Export limit exceeded: 339475 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 339475 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (24693 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-26556 | 1 Iofinnet | 1 Tss-lib | 2025-02-05 | 9.1 Critical |
| io.finnet tss-lib before 2.0.0 can leak a secret key via a timing side-channel attack because it relies on the scalar-multiplication implementation in Go crypto/elliptic, which is not constant time (there is an if statement in a loop). One leak is in ecdsa/keygen/round_2.go. (bnb-chain/tss-lib and thorchain/tss are also affected.) | ||||
| CVE-2022-2084 | 1 Canonical | 2 Cloud-init, Ubuntu Linux | 2025-02-05 | 5.5 Medium |
| Sensitive data could be exposed in world readable logs of cloud-init before version 22.3 when schema failures are reported. This leak could include hashed passwords. | ||||
| CVE-2022-29606 | 1 Opennetworking | 1 Onos | 2025-02-05 | 9.8 Critical |
| An issue was discovered in ONOS 2.5.1. An intent with a large port number shows the CORRUPT state, which is misleading to a network operator. Improper handling of such port numbers causes inconsistency between intent and flow rules in the network. | ||||
| CVE-2022-26006 | 1 Intel | 260 Core I5-7640x, Core I5-7640x Firmware, Core I7-3820 and 257 more | 2025-02-05 | 8.2 High |
| Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-38413 | 1 Qualcomm | 14 Fastconnect 7800, Fastconnect 7800 Firmware, Snapdragon 8 Gen 3 Mobile and 11 more | 2025-02-05 | 6.6 Medium |
| Memory corruption while processing frame packets. | ||||
| CVE-2024-38420 | 1 Qualcomm | 320 Aqt1000, Aqt1000 Firmware, Ar8035 and 317 more | 2025-02-05 | 8.8 High |
| Memory corruption while configuring a Hypervisor based input virtual device. | ||||
| CVE-2023-29469 | 3 Debian, Redhat, Xmlsoft | 5 Debian Linux, Enterprise Linux, Jboss Core Services and 2 more | 2025-02-04 | 6.5 Medium |
| An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\0' value). | ||||
| CVE-2024-13562 | 1 Importwp | 1 Import Wp | 2025-02-04 | 7.5 High |
| The Import WP – Export and Import CSV and XML files to WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.14.5 via the uploads directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads/ directory which can contain information like imported or local user data and files. | ||||
| CVE-2023-30458 | 1 Medicine Tracker System Project | 1 Medicine Tracker System | 2025-02-04 | 5.3 Medium |
| A username enumeration issue was discovered in Medicine Tracker System 1.0. The login functionality allows a malicious user to guess a valid username due to a different response time from invalid usernames. When one enters a valid username, the response time increases depending on the length of the supplied password. | ||||
| CVE-2024-36482 | 1 Intel | 2 Cip Software, Computing Improvement Program | 2025-02-04 | 8.2 High |
| Improper input validation in some Intel(R) CIP software before version 2.4.10852 may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-50386 | 1 Apache | 1 Cloudstack | 2025-02-04 | 8.5 High |
| Account users in Apache CloudStack by default are allowed to register templates to be downloaded directly to the primary storage for deploying instances. Due to missing validation checks for KVM-compatible templates in CloudStack 4.0.0 through 4.18.2.4 and 4.19.0.0 through 4.19.1.2, an attacker that can register templates, can use them to deploy malicious instances on KVM-based environments and exploit this to gain access to the host filesystems that could result in the compromise of resource integrity and confidentiality, data loss, denial of service, and availability of KVM-based infrastructure managed by CloudStack. Users are recommended to upgrade to Apache CloudStack 4.18.2.5 or 4.19.1.3, or later, which addresses this issue. Additionally, all user-registered KVM-compatible templates can be scanned and checked that they are flat files that should not be using any additional or unnecessary features. For example, operators can run the following command on their file-based primary storage(s) and inspect the output. An empty output for the disk being validated means it has no references to the host filesystems; on the other hand, if the output for the disk being validated is not empty, it might indicate a compromised disk. However, bear in mind that (i) volumes created from templates will have references for the templates at first and (ii) volumes can be consolidated while migrating, losing their references to the templates. Therefore, the command execution for the primary storages can show both false positives and false negatives. for file in $(find /path/to/storage/ -type f -regex [a-f0-9\-]*.*); do echo "Retrieving file [$file] info. If the output is not empty, that might indicate a compromised disk; check it carefully."; qemu-img info -U $file | grep file: ; printf "\n\n"; done For checking the whole template/volume features of each disk, operators can run the following command: for file in $(find /path/to/storage/ -type f -regex [a-f0-9\-]*.*); do echo "Retrieving file [$file] info."; qemu-img info -U $file; printf "\n\n"; done | ||||
| CVE-2024-45761 | 3 Dell, Linux, Microsoft | 3 Openmanage Server Administrator, Linux Kernel, Windows | 2025-02-04 | 5.4 Medium |
| Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, contains an improper input validation vulnerability. A remote low-privileged malicious user could potentially exploit this vulnerability to load any web plugins or Java class leading to the possibility of altering the behavior of certain apps/OS or Denial of Service. | ||||
| CVE-2024-25942 | 1 Dell | 50 Nx3230, Nx3230 Firmware, Nx3330 and 47 more | 2025-02-04 | 4.4 Medium |
| Dell PowerEdge Server BIOS contains an Improper SMM communication buffer verification vulnerability. A physical high privileged attacker could potentially exploit this vulnerability leading to arbitrary writes to SMRAM. | ||||
| CVE-2024-0161 | 1 Dell | 172 Dss 8440, Dss 8440 Firmware, Emc Storage Nx3240 and 169 more | 2025-02-04 | 7.2 High |
| Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A local low privileged attacker could potentially exploit this vulnerability leading to arbitrary writes to SMRAM. | ||||
| CVE-2023-29780 | 1 3reality | 2 3rsb015bz, 3rsb015bz Firmware | 2025-02-04 | 7.5 High |
| Third Reality Smart Blind 1.00.54 contains a denial-of-service vulnerability, which allows a remote attacker to send malicious Zigbee messages to a vulnerable device and cause crashes. | ||||
| CVE-2023-23837 | 2 Microsoft, Solarwinds | 2 Windows, Database Performance Analyzer | 2025-02-04 | 7.5 High |
| No exception handling vulnerability which revealed sensitive or excessive information to users. | ||||
| CVE-2024-28963 | 1 Dell | 2 Telemetry Dashboard, Thinos | 2025-02-04 | 6.2 Medium |
| Telemetry Dashboard v1.0.0.7 for Dell ThinOS 2402 contains a sensitive information disclosure vulnerability. An unauthenticated user with local access to the device could exploit this vulnerability to read sensitive proxy settings information. | ||||
| CVE-2023-26560 | 1 Northern.tech | 1 Cfengine | 2025-02-04 | 6.5 Medium |
| Northern.tech CFEngine Enterprise before 3.21.1 allows a subset of authenticated users to leverage the Scheduled Reports feature to read arbitrary files and potentially discover credentials. | ||||
| CVE-2024-47238 | 1 Dell | 16 Edge Gateway 3000, Edge Gateway 3000 Firmware, Edge Gateway 3001 and 13 more | 2025-02-04 | 7.5 High |
| Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code execution. | ||||
| CVE-2024-29961 | 1 Broadcom | 1 Brocade Sannav | 2025-02-04 | 8.2 High |
| A vulnerability affects Brocade SANnav before v2.3.1 and v2.3.0a. It allows a Brocade SANnav service to send ping commands in the background at regular intervals to gridgain.com to check if updates are available for the Component. This could make an unauthenticated, remote attacker aware of the behavior and launch a supply-chain attack against a Brocade SANnav appliance. | ||||