Search Results (367109 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-35201 2 Intel, Microsoft 3 Sdp Software, Server Debug And Provisioning Tool, Windows 2025-02-04 6.7 Medium
Incorrect default permissions in the Intel(R) SDP Tool for Windows software all versions may allow an authenticated user to enable escalation of privilege via local access.
CVE-2024-36253 2 Intel, Microsoft 3 Sdp Software, Server Debug And Provisioning Tool, Windows 2025-02-04 6.7 Medium
Uncontrolled search path in the Intel(R) SDP Tool for Windows software all version may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-43489 1 Intel 1 Computing Improvement Program 2025-02-04 5.5 Medium
Improper access control for some Intel(R) CIP software before version 2.4.10717 may allow an authenticated user to potentially enable denial of service via local access.
CVE-2024-36276 1 Intel 2 *, Computing Improvement Program 2025-02-04 6.7 Medium
Insecure inherited permissions for some Intel(R) CIP software before version 2.4.10852 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-36482 1 Intel 2 Cip Software, Computing Improvement Program 2025-02-04 8.2 High
Improper input validation in some Intel(R) CIP software before version 2.4.10852 may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2024-50386 1 Apache 1 Cloudstack 2025-02-04 8.5 High
Account users in Apache CloudStack by default are allowed to register templates to be downloaded directly to the primary storage for deploying instances. Due to missing validation checks for KVM-compatible templates in CloudStack 4.0.0 through 4.18.2.4 and 4.19.0.0 through 4.19.1.2, an attacker that can register templates, can use them to deploy malicious instances on KVM-based environments and exploit this to gain access to the host filesystems that could result in the compromise of resource integrity and confidentiality, data loss, denial of service, and availability of KVM-based infrastructure managed by CloudStack. Users are recommended to upgrade to Apache CloudStack 4.18.2.5 or 4.19.1.3, or later, which addresses this issue. Additionally, all user-registered KVM-compatible templates can be scanned and checked that they are flat files that should not be using any additional or unnecessary features. For example, operators can run the following command on their file-based primary storage(s) and inspect the output. An empty output for the disk being validated means it has no references to the host filesystems; on the other hand, if the output for the disk being validated is not empty, it might indicate a compromised disk. However, bear in mind that (i) volumes created from templates will have references for the templates at first and (ii) volumes can be consolidated while migrating, losing their references to the templates. Therefore, the command execution for the primary storages can show both false positives and false negatives. for file in $(find /path/to/storage/ -type f -regex [a-f0-9\-]*.*); do echo "Retrieving file [$file] info. If the output is not empty, that might indicate a compromised disk; check it carefully."; qemu-img info -U $file | grep file: ; printf "\n\n"; done For checking the whole template/volume features of each disk, operators can run the following command: for file in $(find /path/to/storage/ -type f -regex [a-f0-9\-]*.*); do echo "Retrieving file [$file] info."; qemu-img info -U $file; printf "\n\n"; done
CVE-2022-43936 1 Broadcom 1 Brocade Sannav 2025-02-04 6.8 Medium
Brocade SANnav versions before 2.2.2 log Brocade Fabric OS switch passwords when debugging is enabled.
CVE-2022-43937 1 Broadcom 1 Brocade Sannav 2025-02-04 5.7 Medium
Possible information exposure through log file vulnerability where sensitive fields are recorded in the debug-enabled logs when debugging is turned on in Brocade SANnav before 2.3.0 and 2.2.2a
CVE-2022-43935 1 Broadcom 1 Brocade Sannav 2025-02-04 5.3 Medium
An information exposure through log file vulnerability exists in Brocade SANnav before Brocade SANnav 2.2.2, where Brocade Fabric OS Switch passwords and authorization IDs are printed in the embedded MLS DB file.
CVE-2023-20870 1 Vmware 2 Fusion, Workstation 2025-02-04 6 Medium
VMware Workstation and Fusion contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine.
CVE-2023-20869 1 Vmware 2 Fusion, Workstation 2025-02-04 8.2 High
VMware Workstation (17.x) and VMware Fusion (13.x) contain a stack-based buffer-overflow vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine.
CVE-2023-1624 1 Wpcode 1 Wpcode 2025-02-04 6.5 Medium
The WPCode WordPress plugin before 2.0.9 has a flawed CSRF when deleting log, and does not ensure that the file to be deleted is inside the expected folder. This could allow attackers to make users with the wpcode_activate_snippets capability delete arbitrary log files on the server, including outside of the blog folders
CVE-2023-1126 1 Wp Fevents Book Project 1 Wp Fevents Book 2025-02-04 5.4 Medium
The WP FEvents Book WordPress plugin through 0.46 does not sanitise and escape some parameters, which could allow any authenticated users, such as subscriber to perform Cross-Site Scripting attacks
CVE-2022-45291 1 Pwsdashboard 1 Personal Weather Station Dashboard 2025-02-04 7.2 High
PWS Personal Weather Station Dashboard (PWS_Dashboard) LTS December 2020 (2012_lts) allows remote code execution by injecting PHP code into settings.php. Attacks can use the PWS_printfile.php, PWS_frame_text.php, PWS_listfile.php, PWS_winter.php, and PWS_easyweathersetup.php endpoints. A contributing factor is a hardcoded login password of support, which is not documented. (This is not the same as the documented setup password, which is 12345.) The issue was fixed in late 2022.
CVE-2022-36400 1 Intel 7 Nuc 8 Rugged Kit Nuc8cchkr, Nuc Board Nuc8cchb, Nuc Kit Nuc5pgyh and 4 more 2025-02-04 6.7 Medium
Path traversal in the installer software for some Intel(r) NUC Kit Wireless Adapter drivers for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2022-36384 1 Intel 7 Nuc 8 Rugged Kit Nuc8cchkr, Nuc Board Nuc8cchb, Nuc Kit Nuc5pgyh and 4 more 2025-02-04 6.7 Medium
Unquoted search path in the installer software for some Intel(r) NUC Kit Wireless Adapter drivers for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2022-36380 1 Intel 7 Nuc 8 Rugged Kit Nuc8cchkr, Nuc Board Nuc8cchb, Nuc Kit Nuc5pgyh and 4 more 2025-02-04 6.7 Medium
Uncontrolled search path in the installer software for some Intel(r) NUC Kit Wireless Adapter drivers for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2022-21198 1 Intel 894 Celeron 1000m, Celeron 1000m Firmware, Celeron 1005m and 891 more 2025-02-04 7.9 High
Time-of-check time-of-use race condition in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2022-43934 1 Broadcom 1 Brocade Sannav 2025-02-04 6.5 Medium
Brocade SANnav before Brocade SANnav 2.2.2 supports key exchange algorithms, which are considered weak on ports 24, 6514, 18023, 19094, and 19095.
CVE-2022-43933 1 Broadcom 1 Brocade Sannav 2025-02-04 4.4 Medium
An information exposure through log file vulnerability exists in Brocade SANnav before Brocade SANnav 2.2.2, where configuration secrets are logged in supportsave. Supportsave file is generated by an admin user troubleshooting the switch. The Logged information may include usernames and passwords, and secret keys.