Total
29330 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-26270 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2025-01-28 | 6.5 Medium |
| The Account Settings page in Liferay Portal 7.4.3.76 through 7.4.3.99, and Liferay DXP 2023.Q3 before patch 5, and 7.4 update 76 through 92 embeds the user’s hashed password in the page’s HTML source, which allows man-in-the-middle attackers to steal a user's hashed password. | ||||
| CVE-2024-25962 | 1 Dell | 1 Insightiq | 2025-01-28 | 8.3 High |
| Dell InsightIQ, version 5.0, contains an improper access control vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to unauthorized access to monitoring data. | ||||
| CVE-2022-38090 | 1 Intel | 454 Celeron J1750, Celeron J1750 Firmware, Celeron J1800 and 451 more | 2025-01-28 | 6 Medium |
| Improper isolation of shared resources in some Intel(R) Processors when using Intel(R) Software Guard Extensions may allow a privileged user to potentially enable information disclosure via local access. | ||||
| CVE-2024-23591 | 1 Lenovo | 2 Thinksystem Sr670 V2, Thinksystem Sr670 V2 Firmware | 2025-01-28 | 2 Low |
| ThinkSystem SR670V2 servers manufactured from approximately June 2021 to July 2023 were left in Manufacturing Mode which could allow an attacker with privileged logical access to the host or physical access to server internals to modify or disable Intel Boot Guard firmware integrity, SPS security, and other SPS configuration setting. The server’s NIST SP 800-193-compliant Platform Firmware Resiliency (PFR) security subsystem significantly mitigates this issue. | ||||
| CVE-2023-24489 | 1 Citrix | 1 Sharefile Storage Zones Controller | 2025-01-27 | 9.8 Critical |
| A vulnerability has been discovered in the customer-managed ShareFile storage zones controller which, if exploited, could allow an unauthenticated attacker to remotely compromise the customer-managed ShareFile storage zones controller. | ||||
| CVE-2024-1709 | 1 Connectwise | 1 Screenconnect | 2025-01-27 | 10 Critical |
| ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems. | ||||
| CVE-2024-4978 | 1 Javs | 1 Javs Viewer | 2025-01-27 | 8.4 High |
| Justice AV Solutions Viewer Setup 8.3.7.250-1 contains a malicious binary when executed and is signed with an unexpected authenticode signature. A remote, privileged threat actor may exploit this vulnerability to execute of unauthorized PowerShell commands. | ||||
| CVE-2024-38112 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-01-27 | 7.5 High |
| Windows MSHTML Platform Spoofing Vulnerability | ||||
| CVE-2024-35142 | 1 Ibm | 1 Security Verify Access Docker | 2025-01-27 | 8.4 High |
| IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a local user to escalate their privileges due to execution of unnecessary privileges. IBM X-Force ID: 292418. | ||||
| CVE-2022-40196 | 1 Intel | 1 Oneapi Dpc\+\+\/c\+\+ Compiler | 2025-01-27 | 7.8 High |
| Improper access control in the Intel(R) oneAPI DPC++/C++ Compiler before version 2022.2.1 and Intel C++ Compiler Classic before version 2021.7.1 for some Intel(R) oneAPI Toolkits before version 2022.3.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2021-0187 | 1 Intel | 106 Xeon Gold 5315y, Xeon Gold 5315y Firmware, Xeon Gold 5317 and 103 more | 2025-01-27 | 3.2 Low |
| Improper access control in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable an escalation of privilege via local access. | ||||
| CVE-2022-25987 | 1 Intel | 2 C\+\+ Compiler Classic, Oneapi Toolkits | 2025-01-27 | 8.3 High |
| Improper handling of Unicode encoding in source code to be compiled by the Intel(R) C++ Compiler Classic before version 2021.6 for Intel(R) oneAPI Toolkits before version 2022.2 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | ||||
| CVE-2022-26843 | 1 Intel | 2 Oneapi Dpc\+\+\/c\+\+ Compiler, Oneapi Toolkits | 2025-01-27 | 8.3 High |
| Insufficient visual distinction of homoglyphs presented to user in the Intel(R) oneAPI DPC++/C++ Compiler before version 2022.1 for Intel(R) oneAPI Toolkits before version 2022.2 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | ||||
| CVE-2022-26841 | 3 Intel, Linux, Microsoft | 3 Sgx Sdk, Linux Kernel, Windows | 2025-01-27 | 2.5 Low |
| Insufficient control flow management for the Intel(R) SGX SDK software for Linux before version 2.16.100.1 may allow an authenticated user to potentially enable information disclosure via local access. | ||||
| CVE-2022-33902 | 1 Intel | 1 Quartus Prime | 2025-01-27 | 7.3 High |
| Insufficient control flow management in the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-26343 | 1 Intel | 418 Xeon Bronze 3104, Xeon Bronze 3104 Firmware, Xeon Bronze 3106 and 415 more | 2025-01-27 | 8.2 High |
| Improper access control in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-36348 | 1 Intel | 1 Server Platform Services | 2025-01-27 | 8.8 High |
| Active debug code in some Intel (R) SPS firmware before version SPS_E5_04.04.04.300.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-30530 | 1 Intel | 1 Driver \& Support Assistant | 2025-01-27 | 7.8 High |
| Protection mechanism failure in the Intel(R) DSA software before version 22.4.26 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-2310 | 1 Selinc | 20 Sel-2241 Rtac Module, Sel-2241 Rtac Module Firmware, Sel-3350 and 17 more | 2025-01-27 | 6.8 Medium |
| A Channel Accessible by Non-Endpoint vulnerability in the Schweitzer Engineering Laboratories SEL Real-Time Automation Controller (RTAC) could allow a remote attacker to perform a man-in-the-middle (MiTM) that could result in denial of service. See the ACSELERATOR RTAC SEL-5033 Software instruction manual date code 20210915 for more details. | ||||
| CVE-2022-36278 | 1 Intel | 1 Battery Life Diagnostic Tool | 2025-01-27 | 8.2 High |
| Insufficient control flow management in the Intel(R) Battery Life Diagnostic Tool software before version 2.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||