Total
1461 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-9474 | 1 Simpolio Project | 1 Simpolio | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
The Simpolio theme 1.3.2 for WordPress has insufficient restrictions on option updates.
|
|||||
| CVE-2014-7303 | 1 Hp | 1 Sgi Tempo | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for certain files, which allows local users to obtain password hashes and possibly other unspecified sensitive information by reading etc/dbdump.db.
|
|||||
| CVE-2014-7302 | 1 Hp | 1 Sgi Tempo | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for certain files, which allows local users to change the permissions of arbitrary files by executing /opt/sgi/sgimc/bin/vx.
|
|||||
| CVE-2014-7301 | 1 Hp | 1 Sgi Tempo | 2024-11-21 | 4.6 MEDIUM | 6.6 MEDIUM |
|
SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for certain files, which allows local users to obtain password hashes and possibly other unspecified sensitive information by reading /etc/odapw.
|
|||||
| CVE-2014-2723 | 1 Fortinet | 8 Fortibalancer 1000, Fortibalancer 1000 Firmware, Fortibalancer 2000 and 5 more | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
|
In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The vulnerability is caused by a configuration error, and is not the result of an underlying SSH defect.
|
|||||
| CVE-2014-2722 | 1 Fortinet | 8 Fortibalancer 1000, Fortibalancer 1000 Firmware, Fortibalancer 2000 and 5 more | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
|
In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The vulnerability is caused by a configuration error, and is not the result of an underlying SSH defect.
|
|||||
| CVE-2014-2721 | 1 Fortinet | 8 Fortibalancer 1000, Fortibalancer 1000 Firmware, Fortibalancer 2000 and 5 more | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
|
In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The vulnerability is caused by a configuration error, and is not the result of an underlying SSH defect.
|
|||||
| CVE-2013-4859 | 1 Insteon | 2 Hub, Hub Firmware | 2024-11-21 | 9.3 HIGH | 8.1 HIGH |
|
INSTEON Hub 2242-222 lacks Web and API authentication
|
|||||
| CVE-2013-4764 | 1 Samsung | 4 Galaxy S3, Galaxy S3 Firmware, Galaxy S4 and 1 more | 2024-11-21 | 2.1 LOW | 4.3 MEDIUM |
|
Samsung Galaxy S3/S4 exposes an unprotected component allowing an unprivileged app to send arbitrary SMS texts to arbitrary destinations without permission.
|
|||||
| CVE-2013-4763 | 1 Samsung | 4 Galaxy S3, Galaxy S3 Firmware, Galaxy S4 and 1 more | 2024-11-21 | 2.1 LOW | 4.6 MEDIUM |
|
Samsung Galaxy S3/S4 exposes an unprotected component allowing arbitrary SMS text messages without requesting permission.
|
|||||
| CVE-2013-1425 | 2 Debian, Ldap Git Backup Project | 2 Debian Linux, Ldap Git Backup | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
ldap-git-backup before 1.0.4 exposes password hashes due to incorrect directory permissions.
|
|||||
| CVE-2012-6136 | 3 Debian, Fedoraproject, Redhat | 7 Debian Linux, Fedora, Enterprise Linux and 4 more | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
|
tuned 2.10.0 creates its PID file with insecure permissions which allows local users to kill arbitrary processes.
|
|||||
| CVE-2012-5578 | 1 Python | 1 Keyring | 2024-11-21 | 2.1 LOW | 6.2 MEDIUM |
|
Python keyring has insecure permissions on new databases allowing world-readable files to be created
|
|||||
| CVE-2012-5577 | 2 Debian, Python | 2 Debian Linux, Keyring | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Python keyring lib before 0.10 created keyring files with world-readable permissions.
|
|||||
| CVE-2012-4434 | 1 Cipherdyne | 1 Fwknop | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
fwknop before 2.0.3 allow remote authenticated users to cause a denial of service (server crash) or possibly execute arbitrary code.
|
|||||
| CVE-2012-1157 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
Moodle before 2.2.2 has a default repository capabilities issue where all repositories are viewable by all users by default
|
|||||
| CVE-2011-1762 | 1 Wordpress | 1 Wordpress | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
A flaw exists in Wordpress related to the 'wp-admin/press-this.php 'script improperly checking user permissions when publishing posts. This may allow a user with 'Contributor-level' privileges to post as if they had 'publish_posts' permission.
|
|||||
| CVE-2010-5108 | 2 Debian, Edgewall | 2 Debian Linux, Trac | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Trac 0.11.6 does not properly check workflow permissions before modifying a ticket. This can be exploited by an attacker to change the status and resolution of tickets without having proper permissions.
|
|||||
| CVE-2024-48292 | 2024-11-19 | N/A | 8.8 HIGH | ||
|
An issue in the wssrvc.exe service of QuickHeal Antivirus Pro Version v24.0 and Quick Heal Total Security v24.0 allows authenticated attackers to escalate privileges.
|
|||||
| CVE-2024-48293 | 2024-11-19 | N/A | 6.5 MEDIUM | ||
|
Incorrect access control in QuickHeal Antivirus Pro 24.1.0.182 and earlier allows authenticated attackers with low-level privileges to arbitrarily modify antivirus settings.
|
|||||
| CVE-2024-51051 | 2024-11-19 | N/A | 9.8 CRITICAL | ||
|
AVSCMS v8.2.0 was discovered to contain weak default credentials for the Administrator account.
|
|||||
| CVE-2024-51765 | 2024-11-19 | N/A | 5.5 MEDIUM | ||
|
A security vulnerability has been identified in HPE Cray Data Virtualization Service (DVS). Depending on configuration, this vulnerability may lead to local/cluster unauthorized access.
|
|||||
| CVE-2024-51764 | 2024-11-19 | N/A | 5.5 MEDIUM | ||
|
A security vulnerability has been identified in HPE Data Management Framework (DMF) Suite (CXFS). Depending on configuration, this vulnerability may lead to local/cluster unauthorized access.
|
|||||
| CVE-2024-44760 | 1 Sunmochina | 1 Enterprise Management System | 2024-11-15 | N/A | 7.5 HIGH |
|
Incorrect access control in the component /servlet/SnoopServlet of Shenzhou News Union Enterprise Management System v5.0 through v18.8 allows attackers to access sensitive information regarding the server.
|
|||||
| CVE-2024-5474 | 1 Lenovo | 1 Dolby Vision Provisioning | 2024-11-15 | N/A | 5.5 MEDIUM |
|
A potential information disclosure vulnerability was reported in Lenovo's packaging of Dolby Vision Provisioning software prior to version 2.0.0.2 that could allow a local attacker to read files on the system with elevated privileges during installation of the package. Previously installed versions are not affected by this issue.
|
|||||
| CVE-2024-25647 | 2024-11-15 | N/A | 6.7 MEDIUM | ||
|
Incorrect default permissions for some Intel(R) Binary Configuration Tool software for Windows before version 3.4.5 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2024-29083 | 2024-11-15 | N/A | 6.7 MEDIUM | ||
|
Incorrect default permissions in some Intel(R) Distribution for Python software before version 2024.2 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2024-49504 | 2024-11-13 | N/A | N/A | ||
|
grub2 allowed attackers with access to the grub shell to access files on the encrypted disks.
|
|||||
| CVE-2024-34679 | 1 Samsung | 1 Android | 2024-11-12 | N/A | 7.1 HIGH |
|
Incorrect default permissions in Crane prior to SMR Nov-2024 Release 1 allows local attackers to access files with phone privilege.
|
|||||
| CVE-2024-47593 | 2024-11-12 | N/A | 4.3 MEDIUM | ||
|
SAP NetWeaver Application Server ABAP allows an unauthenticated attacker with network access to read files from the server, which otherwise would be restricted.This attack is possible only if a Web Dispatcher or some sort of Proxy Server is in use and the file in question was previously opened or downloaded in an application based on SAP GUI for HTML Technology. This will not compromise the application's integrity or availability.
|
|||||
| CVE-2024-36063 | 2024-11-08 | N/A | 7.5 HIGH | ||
|
The Goodwy com.goodwy.dialer (aka Right Dialer) application through 5.1.0 for Android enables any application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.goodwy.dialer.activities.DialerActivity component.
|
|||||
| CVE-2024-9191 | 1 Okta | 1 Verify | 2024-11-05 | N/A | 7.8 HIGH |
|
The Okta Device Access features, provided by the Okta Verify agent for Windows, provides access to the OktaDeviceAccessPipe, which enables attackers in a compromised device to retrieve passwords associated with Desktop MFA passwordless logins. The vulnerability was discovered via routine penetration testing.
Note: A precondition of this vulnerability is that the user must be using the Okta Device Access passwordless feature. Okta Device Access users not using passwordless are not affected, and ...
Show More |
|||||
| CVE-2024-42028 | 2024-10-29 | N/A | 8.8 HIGH | ||
|
A Local privilege escalation vulnerability found in a Self-Hosted UniFi Network Server with UniFi Network Application (Version 8.4.62 and earlier) allows a malicious actor with a local operational system user to execute high privilege actions on UniFi Network Server.
|
|||||
| CVE-2024-47012 | 1 Google | 1 Android | 2024-10-28 | N/A | 7.8 HIGH |
|
In mm_GetMobileIdIndexForNsUpdate of mm_GmmPduCodec.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2024-44100 | 1 Google | 32 Android, Pixel, Pixel 2 and 29 more | 2024-10-28 | N/A | 7.5 HIGH |
|
Android before 2024-10-05 on Google Pixel devices allows information disclosure in the modem component, A-299774545.
|
|||||
| CVE-2024-9947 | 1 Properfraction | 1 Profilepress | 2024-10-25 | N/A | 9.8 CRITICAL |
|
The ProfilePress Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.11.1. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email and the user does not have an already-existing account for the service returning the token.
|
|||||
| CVE-2024-10183 | 2024-10-23 | N/A | N/A | ||
|
A vulnerability in Jamf Pro's Jamf Remote Assist tool allows a local, non-privileged user to escalate their privileges to root on MacOS systems.
|
|||||
| CVE-2024-47240 | 1 Dell | 1 Secure Connect Gateway | 2024-10-22 | N/A | 6.3 MEDIUM |
|
Dell Secure Connect Gateway (SCG) 5.24 contains an Incorrect Default Permissions vulnerability. A local attacker with low privileges can access the file system and could potentially exploit this vulnerability to gain write access to unauthorized data and cause a version update failure condition.
|
|||||
| CVE-2024-49389 | 1 Acronis | 1 Cyber Files | 2024-10-18 | N/A | 7.8 HIGH |
|
Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Files (Windows) before build 9.0.0x24.
|
|||||
| CVE-2023-42133 | 2024-10-15 | N/A | 6.7 MEDIUM | ||
|
PAX Android based POS devices allow for escalation of privilege via improperly configured scripts.
An attacker must have shell access with system account privileges in order to exploit this vulnerability.
A patch addressing this issue was included in firmware version PayDroid_8.1.0_Sagittarius_V11.1.61_20240226.
|
|||||