Total
2030 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-30771 | 1 Apache | 2 Iotdb, Iotdb Web Workbench | 2025-02-13 | 9.8 Critical |
| Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.This issue affects the iotdb-web-workbench component on 0.13.3. iotdb-web-workbench is an optional component of IoTDB, providing a web console of the database. This problem is fixed from version 0.13.4 of iotdb-web-workbench onwards. | ||||
| CVE-2023-41078 | 1 Apple | 1 Macos | 2025-02-13 | 5.5 Medium |
| An authorization issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14. An app may be able to bypass certain Privacy preferences. | ||||
| CVE-2023-38035 | 1 Ivanti | 1 Mobileiron Sentry | 2025-02-13 | 9.8 Critical |
| A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration. | ||||
| CVE-2023-35990 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-02-13 | 3.3 Low |
| The issue was addressed with improved checks. This issue is fixed in iOS 17 and iPadOS 17, watchOS 10, iOS 16.7 and iPadOS 16.7, macOS Sonoma 14. An app may be able to identify what other apps a user has installed. | ||||
| CVE-2023-32683 | 1 Matrix | 1 Synapse | 2025-02-13 | 3.5 Low |
| Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. A discovered oEmbed or image URL can bypass the `url_preview_url_blacklist` setting potentially allowing server side request forgery or bypassing network policies. Impact is limited to IP addresses allowed by the `url_preview_ip_range_blacklist` setting (by default this only allows public IPs) and by the limited information returned to the client: 1. For discovered oEmbed URLs, any non-JSON response or a JSON response which includes non-oEmbed information is discarded. 2. For discovered image URLs, any non-image response is discarded. Systems which have URL preview disabled (via the `url_preview_enabled` setting) or have not configured a `url_preview_url_blacklist` are not affected. This issue has been addressed in version 1.85.0. Users are advised to upgrade. User unable to upgrade may also disable URL previews. | ||||
| CVE-2023-32629 | 1 Canonical | 2 Ubantu Kernel, Ubuntu Linux | 2025-02-13 | 7.8 High |
| Local privilege escalation vulnerability in Ubuntu Kernels overlayfs ovl_copy_up_meta_inode_data skip permission checks when calling ovl_do_setxattr on Ubuntu kernels | ||||
| CVE-2023-22620 | 1 Securepoint | 1 Unified Threat Management | 2025-02-13 | 7.5 High |
| An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows sessionid information disclosure via an invalid authentication attempt. This can afterwards be used to bypass the device's authentication and get access to the administrative interface. | ||||
| CVE-2023-22518 | 1 Atlassian | 2 Confluence Data Center, Confluence Server | 2025-02-13 | 9.8 Critical |
| All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. This Improper Authorization vulnerability allows an unauthenticated attacker to reset Confluence and create a Confluence instance administrator account. Using this account, an attacker can then perform all administrative actions that are available to Confluence instance administrator leading to - but not limited to - full loss of confidentiality, integrity and availability. Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue. | ||||
| CVE-2022-29871 | 2 Intel, Intel Csme Software Installer | 432 Atom X5-e3930, Atom X5-e3940, Atom X6200fe and 429 more | 2025-02-13 | 6.7 Medium |
| Improper access control in the Intel(R) CSME software installer before version 2239.3.7.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2021-3563 | 3 Debian, Openstack, Redhat | 3 Debian Linux, Keystone, Openstack Platform | 2025-02-13 | 7.4 High |
| A flaw was found in openstack-keystone. Only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The highest threat from this vulnerability is to data confidentiality and integrity. | ||||
| CVE-2021-3560 | 4 Canonical, Debian, Polkit Project and 1 more | 10 Ubuntu Linux, Debian Linux, Polkit and 7 more | 2025-02-13 | 7.8 High |
| It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | ||||
| CVE-2024-36055 | 2025-02-13 | 5.5 Medium | ||
| Hw64.sys in Marvin Test HW.exe before 5.0.5.0 allows unprivileged user-mode processes to arbitrarily map physical memory with read/write access via the MmMapIoSpace API (IOCTL 0x9c40a4f8, 0x9c40a4e8, 0x9c40a4c0, 0x9c40a4c4, 0x9c40a4ec, and seven others), leading to a denial of service (BSOD). | ||||
| CVE-2024-31682 | 1 Phonecleaner | 1 Boost\&cleaner | 2025-02-13 | 9.8 Critical |
| Incorrect access control in the fingerprint authentication mechanism of Phone Cleaner: Boost & Clean v2.2.0 allows attackers to bypass fingerprint authentication due to the use of a deprecated API. | ||||
| CVE-2022-2220 | 2025-02-13 | 0.0 Low | ||
| DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | ||||
| CVE-2019-7192 | 1 Qnap | 2 Photo Station, Qts | 2025-02-13 | 9.8 Critical |
| This improper access control vulnerability allows remote attackers to gain unauthorized access to the system. To fix these vulnerabilities, QNAP recommend updating Photo Station to their latest versions. | ||||
| CVE-2025-1214 | 2025-02-12 | 6.3 Medium | ||
| A vulnerability classified as critical has been found in pihome-shc PiHome 2.0. This affects an unknown part of the file /user_accounts.php?uid of the component Role-Based Access Control. The manipulation leads to missing authorization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-0781 | 2025-02-12 | 8.6 High | ||
| An attacker can bypass the sandboxing of Nasal scripts and arbitrarily write to any file path that the user has permission to modify at the operating-system level. | ||||
| CVE-2025-24479 | 2025-02-12 | N/A | ||
| A Local Code Execution Vulnerability exists in the product and version listed above. The vulnerability is due to a default setting in Windows and allows access to the Command Prompt as a higher privileged user. | ||||
| CVE-2024-41140 | 2025-02-12 | 8.1 High | ||
| Zohocorp ManageEngine Applications Manager versions 174000 and prior are vulnerable to the incorrect authorization in the update user function. | ||||
| CVE-2025-0937 | 2025-02-12 | 7.1 High | ||
| Nomad Community and Nomad Enterprise ("Nomad") event stream configured with a wildcard namespace can bypass the ACL Policy allowing reads on other namespaces. | ||||