Total
31934 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-22360 | 1 Ibm | 1 Db2 | 2025-01-31 | N/A | 6.5 MEDIUM |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to a denial of service with a specially crafted query on certain columnar tables. IBM X-Force ID: 280905. | |||||
| CVE-2023-52296 | 1 Ibm | 1 Db2 | 2025-01-31 | N/A | 5.3 MEDIUM |
| IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to denial of service when querying a specific UDF built-in function concurrently. IBM X-Force ID: 278547. | |||||
| CVE-2024-45326 | 1 Fortinet | 1 Fortideceptor | 2025-01-31 | N/A | 4.3 MEDIUM |
| An Improper Access Control vulnerability [CWE-284] in FortiDeceptor version 6.0.0, version 5.3.3 and below, version 5.2.1 and below, version 5.1.0, version 5.0.0 may allow an authenticated attacker with none privileges to perform operations on the central management appliance via crafted requests. | |||||
| CVE-2023-31444 | 1 Talend | 1 Studio | 2025-01-31 | N/A | 7.5 HIGH |
| In Talend Studio before 7.3.1-R2022-10 and 8.x before 8.0.1-R2022-09, microservices allow unauthenticated access to the Jolokia endpoint of the microservice. This allows for remote access to the JVM via the Jolokia JMX-HTTP bridge. | |||||
| CVE-2024-46665 | 1 Fortinet | 1 Fortios | 2025-01-31 | N/A | 3.7 LOW |
| An insertion of sensitive information into sent data vulnerability [CWE-201] in FortiOS 7.6.0, 7.4.0 through 7.4.4 may allow an attacker in a man-in-the-middle position to retrieve the RADIUS accounting server shared secret via intercepting accounting-requests. | |||||
| CVE-2023-38729 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, Db2 and 4 more | 2025-01-31 | N/A | 6.5 MEDIUM |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to sensitive information disclosure when using ADMIN_CMD with IMPORT or EXPORT. | |||||
| CVE-2024-2425 | 1 Rockwellautomation | 2 Powerflex 527 Ac Drives, Powerflex 527 Ac Drives Firmware | 2025-01-31 | N/A | 7.5 HIGH |
| A denial-of-service vulnerability exists in the Rockwell Automation PowerFlex® 527 due to improper input validation in the device. If exploited, the web server will crash and need a manual restart to recover it. | |||||
| CVE-2024-2426 | 1 Rockwellautomation | 2 Powerflex 527 Ac Drives, Powerflex 527 Ac Drives Firmware | 2025-01-31 | N/A | 7.5 HIGH |
| A denial-of-service vulnerability exists in the Rockwell Automation PowerFlex® 527 due to improper input validation in the device. If exploited, a disruption in the CIP communication will occur and a manual restart will be required by the user to recover it. | |||||
| CVE-2024-2427 | 1 Rockwellautomation | 2 Powerflex 527 Ac Drives, Powerflex 527 Ac Drives Firmware | 2025-01-31 | N/A | 7.5 HIGH |
| A denial-of-service vulnerability exists in the Rockwell Automation PowerFlex® 527 due to improper traffic throttling in the device. If multiple data packets are sent to the device repeatedly the device will crash and require a manual restart to recover. | |||||
| CVE-2024-24789 | 1 Golang | 1 Go | 2025-01-31 | N/A | 5.5 MEDIUM |
| The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors. | |||||
| CVE-2023-30506 | 1 Arubanetworks | 1 Edgeconnect Enterprise | 2025-01-31 | N/A | 8.8 HIGH |
| Vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface that allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as root on the underlying operating system leading to complete system compromise. | |||||
| CVE-2023-31670 | 1 Webassembly | 1 Webassembly Binary Toolkit | 2025-01-31 | N/A | 7.5 HIGH |
| An issue in wasm2c 1.0.32, wasm2wat 1.0.32, wasm-decompile 1.0.32, and wasm-validate 1.0.32 allows attackers to cause a Denial of Service (DoS) via running a crafted binary. | |||||
| CVE-2024-27254 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, Db2 and 4 more | 2025-01-31 | N/A | 6.5 MEDIUM |
| IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 federated server is vulnerable to denial of service with a specially crafted query under certain conditions. IBM X-Force ID: 283813. | |||||
| CVE-2024-52555 | 1 Jetbrains | 1 Webstorm | 2025-01-31 | N/A | 7.8 HIGH |
| In JetBrains WebStorm before 2024.3 code execution in Untrusted Project mode was possible via type definitions installer script | |||||
| CVE-2023-31595 | 1 Ic | 2 Realtime Icip-p2012t, Realtime Icip-p2012t Firmware | 2025-01-31 | N/A | 7.5 HIGH |
| IC Realtime ICIP-P2012T 2.420 is vulnerable to Incorrect Access Control via unauthenticated port access. | |||||
| CVE-2023-21117 | 1 Google | 1 Android | 2025-01-31 | N/A | 7.8 HIGH |
| In registerReceiverWithFeature of ActivityManagerService.java, there is a possible way for isolated processes to register a broadcast receiver due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-263358101 | |||||
| CVE-2023-31457 | 1 Mitel | 1 Mivoice Connect | 2025-01-31 | N/A | 9.8 CRITICAL |
| A vulnerability in the Headquarters server component of Mitel MiVoice Connect versions 19.3 SP2 (22.24.1500.0) and earlier could allow an unauthenticated attacker with internal network access to execute arbitrary scripts due to improper access control. | |||||
| CVE-2023-31458 | 1 Mitel | 1 Mivoice Connect | 2025-01-31 | N/A | 9.8 CRITICAL |
| A vulnerability in the Edge Gateway component of Mitel MiVoice Connect versions 19.3 SP2 (22.24.1500.0) and earlier could allow an unauthenticated attacker with internal network access to authenticate with administrative privileges, because initial installation does not enforce a password change. A successful exploit could allow an attacker to make arbitrary configuration changes and execute arbitrary commands. | |||||
| CVE-2023-23304 | 1 Garmin | 1 Connect-iq | 2025-01-31 | N/A | 9.1 CRITICAL |
| The GarminOS TVM component in CIQ API version 2.1.0 through 4.1.7 allows applications with a specially crafted head section to use the `Toybox.SensorHistory` module without permission. A malicious application could call any functions from the `Toybox.SensorHistory` module without the user's consent and disclose potentially private or sensitive information. | |||||
| CVE-2023-29746 | 1 Thethaiger | 1 The Thaiger | 2025-01-31 | N/A | 9.8 CRITICAL |
| An issue found in The Thaiger v.1.2 for Android allows unauthorized apps to cause a code execution attack by manipulating the SharedPreference files. | |||||