Total
3078 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-43702 | 1 Arm | 6 Arm Compiler, Arm Compiler For Embedded Fusa, Arm Compiler For Functional Safety and 3 more | 2025-02-13 | 7.8 High |
| When the directory containing the installer does not have sufficiently restrictive file permissions, an attacker can modify (or replace) the installer to execute malicious code. | ||||
| CVE-2022-23513 | 1 Pi-hole | 1 Adminlte | 2025-02-13 | 5.3 Medium |
| Pi-Hole is a network-wide ad blocking via your own Linux hardware, AdminLTE is a Pi-hole Dashboard for stats and more. In case of an attack, the threat actor will obtain the ability to perform an unauthorized query for blocked domains on `queryads` endpoint. In the case of application, this vulnerability exists because of a lack of validation in code on a root server path: `/admin/scripts/pi-hole/phpqueryads.php.` Potential threat actor(s) are able to perform an unauthorized query search in blocked domain lists. This could lead to the disclosure for any victims' personal blacklists. | ||||
| CVE-2023-40170 | 1 Jupyter | 1 Jupyter Server | 2025-02-13 | 4.6 Medium |
| jupyter-server is the backend for Jupyter web applications. Improper cross-site credential checks on `/files/` URLs could allow exposure of certain file contents, or accessing files when opening untrusted files via "Open image in new tab". This issue has been addressed in commit `87a49272728` which has been included in release `2.7.2`. Users are advised to upgrade. Users unable to upgrade may use the lower performance `--ContentsManager.files_handler_class=jupyter_server.files.handlers.FilesHandler`, which implements the correct checks. | ||||
| CVE-2023-3431 | 2 Fedoraproject, Plantuml | 2 Fedora, Plantuml | 2025-02-13 | 5.3 Medium |
| Improper Access Control in GitHub repository plantuml/plantuml prior to 1.2023.9. | ||||
| CVE-2023-31242 | 1 Openautomationsoftware | 1 Oas Platform | 2025-02-13 | 8.1 High |
| An authentication bypass vulnerability exists in the OAS Engine functionality of Open Automation Software OAS Platform v18.00.0072. A specially-crafted series of network requests can lead to arbitrary authentication. An attacker can send a sequence of requests to trigger this vulnerability. | ||||
| CVE-2023-25775 | 2 Intel, Redhat | 3 Ethernet Controller Rdma Driver For Linux, Enterprise Linux, Rhel Extras Rt | 2025-02-13 | 5.6 Medium |
| Improper access control in the Intel(R) Ethernet Controller RDMA driver for linux before version 1.9.30 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | ||||
| CVE-2023-23908 | 3 Debian, Fedoraproject, Intel | 275 Debian Linux, Fedora, Microcode and 272 more | 2025-02-13 | 6 Medium |
| Improper access control in some 3rd Generation Intel(R) Xeon(R) Scalable processors may allow a privileged user to potentially enable information disclosure via local access. | ||||
| CVE-2023-21980 | 2 Oracle, Redhat | 3 Mysql, Enterprise Linux, Rhel Software Collections | 2025-02-13 | 7.1 High |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs). Supported versions that are affected are 5.7.41 and prior and 8.0.32 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H). | ||||
| CVE-2022-40964 | 4 Debian, Fedoraproject, Intel and 1 more | 20 Debian Linux, Fedora, Killer and 17 more | 2025-02-13 | 7.9 High |
| Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-37343 | 1 Intel | 228 Atom C3308, Atom C3308 Firmware, Atom C3336 and 225 more | 2025-02-13 | 7.2 High |
| Improper access control in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-29871 | 2 Intel, Intel Csme Software Installer | 432 Atom X5-e3930, Atom X5-e3940, Atom X6200fe and 429 more | 2025-02-13 | 6.7 Medium |
| Improper access control in the Intel(R) CSME software installer before version 2239.3.7.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-27635 | 4 Debian, Fedoraproject, Intel and 1 more | 20 Debian Linux, Fedora, Killer and 17 more | 2025-02-13 | 8.2 High |
| Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2021-26559 | 1 Apache | 1 Airflow | 2025-02-13 | 6.5 Medium |
| Improper Access Control on Configurations Endpoint for the Stable API of Apache Airflow allows users with Viewer or User role to get Airflow Configurations including sensitive information even when `[webserver] expose_config` is set to `False` in `airflow.cfg`. This allowed a privilege escalation attack. This issue affects Apache Airflow 2.0.0. | ||||
| CVE-2021-26118 | 3 Apache, Netapp, Redhat | 3 Activemq Artemis, Oncommand Workflow Automation, Amq Broker | 2025-02-13 | 7.5 High |
| While investigating ARTEMIS-2964 it was found that the creation of advisory messages in the OpenWire protocol head of Apache ActiveMQ Artemis 2.15.0 bypassed policy based access control for the entire session. Production of advisory messages was not subject to access control in error. | ||||
| CVE-2018-16838 | 2 Fedoraproject, Redhat | 2 Sssd, Enterprise Linux | 2025-02-13 | N/A |
| A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access. | ||||
| CVE-2024-36293 | 2025-02-13 | 6.5 Medium | ||
| Improper access control in the EDECCSSA user leaf function for some Intel(R) Processors with Intel(R) SGX may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2024-36080 | 1 Westernmo | 1 Edw 100 | 2025-02-13 | 9.8 Critical |
| Westermo EDW-100 devices through 2024-05-03 have a hidden root user account with a hardcoded password that cannot be changed. NOTE: this is a serial-to-Ethernet converter that should not be placed at the edge of the network. | ||||
| CVE-2024-35433 | 1 Zkteco | 1 Zkbio Cvsecurity | 2025-02-13 | 8.1 High |
| ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Incorrect Access Control. An authenticated user, without the permissions of managing users, can create a new admin user. | ||||
| CVE-2024-35396 | 1 Totolink | 1 Cp900 | 2025-02-13 | 9.8 Critical |
| TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a hardcoded password for telnet in /web_cste/cgi-bin/product.ini, which allows attackers to log in as root. | ||||
| CVE-2023-43849 | 1 Aten | 1 Pe6208 | 2025-02-13 | 6.5 Medium |
| Incorrect access control in firmware upgrade function of web interface in Aten PE6208 2.3.228 and 2.4.232 allows remote authenticated users to submit a firmware image via HTTP POST requests. This may result in DoS or remote code execution. | ||||