Total
31934 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-29927 | 1 Sage | 1 Sage 300 | 2025-01-23 | N/A | 4.3 MEDIUM |
| Versions of Sage 300 through 2022 implement role-based access controls that are only enforced client-side. Low-privileged Sage users, particularly those on a workstation setup in the "Windows Peer-to-Peer Network" or "Client Server Network" Sage 300 configurations, could recover the SQL connection strings being used by Sage 300 and interact directly with the underlying database(s) to create, update, and delete all company records, bypassing the program’s role-based access controls. | |||||
| CVE-2023-31678 | 1 Videogo Project | 1 Videogo | 2025-01-23 | N/A | 5.3 MEDIUM |
| Incorrect access control in Videogo v6.8.1 allows attackers to bind shared devices after the connection has been ended. | |||||
| CVE-2023-31677 | 1 Luowice | 1 Luowice | 2025-01-23 | N/A | 7.5 HIGH |
| Insecure permissions in luowice 3.5.18 allow attackers to view information for other alarm devices via modification of the eseeid parameter. | |||||
| CVE-2023-28078 | 1 Dell | 1 Smartfabric Os10 | 2025-01-23 | N/A | 9.1 CRITICAL |
| Dell OS10 Networking Switches running 10.5.2.x and above contain a vulnerability with zeroMQ when VLT is configured. A remote unauthenticated attacker could potentially exploit this vulnerability leading to information disclosure and a possible Denial of Service when a huge number of requests are sent to the switch. This is a high severity vulnerability as it allows an attacker to view sensitive data. Dell recommends customers to upgrade at the earliest opportunity. | |||||
| CVE-2023-32484 | 1 Dell | 1 Enterprise Sonic Distribution | 2025-01-23 | N/A | 9.8 CRITICAL |
| Dell Networking Switches running Enterprise SONiC versions 4.1.0, 4.0.5, 3.5.4 and below contains an improper input validation vulnerability. A remote unauthenticated malicious user may exploit this vulnerability and escalate privileges up to the highest administrative level. This is a Critical vulnerability affecting certain protocols, Dell recommends customers to upgrade at the earliest opportunity. | |||||
| CVE-2023-39244 | 1 Dell | 1 Enterprise Storage Integrator For Sap Landscape Management | 2025-01-23 | N/A | 9.8 CRITICAL |
| DELL ESI (Enterprise Storage Integrator) for SAP LAMA, version 10.0, contains an information disclosure vulnerability in EHAC component. An remote unauthenticated attacker could potentially exploit this vulnerability by eavesdropping the network traffic to gain admin level credentials. | |||||
| CVE-2023-39245 | 1 Dell | 1 Enterprise Storage Integrator For Sap Landscape Management | 2025-01-23 | N/A | 9.8 CRITICAL |
| DELL ESI (Enterprise Storage Integrator) for SAP LAMA, version 10.0, contains an information disclosure vulnerability in EHAC component. An remote unauthenticated attacker could potentially exploit this vulnerability by eavesdropping the network traffic to gain admin level credentials. | |||||
| CVE-2023-4993 | 1 Utarit | 1 Solipay Mobile | 2025-01-23 | N/A | N/A |
| Incorrect Use of Privileged APIs vulnerability in Utarit Information Technologies SoliPay Mobile App allows Collect Data as Provided by Users.This issue affects SoliPay Mobile App: before 5.0.8. | |||||
| CVE-2023-32409 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2025-01-23 | N/A | 8.6 HIGH |
| The issue was addressed with improved bounds checks. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.8 and iPadOS 15.7.8, Safari 16.5, iOS 16.5 and iPadOS 16.5. A remote attacker may be able to break out of Web Content sandbox. Apple is aware of a report that this issue may have been actively exploited. | |||||
| CVE-2024-0622 | 1 Microfocus | 1 Operations Agent | 2025-01-23 | N/A | 7.8 HIGH |
| Local privilege escalation vulnerability affects OpenText Operations Agent product versions 12.15 and 12.20-12.25 when installed on Non-Windows platforms. The vulnerability could allow local privilege escalation. | |||||
| CVE-2024-25979 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2025-01-23 | N/A | 5.3 MEDIUM |
| The URL parameters accepted by forum search were not limited to the allowed parameters. | |||||
| CVE-2024-25980 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2025-01-23 | N/A | 5.3 MEDIUM |
| Separate Groups mode restrictions were not honored in the H5P attempts report, which would display users from other groups. By default this only provided additional access to non-editing teachers. | |||||
| CVE-2024-25981 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2025-01-23 | N/A | 5.3 MEDIUM |
| Separate Groups mode restrictions were not honored when performing a forum export, which would export forum data for all groups. By default this only provided additional access to non-editing teachers. | |||||
| CVE-2023-38606 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-01-23 | N/A | 5.5 MEDIUM |
| This issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to modify sensitive kernel state. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1. | |||||
| CVE-2023-30281 | 1 Storecommander | 1 Scquickaccounting | 2025-01-23 | N/A | 6.5 MEDIUM |
| Insecure permissions vulnerability was discovered, due to a lack of permissions’s control in scquickaccounting before v3.7.3 from Store Commander for PrestaShop, a guest can access exports from the module which can lead to leak of personnal informations from ps_customer table sush as name / surname / email | |||||
| CVE-2024-21590 | 1 Juniper | 1 Junos Os Evolved | 2025-01-23 | N/A | 6.5 MEDIUM |
| An Improper Input Validation vulnerability in Juniper Tunnel Driver (jtd) and ICMP module of Juniper Networks Junos OS Evolved allows an unauthenticated attacker within the MPLS administrative domain to send specifically crafted packets to the Routing Engine (RE) to cause a Denial of Service (DoS). When specifically crafted transit MPLS IPv4 packets are received by the Packet Forwarding Engine (PFE), these packets are internally forwarded to the RE. Continued receipt of these packets may create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS: * All versions before 21.2R3-S8-EVO; * from 21.4-EVO before 21.4R3-S6-EVO; * from 22.2-EVO before 22.2R3-S4-EVO; * from 22.3-EVO before 22.3R3-S3-EVO; * from 22.4-EVO before 22.4R3-EVO; * from 23.2-EVO before 23.2R2-EVO. * from 23.4-EVO before 23.4R1-S1-EVO. | |||||
| CVE-2023-31572 | 1 Bludit | 1 Bludit | 2025-01-23 | N/A | 8.8 HIGH |
| An issue in Bludit 4.0.0-rc-2 allows authenticated attackers to change the Administrator password and escalate privileges via a crafted request. | |||||
| CVE-2024-49060 | 1 Microsoft | 1 Azure Stack Hci | 2025-01-23 | N/A | N/A |
| Azure Stack HCI Elevation of Privilege Vulnerability | |||||
| CVE-2024-29976 | 1 Zyxel | 4 Nas326, Nas326 Firmware, Nas542 and 1 more | 2025-01-22 | N/A | N/A |
| ** UNSUPPORTED WHEN ASSIGNED ** The improper privilege management vulnerability in the command “show_allsessions” in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an authenticated attacker to obtain a logged-in administrator’s session information containing cookies on an affected device. | |||||
| CVE-2024-29975 | 1 Zyxel | 4 Nas326, Nas326 Firmware, Nas542 and 1 more | 2025-01-22 | N/A | N/A |
| ** UNSUPPORTED WHEN ASSIGNED ** The improper privilege management vulnerability in the SUID executable binary in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an authenticated local attacker with administrator privileges to execute some system commands as the “root” user on a vulnerable device. | |||||