Search Results (366988 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-46665 1 Fortinet 1 Fortios 2025-01-31 3.5 Low
An insertion of sensitive information into sent data vulnerability [CWE-201] in FortiOS 7.6.0, 7.4.0 through 7.4.4 may allow an attacker in a man-in-the-middle position to retrieve the RADIUS accounting server shared secret via intercepting accounting-requests.
CVE-2024-25951 1 Dell 1 Idrac8 2025-01-31 8 High
A command injection vulnerability exists in local RACADM. A malicious authenticated user could gain control of the underlying operating system.
CVE-2024-22452 1 Dell 1 Display And Peripheral Manager 2025-01-31 7.3 High
Dell Display and Peripheral Manager for macOS prior to 1.3 contains an improper access control vulnerability. A low privilege user could potentially exploit this vulnerability by modifying files in the installation folder to execute arbitrary code, leading to privilege escalation.
CVE-2023-48674 1 Dell 346 Latitude 5280, Latitude 5280 Firmware, Latitude 5288 and 343 more 2025-01-31 6.8 Medium
Dell Platform BIOS contains an Improper Null Termination vulnerability. A high privilege user with network access to the system could potentially send malicious data to the device in order to cause some services to cease to function.
CVE-2023-39254 1 Dell 1 Update Package Framework 2025-01-31 6.7 Medium
Dell Update Package (DUP), Versions prior to 4.9.10 contain an Uncontrolled Search Path vulnerability. A malicious user with local access to the system could potentially exploit this vulnerability to run arbitrary code as admin.
CVE-2024-37369 1 Rockwellautomation 1 Factorytalk View 2025-01-31 8.8 High
A privilege escalation vulnerability exists in the affected product. The vulnerability allows low-privilege users to edit scripts, bypassing Access Control Lists, and potentially gaining further access within the system.
CVE-2024-37368 1 Rockwellautomation 1 Factorytalk View 2025-01-31 7.5 High
A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE. The vulnerability allows a user from a remote system with FTView to send a packet to the customer’s server to view an HMI project. Due to the lack of proper authentication, this action is allowed without proper authentication verification.
CVE-2023-38729 5 Hp, Ibm, Linux and 2 more 8 Hp-ux, Aix, Db2 and 5 more 2025-01-31 6.8 Medium
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to sensitive information disclosure when using ADMIN_CMD with IMPORT or EXPORT.
CVE-2024-2427 1 Rockwellautomation 2 Powerflex 527 Ac Drives, Powerflex 527 Ac Drives Firmware 2025-01-31 7.5 High
A denial-of-service vulnerability exists in the Rockwell Automation PowerFlex® 527 due to improper traffic throttling in the device. If multiple data packets are sent to the device repeatedly the device will crash and require a manual restart to recover.
CVE-2024-2426 1 Rockwellautomation 2 Powerflex 527 Ac Drives, Powerflex 527 Ac Drives Firmware 2025-01-31 7.5 High
A denial-of-service vulnerability exists in the Rockwell Automation PowerFlex® 527 due to improper input validation in the device. If exploited, a disruption in the CIP communication will occur and a manual restart will be required by the user to recover it.
CVE-2024-2425 1 Rockwellautomation 2 Powerflex 527 Ac Drives, Powerflex 527 Ac Drives Firmware 2025-01-31 7.5 High
A denial-of-service vulnerability exists in the Rockwell Automation PowerFlex® 527 due to improper input validation in the device. If exploited, the web server will crash and need a manual restart to recover it.
CVE-2024-0154 1 Dell 248 Dss 8440, Dss 8440 Firmware, Emc Xc Core 6420 System and 245 more 2025-01-31 3.8 Low
Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper parameter initialization vulnerability. A local low privileged attacker could potentially exploit this vulnerability to read the contents of non-SMM stack memory.
CVE-2024-0173 1 Dell 248 Dss 8440, Dss 8440 Firmware, Emc Xc Core 6420 System and 245 more 2025-01-31 3.8 Low
Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper parameter initialization vulnerability. A local low privileged attacker could potentially exploit this vulnerability to read the contents of non-SMM stack memory.
CVE-2023-30443 5 Hp, Ibm, Linux and 2 more 6 Hp-ux, Aix, Db2 and 3 more 2025-01-31 5.3 Medium
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query.
CVE-2024-41762 1 Ibm 1 Db2 2025-01-31 5.3 Medium
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.
CVE-2024-41761 2 Ibm, Linux 3 Db2, Linux On Ibm Z, Linux Kernel 2025-01-31 5.3 Medium
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.
CVE-2024-45824 1 Rockwellautomation 1 Factorytalk View 2025-01-31 9.8 Critical
CVE-2024-45824 IMPACT A remote code vulnerability exists in the affected products. The vulnerability occurs when chained with Path Traversal, Command Injection, and XSS Vulnerabilities and allows for full unauthenticated remote code execution. The link in the mitigations section below contains patches to fix this issue.
CVE-2024-47554 1 Redhat 1 Amq Streams 2025-01-31 4.3 Medium
Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input. This issue affects Apache Commons IO: from 2.0 before 2.14.0. Users are recommended to upgrade to version 2.14.0 or later, which fixes the issue.
CVE-2023-31893 1 Telefonica 2 Brasil Vivo Play, Brasil Vivo Play Firmware 2025-01-31 7.5 High
Telefnica Brasil Vivo Play (IPTV) Firmware: 2023.04.04.01.06.15 is vulnerable to Denial of Service (DoS) via DNS Recursion.
CVE-2023-31670 1 Webassembly 1 Webassembly Binary Toolkit 2025-01-31 7.5 High
An issue in wasm2c 1.0.32, wasm2wat 1.0.32, wasm-decompile 1.0.32, and wasm-validate 1.0.32 allows attackers to cause a Denial of Service (DoS) via running a crafted binary.