Filtered by NVD-CWE-noinfo
Total 35577 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-1526 1 Hp 15 Designjet Z6, Designjet Z6 Firmware, Designjet Z6dr and 12 more 2025-01-30 4.6 Medium
Certain DesignJet and PageWide XL TAA compliant models may have risk of potential information disclosure if the hard disk drive is physically removed from the printer.
CVE-2023-25930 3 Ibm, Linux, Microsoft 3 Db2, Linux Kernel, Windows 2025-01-30 5.9 Medium
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.1, 11.1, and 11.5 is vulnerable to a denial of service. Under rare conditions, setting a special register may cause the Db2 server to terminate abnormally. IBM X-Force ID: 247862.
CVE-2023-29058 1 Lenovo 218 Thinkagile Hx1021, Thinkagile Hx1021 Firmware, Thinkagile Hx1320 and 215 more 2025-01-30 6.4 Medium
A valid, authenticated XCC user with read-only permissions can modify custom user roles on other user accounts and the user trespass message through the XCC CLI. There is no exposure if SSH is disabled or if there are no users assigned optional read-only permissions.
CVE-2023-29057 1 Lenovo 218 Thinkagile Hx1021, Thinkagile Hx1021 Firmware, Thinkagile Hx1320 and 215 more 2025-01-30 7.3 High
A valid XCC user's local account permissions overrides their active directory permissions under specific configurations. This could lead to a privilege escalation. To be vulnerable, LDAP must be configured for authentication/authorization and logins configured as “Local First, then LDAP”.
CVE-2023-29056 1 Lenovo 218 Thinkagile Hx1021, Thinkagile Hx1021 Firmware, Thinkagile Hx1320 and 215 more 2025-01-30 5.3 Medium
A valid LDAP user, under specific conditions, will default to read-only permissions when authenticating into XCC. To be vulnerable, XCC must be configured to use an LDAP server for Authentication/Authorization and have the login permission attribute not defined.
CVE-2023-25496 1 Lenovo 1 Drivers Management 2025-01-30 7.8 High
A privilege escalation vulnerability was reported in Lenovo Drivers Management Lenovo Driver Manager that could allow a local user to execute code with elevated privileges.
CVE-2017-11197 1 Cyberark 1 Viewfinity 2025-01-30 7.8 High
In CyberArk Viewfinity 5.5.10.95 and 6.x before 6.1.1.220, a low privilege user can escalate to an administrative user via a bug within the "add printer" option.
CVE-2023-29868 1 Zammad 1 Zammad 2025-01-30 6.5 Medium
Zammad 5.3.x (Fixed in 5.4.0) is vulnerable to Incorrect Access Control. An authenticated attacker with agent and customer roles could perform unauthorized changes on articles where they only have customer permissions.
CVE-2023-29867 1 Zammad 1 Zammad 2025-01-30 6.5 Medium
Zammad 5.3.x (Fixed 5.4.0) is vulnerable to Incorrect Access Control. An authenticated attacker could gain information about linked accounts of users involved in their tickets using the Zammad API.
CVE-2023-27108 1 Kaiostech 1 Kaios 2025-01-30 5.3 Medium
An issue was discovered in KaiOS 3.0. The pre-installed Communications application exposes a Web Activity that returns the user's call log without origin or permission checks. An attacker can inject a JavaScript payload that runs in a browser or app without user interaction or consent. This allows an attacker to send the user's call logs to a remote server via XMLHttpRequest or Fetch.
CVE-2023-26987 1 Konga Project 1 Konga 2025-01-30 6.5 Medium
An issue discovered in Konga 0.14.9 allows remote attackers to manipulate user accounts regardless of privilege via crafted POST request.
CVE-2022-31643 1 Hp 182 Dragonfly Folio G3, Dragonfly Folio G3 Firmware, Elite Dragonfly G2 and 179 more 2025-01-30 5.5 Medium
A potential security vulnerability has been identified in the system BIOS for certain HP PC products which may allow loss of integrity. HP is releasing firmware updates to mitigate the potential vulnerability.
CVE-2023-2360 1 Acronis 1 Cyber Infrastructure 2025-01-30 7.5 High
Sensitive information disclosure due to CORS misconfiguration. The following products are affected: Acronis Cyber Infrastructure (ACI) before build 5.2.0-135.
CVE-2022-41736 2 Ibm, Linux 2 Spectrum Scale Container Native Storage Access, Linux Kernel 2025-01-30 8.4 High
IBM Spectrum Scale Container Native Storage Access 5.1.2.1 through 5.1.6.0 contains an unspecified vulnerability that could allow a local user to obtain root privileges. IBM X-Force ID: 237810.
CVE-2023-30441 2 Ibm, Redhat 6 Infosphere Information Server, Java, Websphere Application Server and 3 more 2025-01-30 7.5 High
IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8.0.7.0 through 8.0.7.11 components could expose sensitive information using a combination of flaws and configurations. IBM X-Force ID: 253188.
CVE-2023-1204 1 Gitlab 1 Gitlab 2025-01-30 4.3 Medium
An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.1 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A user could use an unverified email as a public email and commit email by sending a specifically crafted request on user update settings.
CVE-2022-47876 1 Jedox 1 Jedox 2025-01-30 9.1 Critical
The integrator in Jedox GmbH Jedox 2020.2.5 allows remote authenticated users to create Jobs to execute arbitrary code via Groovy-scripts.
CVE-2023-30859 1 Triton Project 1 Triton 2025-01-30 7.2 High
Triton is a Minecraft plugin for Spigot and BungeeCord that helps you translate your Minecraft server. The CustomPayload packet allows you to execute commands on the spigot/bukkit console. When you enable bungee mode in the config it will enable the bungee bridge and the server will begin to broadcast the 'triton:main' plugin channel. Using this plugin channel you are able to send a payload packet containing a byte (2) and a string (any spigot command). This could be used to make yourself a server operator and be used to extract other user information through phishing (pretending to be an admin), many servers use essentials so the /geoip command could be available to them, etc. This could also be modified to allow you to set the servers language, set another players language, etc. This issue affects those who have bungee enabled in config. This issue has been fixed in version 3.8.4.
CVE-2023-28092 1 Hp 4 Integrated Lights-out, Integrated Lights-out Firmware, Proliant Rl300 and 1 more 2025-01-30 6.1 Medium
A potential security vulnerability has been identified in HPE ProLiant RL300 Gen11 Server. The vulnerability could result in the system being vulnerable to exploits by attackers with physical access inside the server chassis.
CVE-2023-0896 1 Lenovo 2 Smart Clock Essential With Alexa Built In, Smart Clock Essential With Alexa Built In Firmware 2025-01-30 8.8 High
A default password was reported in Lenovo Smart Clock Essential with Alexa Built In that could allow unauthorized device access to an attacker with local network access.