP address and having access to the same network of one of the machines in the HA or Cluster group. This vulnerability has been closed by enhancing LoadMaster partner communications to require a shared secret that must be exchanged between the partners before communication can proceed.
CVE-2024-45331 1 Fortinet 4 Fortianalyzer, Fortianalyzer Cloud, Fortimanager and 1 more 2025-02-03 6.9 Medium
A incorrect privilege assignment in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15, FortiManager versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15, FortiAnalyzer Cloud versions 7.4.1 through 7.4.2, 7.2.1 through 7.2.6, 7.0.1 through 7.0.13, 6.4.1 through 6.4.7 allows attacker to escalate privilege via specific shell commands
CVE-2024-11263 2 Zephyrproject, Zephyrproject-rtos 2 Zephyr, Zephyr 2025-02-03 9.4 Critical
When the Global Pointer (GP) relative addressing is enabled (CONFIG_RISCV_GP=y), the gp reg points at 0x800 bytes past the start of the .sdata section which is then used by the linker to relax accesses to global symbols.
CVE-2023-31178 1 Agilepoint 1 Agilepoint Nx 2025-02-03 8.1 High
AgilePoint NX v8.0 SU2.2 & SU2.3 – Arbitrary File Delete Vulnerability allows arbitrary file deletion, by an unspecified request.
CVE-2021-44476 1 Odoo 1 Odoo 2025-02-03 6.8 Medium
A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to read local files on the server, including sensitive configuration files.
CVE-2022-25278 1 Drupal 1 Drupal 2025-02-03 6.5 Medium
Under certain circumstances, the Drupal core form API evaluates form element access incorrectly. This may lead to a user being able to alter data they should not have access to. No forms provided by Drupal core are known to be vulnerable. However, forms added through contributed or custom modules or themes may be affected.
CVE-2022-3405 3 Acronis, Linux, Microsoft 4 Cyber Backup, Cyber Protect, Linux Kernel and 1 more 2025-02-03 8.8 High
Code execution and sensitive information disclosure due to excessive privileges assigned to Acronis Agent. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 29486, Acronis Cyber Backup 12.5 (Windows, Linux) before build 16545.
CVE-2023-30404 1 Aigital 2 Wireless-n Repeater Mini Router, Wireless-n Repeater Mini Router Firmware 2025-02-03 9.8 Critical
Aigital Wireless-N Repeater Mini_Router v0.131229 was discovered to contain a remote code execution (RCE) vulnerability via the sysCmd parameter in the formSysCmd function. This vulnerability is exploited via a crafted HTTP request.