Filtered by NVD-CWE-noinfo
Total 35577 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-33503 1 Fortinet 4 Fortianalyzer, Fortianalyzer Cloud, Fortimanager and 1 more 2025-01-31 6.7 Medium
A improper privilege management in Fortinet FortiManager version 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14 allows attacker to escalation of privilege via specific shell commands
CVE-2023-31444 1 Talend 1 Studio 2025-01-31 7.5 High
In Talend Studio before 7.3.1-R2022-10 and 8.x before 8.0.1-R2022-09, microservices allow unauthenticated access to the Jolokia endpoint of the microservice. This allows for remote access to the JVM via the Jolokia JMX-HTTP bridge.
CVE-2022-41739 1 Ibm 1 Spectrum Scale Container Native Storage Access 2025-01-31 7.9 High
IBM Spectrum Scale (IBM Spectrum Scale Container Native Storage Access 5.1.2.1 through 5.1.6.0) could allow programs running inside the container to overcome isolation mechanism and gain additional capabilities or access sensitive information on the host. IBM X-Force ID: 237815.
CVE-2024-46665 1 Fortinet 1 Fortios 2025-01-31 3.5 Low
An insertion of sensitive information into sent data vulnerability [CWE-201] in FortiOS 7.6.0, 7.4.0 through 7.4.4 may allow an attacker in a man-in-the-middle position to retrieve the RADIUS accounting server shared secret via intercepting accounting-requests.
CVE-2023-38729 5 Hp, Ibm, Linux and 2 more 8 Hp-ux, Aix, Db2 and 5 more 2025-01-31 6.8 Medium
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to sensitive information disclosure when using ADMIN_CMD with IMPORT or EXPORT.
CVE-2024-2427 1 Rockwellautomation 2 Powerflex 527 Ac Drives, Powerflex 527 Ac Drives Firmware 2025-01-31 7.5 High
A denial-of-service vulnerability exists in the Rockwell Automation PowerFlex® 527 due to improper traffic throttling in the device. If multiple data packets are sent to the device repeatedly the device will crash and require a manual restart to recover.
CVE-2024-2426 1 Rockwellautomation 2 Powerflex 527 Ac Drives, Powerflex 527 Ac Drives Firmware 2025-01-31 7.5 High
A denial-of-service vulnerability exists in the Rockwell Automation PowerFlex® 527 due to improper input validation in the device. If exploited, a disruption in the CIP communication will occur and a manual restart will be required by the user to recover it.
CVE-2024-2425 1 Rockwellautomation 2 Powerflex 527 Ac Drives, Powerflex 527 Ac Drives Firmware 2025-01-31 7.5 High
A denial-of-service vulnerability exists in the Rockwell Automation PowerFlex® 527 due to improper input validation in the device. If exploited, the web server will crash and need a manual restart to recover it.
CVE-2023-31670 1 Webassembly 1 Webassembly Binary Toolkit 2025-01-31 7.5 High
An issue in wasm2c 1.0.32, wasm2wat 1.0.32, wasm-decompile 1.0.32, and wasm-validate 1.0.32 allows attackers to cause a Denial of Service (DoS) via running a crafted binary.
CVE-2023-30506 1 Arubanetworks 1 Edgeconnect Enterprise 2025-01-31 7.2 High
Vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface that allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.
CVE-2024-52555 1 Jetbrains 1 Webstorm 2025-01-31 6.3 Medium
In JetBrains WebStorm before 2024.3 code execution in Untrusted Project mode was possible via type definitions installer script
CVE-2023-31458 1 Mitel 1 Mivoice Connect 2025-01-31 9.8 Critical
A vulnerability in the Edge Gateway component of Mitel MiVoice Connect versions 19.3 SP2 (22.24.1500.0) and earlier could allow an unauthenticated attacker with internal network access to authenticate with administrative privileges, because initial installation does not enforce a password change. A successful exploit could allow an attacker to make arbitrary configuration changes and execute arbitrary commands.
CVE-2023-31457 1 Mitel 1 Mivoice Connect 2025-01-31 9.8 Critical
A vulnerability in the Headquarters server component of Mitel MiVoice Connect versions 19.3 SP2 (22.24.1500.0) and earlier could allow an unauthenticated attacker with internal network access to execute arbitrary scripts due to improper access control.
CVE-2023-29746 1 Thethaiger 1 The Thaiger 2025-01-31 9.8 Critical
An issue found in The Thaiger v.1.2 for Android allows unauthorized apps to cause a code execution attack by manipulating the SharedPreference files.
CVE-2023-23304 1 Garmin 1 Connect-iq 2025-01-31 7.7 High
The GarminOS TVM component in CIQ API version 2.1.0 through 4.1.7 allows applications with a specially crafted head section to use the `Toybox.SensorHistory` module without permission. A malicious application could call any functions from the `Toybox.SensorHistory` module without the user's consent and disclose potentially private or sensitive information.
CVE-2023-21117 1 Google 1 Android 2025-01-31 8.4 High
In registerReceiverWithFeature of ActivityManagerService.java, there is a possible way for isolated processes to register a broadcast receiver due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-263358101
CVE-2022-45456 4 Acronis, Apple, Linux and 1 more 4 Agent, Macos, Linux Kernel and 1 more 2025-01-30 7.5 High
Denial of service due to unauthenticated API endpoint. The following products are affected: Acronis Agent (Windows, macOS, Linux) before build 30161.
CVE-2023-30455 1 Ebankit 1 Ebankit 2025-01-30 7.5 High
An issue was discovered in ebankIT before 7. A Denial-of-Service attack is possible through the GET parameter EStatementsIds located on the /Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx endpoint. The GET parameter accepts over 100 comma-separated e-statement IDs without throwing an error. When this many IDs are supplied, the server takes around 60 seconds to respond and successfully generate the expected ZIP archive (during this time period, no other pages load). A threat actor could issue a request to this endpoint with 100+ statement IDs every 30 seconds, potentially resulting in an overload of the server for all users.
CVE-2023-2182 1 Gitlab 1 Gitlab 2025-01-30 6.8 Medium
An issue has been discovered in GitLab EE affecting all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. Under certain conditions when OpenID Connect is enabled on an instance, it may allow users who are marked as 'external' to become 'regular' users thus leading to privilege escalation for those users.
CVE-2020-4729 1 Ibm 1 Safer Payments 2025-01-30 5.3 Medium
IBM Counter Fraud Management for Safer Payments 5.7.0.00 through 5.7.0.10, 6.0.0.00 through 6.0.0.07, 6.1.0.00 through 6.1.0.05, and 6.2.0.00 through 6.2.1.00 could allow an authenticated attacker under special circumstances to send multiple specially crafted API requests that could cause the application to crash. IBM X-Force ID: 188052.