Total
3244 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-25962 | 1 Dell | 1 Insightiq | 2025-01-28 | 8.3 High |
| Dell InsightIQ, version 5.0, contains an improper access control vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to unauthorized access to monitoring data. | ||||
| CVE-2025-0783 | 2025-01-28 | 6.3 Medium | ||
| A vulnerability, which was classified as problematic, was found in pankajindevops scale up to 20241113. This affects an unknown part of the component API Endpoint. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. | ||||
| CVE-2023-31138 | 1 Dhis2 | 1 Dhis 2 | 2025-01-28 | 7.1 High |
| DHIS2 Core contains the service layer and Web API for DHIS2, an information system for data capture. Starting in the 2.36 branch and prior to versions 2.37.9.1, 2.38.3.1, and 2.39.1.2, using object model traversal in the payload of a PATCH request, authenticated users with write access to an object may be able to modify related objects that they should not have access to. DHIS2 implementers should upgrade to a supported version of DHIS2 to receive a patch: 2.37.9.1, 2.38.3.1, or 2.39.1.2. It is possible to work around this issue by blocking all PATCH requests on a reverse proxy, but this may cause some issues with the functionality of built-in applications using legacy PATCH requests. | ||||
| CVE-2023-32060 | 1 Dhis2 | 1 Dhis 2 | 2025-01-28 | 6.5 Medium |
| DHIS2 Core contains the service layer and Web API for DHIS2, an information system for data capture. Starting in the 2.35 branch and prior to versions 2.36.13, 2.37.8, 2.38.2, and 2.39.0, when the Category Option Combination Sharing settings are configured to control access to specific tracker program events or program stages, the `/trackedEntityInstances` and `/events` API endpoints may include all events regardless of the sharing settings applied to the category option combinations. When this specific configuration is present, users may have access to events which they should not be able to see based on the sharing settings of the category options. The events will not appear in the user interface for web-based Tracker Capture or Capture applications, but if the Android Capture App is used they will be displayed to the user. Versions 2.36.13, 2.37.8, 2.38.2, and 2.39.0 contain a fix for this issue. No workaround is known. | ||||
| CVE-2016-3427 | 8 Apache, Canonical, Debian and 5 more | 42 Cassandra, Ubuntu Linux, Debian Linux and 39 more | 2025-01-27 | 9.8 Critical |
| Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. | ||||
| CVE-2022-36369 | 2 Intel, Redhat | 3 Qatzip, Enterprise Linux, Rhel Eus | 2025-01-27 | 7.8 High |
| Improper access control in some QATzip software maintained by Intel(R) before version 1.0.9 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-22312 | 1 Intel | 82 Lapkc51e, Lapkc51e Firmware, Lapkc71e and 79 more | 2025-01-27 | 7.2 High |
| Improper access control for some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-25771 | 1 Intel | 118 Compute Stick Stk2mv64cc, Compute Stick Stk2mv64cc Firmware, Nuc 7 Enthusiast Nuc7i7bnhxg and 115 more | 2025-01-27 | 5.8 Medium |
| Improper access control for some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable denial of service via local access. | ||||
| CVE-2022-32582 | 1 Intel | 78 Nuc 11 Performance Kit Nuc11pahi3, Nuc 11 Performance Kit Nuc11pahi30z, Nuc 11 Performance Kit Nuc11pahi30z Firmware and 75 more | 2025-01-27 | 5.3 Medium |
| Improper access control in firmware for some Intel(R) NUC Boards, Intel(R) NUC 11 Performance Kit, Intel(R) NUC 11 Performance Mini PC, Intel(R) NUC Pro Compute Element may allow a privileged user to potentially enable denial of service via local access. | ||||
| CVE-2022-32578 | 1 Intel | 1 Nuc Pro Software Suite | 2025-01-27 | 6.7 Medium |
| Improper access control for the Intel(R) NUC Pro Software Suite before version 2.0.0.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-41690 | 1 Intel | 1 Retail Edge Program | 2025-01-27 | 7.1 High |
| Improper access control in the Intel(R) Retail Edge Mobile iOS application before version 3.4.7 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-46279 | 1 Intel | 1 Retail Edge Program | 2025-01-27 | 5 Medium |
| Improper access control in the Intel(R) Retail Edge android application before version 3.0.301126-RELEASE may allow an authenticated user to potentially enable information disclosure via local access. | ||||
| CVE-2022-40207 | 1 Intel | 1 System Usage Report | 2025-01-27 | 8.2 High |
| Improper access control in the Intel(R) SUR software before version 2.4.8989 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-41784 | 1 Intel | 1 One Boot Flash Update | 2025-01-27 | 8.8 High |
| Improper access control in kernel mode driver for the Intel(R) OFU software before version 14.1.30 may allow an authenticated user to potentially enable escalation of privilege via local access | ||||
| CVE-2022-42465 | 1 Intel | 1 One Boot Flash Update | 2025-01-27 | 7.2 High |
| Improper access control in kernel mode driver for the Intel(R) OFU software before version 14.1.30 may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-22316 | 1 Ibm | 1 Sterling File Gateway | 2025-01-27 | 4.3 Medium |
| IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 could allow an authenticated user to perform unauthorized actions to another user's data due to improper access controls. | ||||
| CVE-2023-1834 | 1 Rockwellautomation | 2 Kinetix 5500, Kinetix 5500 Firmware | 2025-01-24 | 9.4 Critical |
| Rockwell Automation was made aware that Kinetix 5500 drives, manufactured between May 2022 and January 2023, and are running v7.13 may have the telnet and FTP ports open by default. This could potentially allow attackers unauthorized access to the device through the open ports. | ||||
| CVE-2023-0858 | 1 Canon | 90 I-sensys Lbp621cw, I-sensys Lbp621cw Firmware, I-sensys Lbp623cdw and 87 more | 2025-01-24 | 3.1 Low |
| Improper Authentication of RemoteUI of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger unauthorized access to the product. *:Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier sold in Japan. Color imageCLASS LBP660C Series/LBP 620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C firmware Ver.11.04 and earlier sold in US. i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series, C1127P, C1127iF, C1127i firmware Ver.11.04 and earlier sold in Europe. | ||||
| CVE-2025-0702 | 2025-01-24 | 6.3 Medium | ||
| A vulnerability classified as critical was found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d. This vulnerability affects unknown code of the file src/main/java/io/github/controller/SysFileController.java. The manipulation of the argument portraitFile leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. | ||||
| CVE-2023-23573 | 1 Intel | 1 Unite | 2025-01-24 | 4.4 Medium |
| Improper access control in the Intel(R) Unite(R) android application before Release 17 may allow a privileged user to potentially enable information disclosure via local access. | ||||