Filtered by NVD-CWE-noinfo
Total 35577 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-28762 1 Sap 1 Businessobjects Business Intelligence 2025-01-28 9.1 Critical
SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker with administrator privileges to get the login token of any logged-in BI user over the network without any user interaction. The attacker can impersonate any user on the platform resulting into accessing and modifying data. The attacker can also make the system partially or entirely unavailable.
CVE-2021-46755 1 Amd 46 Ryzen 3100, Ryzen 3100 Firmware, Ryzen 3300x and 43 more 2025-01-28 7.5 High
Failure to unmap certain SysHub mappings in error paths of the ASP (AMD Secure Processor) bootloader may allow an attacker with a malicious bootloader to exhaust the SysHub resources resulting in a potential denial of service.
CVE-2021-46753 1 Amd 132 Athlon Gold 3150g, Athlon Gold 3150g Firmware, Athlon Gold 3150ge and 129 more 2025-01-28 9.1 Critical
Failure to validate the length fields of the ASP (AMD Secure Processor) sensor fusion hub headers may allow an attacker with a malicious Uapp or ABL to map the ASP sensor fusion hub region and overwrite data structures leading to a potential loss of confidentiality and integrity.
CVE-2021-26406 1 Amd 80 Epyc 7232p, Epyc 7232p Firmware, Epyc 7251 and 77 more 2025-01-28 7.5 High
Insufficient validation in parsing Owner's Certificate Authority (OCA) certificates in SEV (AMD Secure Encrypted Virtualization) and SEV-ES user application can lead to a host crash potentially resulting in denial of service.
CVE-2021-26397 1 Amd 46 Epyc 72f3, Epyc 72f3 Firmware, Epyc 7313 and 43 more 2025-01-28 7.1 High
Insufficient address validation, may allow an attacker with a compromised ABL and UApp to corrupt sensitive memory locations potentially resulting in a loss of integrity or availability.
CVE-2021-26379 1 Amd 96 Epyc 7232p, Epyc 7232p Firmware, Epyc 7252 and 93 more 2025-01-28 9.8 Critical
Insufficient input validation of mailbox data in the SMU may allow an attacker to coerce the SMU to corrupt SMRAM, potentially leading to a loss of integrity and privilege escalation.
CVE-2021-26371 1 Amd 256 Amd 3015ce, Amd 3015ce Firmware, Amd 3015e and 253 more 2025-01-28 5.5 Medium
A compromised or malicious ABL or UApp could send a SHA256 system call to the bootloader, which may result in exposure of ASP memory to userspace, potentially leading to information disclosure.
CVE-2023-29752 1 Ekatox 1 Facemoji Emoji Keyboard 2025-01-28 7.8 High
An issue found in Facemoji Emoji Keyboard v.2.9.1.2 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the component.
CVE-2023-25650 1 Zte 1 Zxcloud Irai 2025-01-28 6.5 Medium
There is an arbitrary file download vulnerability in ZXCLOUD iRAI. Since the backend does not escape special strings or restrict paths, an attacker with user permission could access the download interface by modifying the request parameter, causing arbitrary file downloads.
CVE-2023-27510 1 Jubei 1 Jb Inquiry Form 2025-01-28 5.3 Medium
JB Inquiry form contains an exposure of private personal information to an unauthorized actor vulnerability, which may allow a remote unauthenticated attacker to obtain information entered from forms created using the affected product. The affected products and versions are as follows: JB Inquiry form versions 0.6.1 and 0.6.0, JB Inquiry form versions 0.5.2, 0.5.1 and 0.5.0, and JB Inquiry form version 0.40.
CVE-2023-22361 1 Seiko-sol 4 Skybridge Mb-a100, Skybridge Mb-a100 Firmware, Skybridge Mb-a110 and 1 more 2025-01-28 4.3 Medium
Improper privilege management vulnerability in SkyBridge MB-A100/110 firmware Ver. 4.2.0 and earlier allows a remote authenticated attacker to alter a WebUI password of the product.
CVE-2023-27563 1 N8n 1 N8n 2025-01-27 8.8 High
The n8n package 0.218.0 for Node.js allows Escalation of Privileges.
CVE-2023-31587 1 Tenda 2 Ac5, Ac5 Firmware 2025-01-27 9.8 Critical
Tenda AC5 router V15.03.06.28 was discovered to contain a remote code execution (RCE) vulnerability via the Mac parameter at ip/goform/WriteFacMac.
CVE-2023-31471 1 Gl-inet 64 Gl-a1300, Gl-a1300 Firmware, Gl-ap1300 and 61 more 2025-01-27 9.8 Critical
An issue was discovered on GL.iNet devices before 3.216. Through the software installation feature, it is possible to install arbitrary software, such as a reverse shell, because the restrictions on the available package list are limited to client-side verification. It is possible to install software from the filesystem, the package list, or a URL.
CVE-2023-31555 1 Podofo Project 1 Podofo 2025-01-27 6.5 Medium
podofoinfo 0.10.0 was discovered to contain a segmentation violation via the function PoDoFo::PdfObject::DelayedLoad.
CVE-2023-1096 1 Netapp 1 Snapcenter 2025-01-27 9.8 Critical
SnapCenter versions 4.7 prior to 4.7P2 and 4.8 prior to 4.8P1 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to gain access as an admin user.
CVE-2022-36937 1 Facebook 1 Hhvm 2025-01-27 9.8 Critical
HHVM 4.172.0 and all prior versions use TLS 1.0 for secure connections when handling tls:// URLs in the stream extension. TLS1.0 has numerous published vulnerabilities and is deprecated. HHVM 4.153.4, 4.168.2, 4.169.2, 4.170.2, 4.171.1, 4.172.1, 4.173.0 replaces TLS1.0 with TLS1.3. Applications that call stream_socket_server or stream_socket_client functions with a URL starting with tls:// are affected.
CVE-2022-26840 1 Intel 1 Quartus Prime 2025-01-27 7.3 High
Improper neutralization in the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-30258 1 Eprosima 1 Fast Dds 2025-01-27 8.2 High
FastDDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). Prior to versions 2.14.1, 2.13.5, 2.10.4, and 2.6.8, when a publisher serves a malformed `RTPS` packet, the subscriber crashes when creating `pthread`. This can remotely crash any Fast-DDS process, potentially leading to a DOS attack. Versions 2.14.1, 2.13.5, 2.10.4, and 2.6.8 contain a patch for the issue.
CVE-2023-20880 1 Vmware 2 Aria Operations, Cloud Foundation 2025-01-27 6.7 Medium
VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'.