Lista CVE - 2025 / Febbraio
Visualizzazione 901 - 1000 di 3676 CVE per Febbraio 2025 (Pagina 10 di 37)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2024-12058 | 2025-02-11 | External control of a file name in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to read... |
| CVE-2024-13830 | 2025-02-11 | Reflected XSS in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required. |
| CVE-2024-13842 | 2025-02-11 | A hardcoded key in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.3 allows a local authenticated attacker with admin privileges to read sensitive data. |
| CVE-2024-13843 | 2025-02-11 | Cleartext storage of information in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a local authenticated attacker with admin privileges to read sensitive data. |
| CVE-2024-13813 | 2025-02-11 | Insufficient permissions in Ivanti Secure Access Client before version 22.8R1 allows a local authenticated attacker to delete arbitrary files. |
| CVE-2025-24807 | 2025-02-11 | Fast DDS does not verify Permissions CA |
| CVE-2025-24900 | 2025-02-11 | Concorde CSRF vulnerability due to insecure configuration of authentication cookie attributes |
| CVE-2025-24973 | 2025-02-11 | Concorde not removing authentication tokens after logging out |
| CVE-2025-24976 | 2025-02-11 | Distribution's token authentication allows attacker to inject an untrusted signing key in a JWT |
| CVE-2024-12797 | 2025-02-11 | RFC7250 handshakes with unauthenticated servers don't abort as expected |
| CVE-2025-24470 | 2025-02-11 | An Improper Resolution of Path Equivalence vulnerability [CWE-41] in FortiPortal 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.11 may allow a remote unauthenticated attacker to retrieve source code via... |
| CVE-2024-50569 | 2025-02-11 | A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb 7.0.0 through 7.6.0 allows attacker to execute unauthorized code or commands via crafted... |
| CVE-2024-52968 | 2025-02-11 | An improper authentication in Fortinet FortiClientMac 7.0.11 through 7.2.4 allows attacker to gain improper access to MacOS via empty password. |
| CVE-2024-52966 | 2025-02-11 | An exposure of sensitive information to an unauthorized actor in Fortinet FortiAnalyzer 6.4.0 through 7.6.0 allows attacker to cause information disclosure via filter manipulation. |
| CVE-2024-40591 | 2025-02-11 | An incorrect privilege assignment vulnerability [CWE-266] in Fortinet FortiOS version 7.6.0, 7.4.0 through 7.4.4, 7.2.0 through 7.2.9 and before 7.0.15 allows an authenticated admin whose access profile has the Security... |
| CVE-2024-35279 | 2025-02-11 | A stack-based buffer overflow [CWE-121] vulnerability in Fortinet FortiOS version 7.2.4 through 7.2.8 and version 7.4.0 through 7.4.4 allows a remote unauthenticated attacker to execute arbitrary code or commands via... |
| CVE-2024-33504 | 2025-02-11 | A use of hard-coded cryptographic key to encrypt sensitive data vulnerability [CWE-321] in FortiManager 7.6.0 through 7.6.1, 7.4.0 through 7.4.5, 7.2.0 through 7.2.9, 7.0 all versions, 6.4 all versions may... |
| CVE-2024-50567 | 2025-02-11 | An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb 7.4.0 through 7.6.0 allows attacker to execute unauthorized code or commands via crafted... |
| CVE-2023-40721 | 2025-02-11 | A use of externally-controlled format string vulnerability [CWE-134] in Fortinet FortiOS version 7.4.0 through 7.4.1 and before 7.2.6, FortiProxy version 7.4.0 and before 7.2.7, FortiPAM version 1.1.2 and before 1.0.3,... |
| CVE-2024-40586 | 2025-02-11 | An Improper Access Control vulnerability [CWE-284] in FortiClient Windows version 7.4.0, version 7.2.6 and below, version 7.0.13 and below may allow a local user to escalate his privileges via FortiSSLVPNd... |
| CVE-2024-36508 | 2025-02-11 | An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5 and Fortinet FortiAnalyzer version 7.4.0 through... |
| CVE-2024-40584 | 2025-02-11 | An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiAnalyzer version 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0... |
| CVE-2024-27781 | 2025-02-11 | An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox at least versions 4.4.0 through 4.4.4 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.4 and 3.2.0... |
| CVE-2024-27780 | 2025-02-11 | Multiple Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerabilities [CWE-79] in FortiSIEM 7.1 all versions, 7.0 all versions, 6.7 all versions incident page may allow an authenticated... |
| CVE-2025-22399 | 2025-02-11 | Dell UCC Edge, version 2.3.0, contains a Blind SSRF on Add Customer SFTP Server vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Server-side request... |
| CVE-2025-1126 | 2025-02-11 | Lexmark has identified a vulnerability in our Lexmark Print Management Client (LPMC). |
| CVE-2025-24472 | 2025-02-11 | An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS 7.0.0 through 7.0.16 and FortiProxy 7.2.0 through 7.2.12, 7.0.0 through 7.0.19 may allow a remote unauthenticated attacker... |
| CVE-2024-12755 | 2025-02-11 | Avaya Spaces XSS Vulnerability |
| CVE-2024-12756 | 2025-02-11 | Avaya Spaces HTML injection (HTMLi) Vulnerability |
| CVE-2025-21124 | 2025-02-11 | InDesign Desktop | Out-of-bounds Read (CWE-125) |
| CVE-2025-21121 | 2025-02-11 | InDesign Desktop | Out-of-bounds Write (CWE-787) |
| CVE-2025-21157 | 2025-02-11 | InDesign Desktop | Out-of-bounds Write (CWE-787) |
| CVE-2025-21123 | 2025-02-11 | InDesign Desktop | Heap-based Buffer Overflow (CWE-122) |
| CVE-2025-21125 | 2025-02-11 | InDesign Desktop | NULL Pointer Dereference (CWE-476) |
| CVE-2025-21158 | 2025-02-11 | InDesign Desktop | Integer Underflow (Wrap or Wraparound) (CWE-191) |
| CVE-2025-21126 | 2025-02-11 | InDesign Desktop | Improper Input Validation (CWE-20) |
| CVE-2025-21155 | 2025-02-11 | Substance3D - Stager | NULL Pointer Dereference (CWE-476) |
| CVE-2025-21156 | 2025-02-11 | InCopy | Integer Underflow (Wrap or Wraparound) (CWE-191) |
| CVE-2019-15002 | 2025-02-11 | An exploitable CSRF vulnerability exists in Atlassian Jira, from versions 7.6.4 to 8.1.0. The login form doesn’t require a CSRF token. As a result, an attacker can log a user... |
| CVE-2025-21159 | 2025-02-11 | Illustrator | Use After Free (CWE-416) |
| CVE-2025-21163 | 2025-02-11 | Illustrator | Stack-based Buffer Overflow (CWE-121) |
| CVE-2025-21160 | 2025-02-11 | Illustrator | Integer Underflow (Wrap or Wraparound) (CWE-191) |
| CVE-2025-21161 | 2025-02-11 | Substance3D - Designer | Out-of-bounds Write (CWE-787) |
| CVE-2025-26494 | 2025-02-11 | Server Side Request Forgery vulnerability in Tableau Server |
| CVE-2025-21162 | 2025-02-11 | Photoshop Elements | Creation of Temporary File in Directory with Incorrect Permissions (CWE-379) |
| CVE-2025-24435 | 2025-02-11 | Adobe Commerce | Improper Access Control (CWE-284) |
| CVE-2025-24408 | 2025-02-11 | Adobe Commerce | Information Exposure (CWE-200) |
| CVE-2025-24410 | 2025-02-11 | Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2025-24428 | 2025-02-11 | Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2025-24426 | 2025-02-11 | Adobe Commerce | Improper Access Control (CWE-284) |
| CVE-2025-24427 | 2025-02-11 | Adobe Commerce | Improper Access Control (CWE-284) |
| CVE-2025-24412 | 2025-02-11 | Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2025-24421 | 2025-02-11 | Adobe Commerce | Incorrect Authorization (CWE-863) |
| CVE-2025-24425 | 2025-02-11 | Adobe Commerce | Business Logic Errors (CWE-840) |
| CVE-2025-24409 | 2025-02-11 | Adobe Commerce | Incorrect Authorization (CWE-863) |
| CVE-2025-24417 | 2025-02-11 | Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2025-24406 | 2025-02-11 | Adobe Commerce | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22) |
| CVE-2025-24418 | 2025-02-11 | Adobe Commerce | Improper Authorization (CWE-285) |
| CVE-2025-24423 | 2025-02-11 | Adobe Commerce | Improper Access Control (CWE-284) |
| CVE-2025-24438 | 2025-02-11 | Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2025-24407 | 2025-02-11 | Adobe Commerce | Incorrect Authorization (CWE-863) |
| CVE-2025-24436 | 2025-02-11 | Adobe Commerce | Incorrect Authorization (CWE-863) |
| CVE-2025-24429 | 2025-02-11 | Adobe Commerce | Improper Access Control (CWE-284) |
| CVE-2025-24430 | 2025-02-11 | Adobe Commerce | Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367) |
| CVE-2025-24424 | 2025-02-11 | Adobe Commerce | Improper Access Control (CWE-284) |
| CVE-2025-24432 | 2025-02-11 | Adobe Commerce | Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367) |
| CVE-2025-24419 | 2025-02-11 | Adobe Commerce | Incorrect Authorization (CWE-863) |
| CVE-2025-24413 | 2025-02-11 | Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2025-24420 | 2025-02-11 | Adobe Commerce | Incorrect Authorization (CWE-863) |
| CVE-2025-24416 | 2025-02-11 | Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2025-24411 | 2025-02-11 | Adobe Commerce | Improper Access Control (CWE-284) |
| CVE-2025-24415 | 2025-02-11 | Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2025-24434 | 2025-02-11 | Adobe Commerce | Incorrect Authorization (CWE-863) |
| CVE-2025-24437 | 2025-02-11 | Adobe Commerce | Incorrect Authorization (CWE-863) |
| CVE-2025-24414 | 2025-02-11 | Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2025-24422 | 2025-02-11 | Adobe Commerce | Improper Access Control (CWE-284) |
| CVE-2025-26495 | 2025-02-11 | Sensitive Data Exposure in Tableau Server |
| CVE-2025-21188 | 2025-02-11 | Azure Network Watcher VM Extension Elevation of Privilege Vulnerability |
| CVE-2025-21206 | 2025-02-11 | Visual Studio Installer Elevation of Privilege Vulnerability |
| CVE-2025-21351 | 2025-02-11 | Windows Active Directory Domain Services API Denial of Service Vulnerability |
| CVE-2025-21352 | 2025-02-11 | Internet Connection Sharing (ICS) Denial of Service Vulnerability |
| CVE-2025-21368 | 2025-02-11 | Microsoft Digest Authentication Remote Code Execution Vulnerability |
| CVE-2025-21369 | 2025-02-11 | Microsoft Digest Authentication Remote Code Execution Vulnerability |
| CVE-2025-21375 | 2025-02-11 | Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability |
| CVE-2025-21376 | 2025-02-11 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability |
| CVE-2025-21379 | 2025-02-11 | DHCP Client Service Remote Code Execution Vulnerability |
| CVE-2025-21383 | 2025-02-11 | Microsoft Excel Information Disclosure Vulnerability |
| CVE-2025-21182 | 2025-02-11 | Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability |
| CVE-2025-21183 | 2025-02-11 | Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability |
| CVE-2025-21391 | 2025-02-11 | Windows Storage Elevation of Privilege Vulnerability |
| CVE-2025-21418 | 2025-02-11 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability |
| CVE-2025-21419 | 2025-02-11 | Windows Setup Files Cleanup Elevation of Privilege Vulnerability |
| CVE-2025-21420 | 2025-02-11 | Windows Disk Cleanup Tool Elevation of Privilege Vulnerability |
| CVE-2025-24036 | 2025-02-11 | Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability |
| CVE-2025-24039 | 2025-02-11 | Visual Studio Code Elevation of Privilege Vulnerability |
| CVE-2025-21259 | 2025-02-11 | Microsoft Outlook Spoofing Vulnerability |
| CVE-2025-21194 | 2025-02-11 | Microsoft Surface Security Feature Bypass Vulnerability |
| CVE-2025-21208 | 2025-02-11 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| CVE-2025-21406 | 2025-02-11 | Windows Telephony Service Remote Code Execution Vulnerability |
| CVE-2025-21407 | 2025-02-11 | Windows Telephony Service Remote Code Execution Vulnerability |