Total
5482 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-9956 | 1 Google | 1 Android | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36389611.
|
|||||
| CVE-2014-9955 | 1 Google | 1 Android | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36384686.
|
|||||
| CVE-2014-9954 | 1 Google | 1 Android | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36388559.
|
|||||
| CVE-2014-9953 | 1 Google | 1 Android | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36714770.
|
|||||
| CVE-2014-9503 | 1 Open Atrium Project | 1 Open Atrium | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
|
The Discussions sub module in the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal allows remote authenticated users with "access content" permissions to modify arbitrary nodes by leveraging improper access checks on unspecified ajax callbacks.
|
|||||
| CVE-2014-8540 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
The groups API in GitLab 6.x and 7.x before 7.4.3 allows remote authenticated guest users to modify ownership of arbitrary groups by leveraging improper permission checks.
|
|||||
| CVE-2014-8421 | 2 Atos, Unify | 8 Openscape Desk Phone Ip 35g, Openscape Desk Phone Ip 35g Eco, Openscape Desk Phone Ip 55g and 5 more | 2024-11-21 | 8.5 HIGH | 7.5 HIGH |
|
Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 allow remote attackers to gain super-user privileges by leveraging SSH access and incorrect ownership of (1) ConfigureCoreFile.sh, (2) Traceroute.sh, (3) apps.sh, (4) conversion_java2native.sh, (5) coreCompression.sh, (6) deletePasswd.sh, (7) findHealthSvcFDs.sh, (8) fw_printenv.sh, (9) fw_setenv.sh, (10) hw_wd_kicker.sh, (11) new_rootfs.sh, (12) opera_killSnmpd.sh, (13) opera_startSnmpd.sh, (14) rebootOpe ...
Show More |
|||||
| CVE-2014-7862 | 1 Zohocorp | 1 Desktop Central | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The DCPluginServelet servlet in ManageEngine Desktop Central and Desktop Central MSP before build 90109 allows remote attackers to create administrator accounts via an addPlugInUser action.
|
|||||
| CVE-2014-7272 | 2 Fedoraproject, Sddm Project | 2 Fedora, Sddm | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
Simple Desktop Display Manager (SDDM) before 0.10.0 allows local users to gain root privileges because code running as root performs write operations within a user home directory, and this user may have created links in advance (exploitation requires the user to win a race condition in the ~/.Xauthority chown case, but not other cases).
|
|||||
| CVE-2014-5443 | 1 Seafile | 1 Seafile Server | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Seafile Server before 3.1.2 and Server Professional Edition before 3.1.0 allow local users to gain privileges via vectors related to ccnet handling user accounts.
|
|||||
| CVE-2014-5070 | 1 Microsemi | 2 S350i, S350i Firmware | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
Symmetricom s350i 2.70.15 allows remote authenticated users to gain privileges via vectors related to pushing unauthenticated users to the login page.
|
|||||
| CVE-2014-4919 | 1 Oxid-esales | 1 Eshop | 2024-11-21 | 5.8 MEDIUM | 5.4 MEDIUM |
|
OXID eShop Professional Edition before 4.7.13 and 4.8.x before 4.8.7, Enterprise Edition before 5.0.13 and 5.1.x before 5.1.7, and Community Edition before 4.7.13 and 4.8.x before 4.8.7 allow remote attackers to assign users to arbitrary dynamical user groups.
|
|||||
| CVE-2014-3752 | 1 Gdata-software | 1 Totalprotection | 2024-11-21 | 7.2 HIGH | 6.7 MEDIUM |
|
The MiniIcpt.sys driver in G Data TotalProtection 2014 24.0.2.1 and earlier allows local users with administrator rights to execute arbitrary code with SYSTEM privileges via a crafted 0x83170180 call.
|
|||||
| CVE-2014-2552 | 1 Brookinsconsulting | 1 Collected Information Export | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Brookins Consulting (BC) Collected Information Export extension for eZ Publish 1.1.0 does not properly restrict access, which allows remote attackers to gain access to sensitive data.
|
|||||
| CVE-2014-2079 | 2 Debian, X File Explorer Project | 2 Debian Linux, X File Explorer | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
X File Explorer (aka xfe) might allow local users to bypass intended access restrictions and gain access to arbitrary files by leveraging failure to use directory masks when creating files on Samba and NFS shares.
|
|||||
| CVE-2014-2071 | 1 Arubanetworks | 1 Clearpass | 2024-11-21 | 4.9 MEDIUM | 7.1 HIGH |
|
Aruba Networks ClearPass Policy Manager 6.1.x, 6.2.x before 6.2.5.61640 and 6.3.x before 6.3.0.61712, when configured to use tunneled and non-tunneled EAP methods in a single policy construct, allows remote authenticated users to gain privileges by advertising independent inner and outer identities within a tunneled EAP method.
|
|||||
| CVE-2014-1946 | 1 Opendocman | 1 Opendocman | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
OpenDocMan 1.2.7 and earlier does not properly validate allowed actions, which allows remote authenticated users to bypass an intended access restrictions and assign administrative privileges to themselves via a crafted request to signup.php.
|
|||||
| CVE-2014-1889 | 1 Buddypress | 1 Buddypress | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
The Group creation process in the Buddypress plugin before 1.9.2 for WordPress allows remote authenticated users to gain control of arbitrary groups by leveraging a missing permissions check.
|
|||||
| CVE-2014-1846 | 1 Enlightenment | 1 Enlightenment | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Enlightenment before 0.17.6 might allow local users to gain privileges via vectors involving the gdb method.
|
|||||
| CVE-2014-1845 | 1 Enlightenment | 1 Enlightenment | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
An unspecified setuid root helper in Enlightenment before 0.17.6 allows local users to gain privileges by leveraging failure to properly sanitize the environment.
|
|||||
| CVE-2014-1226 | 1 S3dvt Project | 1 S3dvt | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
The pipe_init_terminal function in main.c in s3dvt allows local users to gain privileges by leveraging setuid permissions and usage of bash 4.3 and earlier. NOTE: This vulnerability exists because of an incomplete fix for CVE-2013-6876.
|
|||||
| CVE-2014-10070 | 1 Zsh Project | 1 Zsh | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
zsh before 5.0.7 allows evaluation of the initial values of integer variables imported from the environment (instead of treating them as literal numbers). That could allow local privilege escalation, under some specific and atypical conditions where zsh is being invoked in privilege-elevation contexts when the environment has not been properly sanitized, such as when zsh is invoked by sudo on systems where "env_reset" has been disabled.
|
|||||
| CVE-2014-10058 | 1 Qualcomm | 30 Sd 205, Sd 205 Firmware, Sd 210 and 27 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 210/SD 212/SD 205, SD 400, SD 425, SD 427, SD 430, SD 435, SD 450, SD 617, SD 625, SD 650/52, SD 800, SD 845, and Snapdragon_High_Med_2016, unauthorized users can potentially modify system time.
|
|||||
| CVE-2014-10057 | 1 Qualcomm | 28 Mdm9615, Mdm9615 Firmware, Mdm9625 and 25 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, SD 210/SD 212/SD 205, SD 400, SD 425, SD 430, SD 435, SD 617, SD 625, and Snapdragon_High_Med_2016, binary Calibration files under data/misc/audio have 777 permissions.
|
|||||
| CVE-2014-10054 | 1 Qualcomm | 64 Mdm9206, Mdm9206 Firmware, Mdm9607 and 61 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8909W, QCA6174A, QCA6574AU, QCA9377, QCA9379, SD 210/SD 212/SD 205, SD 400, SD 450, SD 410/12, SD 425, SD 430, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, and SDX20, lack of input validation on BT HCI commands processing allows privilege escalation.
|
|||||
| CVE-2014-0087 | 1 Redhat | 1 Cloudforms Management Engine | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
The check_privileges method in vmdb/app/controllers/application_controller.rb in ManageIQ, as used in Red Hat CloudForms Management Engine (CFME), allows remote authenticated users to bypass authorization and gain privileges by leveraging improper RBAC checking, related to the rbac_user_edit action.
|
|||||
| CVE-2013-7202 | 1 Paypal | 1 Paypal | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
|
The WebHybridClient class in PayPal 5.3 and earlier for Android allows remote attackers to execute arbitrary JavaScript on the system.
|
|||||
| CVE-2013-6876 | 1 S3dvt Project | 1 S3dvt | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
The (1) pty_init_terminal and (2) pipe_init_terminal functions in main.c in s3dvt 0.2.2 and earlier allows local users to gain privileges by leveraging setuid permissions and usage of bash 4.3 and earlier. NOTE: this vulnerability was fixed with commit ad732f00b411b092c66a04c359da0f16ec3b387, but the version number was not changed.
|
|||||
| CVE-2013-4451 | 1 Gitolite | 1 Gitolite | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
gitolite commit fa06a34 through 3.5.3 might allow attackers to have unspecified impact via vectors involving world-writable permissions when creating (1) ~/.gitolite.rc, (2) ~/.gitolite, or (3) ~/repositories/gitolite-admin.git on fresh installs.
|
|||||
| CVE-2013-3947 | 1 Ahnlab | 1 V3 Internet Security | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
Buffer overflow in MedCoreD.sys in AhnLab V3 Internet Security 8.0.7.5 (Build 1373) allows local users to gain privileges via a crafted 0xA3350014 IOCTL call.
|
|||||
| CVE-2013-3024 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
IBM WebSphere Application Server (WAS) 8.5 through 8.5.0.2 on UNIX allows local users to gain privileges by leveraging improper process initialization. IBM X-Force ID: 84362.
|
|||||
| CVE-2013-0267 | 1 Apache | 1 Vcl | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
The Privileges portion of the web GUI and the XMLRPC API in Apache VCL 2.3.x before 2.3.2, 2.2.x before 2.2.2 and 2.1 allow remote authenticated users with nodeAdmin, manageGroup, resourceGrant, or userGrant permissions to gain privileges, cause a denial of service, or conduct cross-site scripting (XSS) attacks by leveraging improper data validation.
|
|||||
| CVE-2011-3172 | 1 Suse | 1 Suse Linux Enterprise Server | 2024-11-21 | 10.0 HIGH | 5.4 MEDIUM |
|
A vulnerability in pam_modules of SUSE Linux Enterprise allows attackers to log into accounts that should have been disabled. Affected releases are SUSE Linux Enterprise: versions prior to 12.
|
|||||
| CVE-2020-25720 | 2024-11-18 | N/A | 7.5 HIGH | ||
|
A vulnerability was found in Samba where a delegated administrator with permission to create objects in Active Directory can write to all attributes of the newly created object, including security-sensitive attributes, even after the object's creation. This issue occurs because the administrator owns the object due to the lack of an Access Control List (ACL) at the time of creation and later being recognized as the 'creator owner.' The retained significant rights of the delegated administrator m ...
Show More |
|||||
| CVE-2024-51524 | 1 Huawei | 1 Harmonyos | 2024-11-07 | N/A | 5.5 MEDIUM |
|
Permission control vulnerability in the Wi-Fi module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
|
|||||
| CVE-2024-51527 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-07 | N/A | 5.5 MEDIUM |
|
Permission control vulnerability in the Gallery app
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
|
|||||
| CVE-2024-20371 | 2024-11-06 | N/A | 5.3 MEDIUM | ||
|
A vulnerability in the access control list (ACL) programming of Cisco Nexus 3550-F Switches could allow an unauthenticated, remote attacker to send traffic that should be blocked to the management interface of an affected device.
This vulnerability exists because ACL deny rules are not properly enforced at the time of device reboot. An attacker could exploit this vulnerability by attempting to send traffic to the management interface of an affected device. A successful exploit could all ...
Show More |
|||||
| CVE-2024-20370 | 2024-10-25 | N/A | 6.0 MEDIUM | ||
|
A vulnerability in the Cisco FXOS CLI feature on specific hardware platforms for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to elevate their administrative privileges to root. The attacker would need valid administrative credentials on the device to exploit this vulnerability. This vulnerability exists because certain system configurations and executable files have insecure storage and permission ...
Show More |
|||||
| CVE-2024-45442 | 1 Huawei | 2 Emui, Harmonyos | 2024-09-13 | N/A | 7.5 HIGH |
|
Vulnerability of permission verification for APIs in the DownloadProviderMain module
Impact: Successful exploitation of this vulnerability will affect availability.
|
|||||
| CVE-2023-7265 | 1 Huawei | 2 Emui, Harmonyos | 2024-09-06 | N/A | 6.2 MEDIUM |
|
Permission verification vulnerability in the lock screen module
Impact: Successful exploitation of this vulnerability may affect availability
|
|||||