Total
35577 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-1526 | 1 Hp | 15 Designjet Z6, Designjet Z6 Firmware, Designjet Z6dr and 12 more | 2025-01-30 | 4.6 Medium |
| Certain DesignJet and PageWide XL TAA compliant models may have risk of potential information disclosure if the hard disk drive is physically removed from the printer. | ||||
| CVE-2023-25930 | 3 Ibm, Linux, Microsoft | 3 Db2, Linux Kernel, Windows | 2025-01-30 | 5.9 Medium |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.1, 11.1, and 11.5 is vulnerable to a denial of service. Under rare conditions, setting a special register may cause the Db2 server to terminate abnormally. IBM X-Force ID: 247862. | ||||
| CVE-2023-29058 | 1 Lenovo | 218 Thinkagile Hx1021, Thinkagile Hx1021 Firmware, Thinkagile Hx1320 and 215 more | 2025-01-30 | 6.4 Medium |
| A valid, authenticated XCC user with read-only permissions can modify custom user roles on other user accounts and the user trespass message through the XCC CLI. There is no exposure if SSH is disabled or if there are no users assigned optional read-only permissions. | ||||
| CVE-2023-29057 | 1 Lenovo | 218 Thinkagile Hx1021, Thinkagile Hx1021 Firmware, Thinkagile Hx1320 and 215 more | 2025-01-30 | 7.3 High |
| A valid XCC user's local account permissions overrides their active directory permissions under specific configurations. This could lead to a privilege escalation. To be vulnerable, LDAP must be configured for authentication/authorization and logins configured as “Local First, then LDAP”. | ||||
| CVE-2023-29056 | 1 Lenovo | 218 Thinkagile Hx1021, Thinkagile Hx1021 Firmware, Thinkagile Hx1320 and 215 more | 2025-01-30 | 5.3 Medium |
| A valid LDAP user, under specific conditions, will default to read-only permissions when authenticating into XCC. To be vulnerable, XCC must be configured to use an LDAP server for Authentication/Authorization and have the login permission attribute not defined. | ||||
| CVE-2023-25496 | 1 Lenovo | 1 Drivers Management | 2025-01-30 | 7.8 High |
| A privilege escalation vulnerability was reported in Lenovo Drivers Management Lenovo Driver Manager that could allow a local user to execute code with elevated privileges. | ||||
| CVE-2017-11197 | 1 Cyberark | 1 Viewfinity | 2025-01-30 | 7.8 High |
| In CyberArk Viewfinity 5.5.10.95 and 6.x before 6.1.1.220, a low privilege user can escalate to an administrative user via a bug within the "add printer" option. | ||||
| CVE-2023-29868 | 1 Zammad | 1 Zammad | 2025-01-30 | 6.5 Medium |
| Zammad 5.3.x (Fixed in 5.4.0) is vulnerable to Incorrect Access Control. An authenticated attacker with agent and customer roles could perform unauthorized changes on articles where they only have customer permissions. | ||||
| CVE-2023-29867 | 1 Zammad | 1 Zammad | 2025-01-30 | 6.5 Medium |
| Zammad 5.3.x (Fixed 5.4.0) is vulnerable to Incorrect Access Control. An authenticated attacker could gain information about linked accounts of users involved in their tickets using the Zammad API. | ||||
| CVE-2023-27108 | 1 Kaiostech | 1 Kaios | 2025-01-30 | 5.3 Medium |
| An issue was discovered in KaiOS 3.0. The pre-installed Communications application exposes a Web Activity that returns the user's call log without origin or permission checks. An attacker can inject a JavaScript payload that runs in a browser or app without user interaction or consent. This allows an attacker to send the user's call logs to a remote server via XMLHttpRequest or Fetch. | ||||
| CVE-2023-26987 | 1 Konga Project | 1 Konga | 2025-01-30 | 6.5 Medium |
| An issue discovered in Konga 0.14.9 allows remote attackers to manipulate user accounts regardless of privilege via crafted POST request. | ||||
| CVE-2022-31643 | 1 Hp | 182 Dragonfly Folio G3, Dragonfly Folio G3 Firmware, Elite Dragonfly G2 and 179 more | 2025-01-30 | 5.5 Medium |
| A potential security vulnerability has been identified in the system BIOS for certain HP PC products which may allow loss of integrity. HP is releasing firmware updates to mitigate the potential vulnerability. | ||||
| CVE-2023-2360 | 1 Acronis | 1 Cyber Infrastructure | 2025-01-30 | 7.5 High |
| Sensitive information disclosure due to CORS misconfiguration. The following products are affected: Acronis Cyber Infrastructure (ACI) before build 5.2.0-135. | ||||
| CVE-2022-41736 | 2 Ibm, Linux | 2 Spectrum Scale Container Native Storage Access, Linux Kernel | 2025-01-30 | 8.4 High |
| IBM Spectrum Scale Container Native Storage Access 5.1.2.1 through 5.1.6.0 contains an unspecified vulnerability that could allow a local user to obtain root privileges. IBM X-Force ID: 237810. | ||||
| CVE-2023-30441 | 2 Ibm, Redhat | 6 Infosphere Information Server, Java, Websphere Application Server and 3 more | 2025-01-30 | 7.5 High |
| IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8.0.7.0 through 8.0.7.11 components could expose sensitive information using a combination of flaws and configurations. IBM X-Force ID: 253188. | ||||
| CVE-2023-1204 | 1 Gitlab | 1 Gitlab | 2025-01-30 | 4.3 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.1 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A user could use an unverified email as a public email and commit email by sending a specifically crafted request on user update settings. | ||||
| CVE-2022-47876 | 1 Jedox | 1 Jedox | 2025-01-30 | 9.1 Critical |
| The integrator in Jedox GmbH Jedox 2020.2.5 allows remote authenticated users to create Jobs to execute arbitrary code via Groovy-scripts. | ||||
| CVE-2023-30859 | 1 Triton Project | 1 Triton | 2025-01-30 | 7.2 High |
| Triton is a Minecraft plugin for Spigot and BungeeCord that helps you translate your Minecraft server. The CustomPayload packet allows you to execute commands on the spigot/bukkit console. When you enable bungee mode in the config it will enable the bungee bridge and the server will begin to broadcast the 'triton:main' plugin channel. Using this plugin channel you are able to send a payload packet containing a byte (2) and a string (any spigot command). This could be used to make yourself a server operator and be used to extract other user information through phishing (pretending to be an admin), many servers use essentials so the /geoip command could be available to them, etc. This could also be modified to allow you to set the servers language, set another players language, etc. This issue affects those who have bungee enabled in config. This issue has been fixed in version 3.8.4. | ||||
| CVE-2023-28092 | 1 Hp | 4 Integrated Lights-out, Integrated Lights-out Firmware, Proliant Rl300 and 1 more | 2025-01-30 | 6.1 Medium |
| A potential security vulnerability has been identified in HPE ProLiant RL300 Gen11 Server. The vulnerability could result in the system being vulnerable to exploits by attackers with physical access inside the server chassis. | ||||
| CVE-2023-0896 | 1 Lenovo | 2 Smart Clock Essential With Alexa Built In, Smart Clock Essential With Alexa Built In Firmware | 2025-01-30 | 8.8 High |
| A default password was reported in Lenovo Smart Clock Essential with Alexa Built In that could allow unauthorized device access to an attacker with local network access. | ||||