Total
1375 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-12457 | 1 Expresscart Project | 1 Expresscart | 2024-09-16 | N/A |
| expressCart before 1.1.6 allows remote attackers to create an admin user via a /admin/setup Referer header. | ||||
| CVE-2017-1000221 | 1 Apereo | 1 Opencast | 2024-09-16 | N/A |
| In Opencast 2.2.3 and older if user names overlap, the Opencast search service used for publication to the media modules and players will handle the access control incorrectly so that users only need to match part of the user name used for the access restriction. For example, a user with the role ROLE_USER will have access to recordings published only for ROLE_USER_X. | ||||
| CVE-2018-11792 | 1 Apache | 1 Impala | 2024-09-16 | N/A |
| In Apache Impala before 3.0.1, ALTER TABLE/VIEW RENAME required ALTER on the old table. This may pose a potential security risk, such as having ALTER on a table and ALL on a particular database allows a user to move the table to a database with ALL, which will automatically grant that user with ALL privilege on that table due to the privilege inherited from the database. | ||||
| CVE-2020-5371 | 1 Dell | 2 Emc Isilon Onefs, Emc Powerscale Onefs | 2024-09-16 | 8 High |
| Dell EMC Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale version 9.0.0 contain a file permissions vulnerability. An attacker, with network or local file access, could take advantage of insufficiently applied file permissions or gain unauthorized access to files. | ||||
| CVE-2018-20567 | 1 Douco | 1 Douphp | 2024-09-16 | N/A |
| An issue was discovered in DouCo DouPHP 1.5 20181221. \install\index.php allows a reload of the product in opportunistic circumstances in which install.lock cannot be read. | ||||
| CVE-2020-5369 | 1 Dell | 2 Emc Isilon Onefs, Emc Powerscale Onefs | 2024-09-16 | 8.8 High |
| Dell EMC Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale OneFS version 9.0.0 contain a privilege escalation vulnerability. An authenticated malicious user may exploit this vulnerability by using SyncIQ to gain unauthorized access to system management files. | ||||
| CVE-2017-11156 | 1 Synology | 1 Download Station | 2024-09-16 | N/A |
| Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 uses weak permissions (0777) for ui/dlm/btsearch directory, which allows remote authenticated users to execute arbitrary code by uploading an executable via unspecified vectors. | ||||
| CVE-2018-12168 | 1 Intel | 1 Computing Improvement Program | 2024-09-16 | N/A |
| Privilege escalation in file permissions in Intel Computing Improvement Program before version 2.2.0.03942 may allow an authenticated user to potentially execute code as administrator via local access. | ||||
| CVE-2017-0752 | 1 Google | 1 Android | 2024-09-16 | N/A |
| A elevation of privilege vulnerability in the Android framework (windowmanager). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-62196835. | ||||
| CVE-2019-0073 | 1 Juniper | 1 Junos | 2024-09-16 | 6.6 Medium |
| The PKI keys exported using the command "run request security pki key-pair export" on Junos OS may have insecure file permissions. This may allow another user on the Junos OS device with shell access to read them. This issue affects: Juniper Networks Junos OS 15.1X49 versions prior to 15.1X49-D180; 17.3 versions prior to 17.3R3-S7; 17.4 versions prior to 17.4R2-S8, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R3; 18.3 versions prior to 18.3R2; 18.4 versions prior to 18.4R2. | ||||
| CVE-2018-1203 | 1 Dell | 1 Emc Isilon Onefs | 2024-09-16 | N/A |
| In Dell EMC Isilon OneFS, the compadmin is able to run tcpdump binary with root privileges. In versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, the tcpdump binary, being run with sudo, may potentially be used by compadmin to execute arbitrary code with root privileges. | ||||
| CVE-2018-1417 | 2 Ibm, Redhat | 3 Java Sdk, Network Satellite, Rhel Extras | 2024-09-16 | N/A |
| Under certain circumstances, a flaw in the J9 JVM (IBM SDK, Java Technology Edition 7.1 and 8.0) allows untrusted code running under a security manager to elevate its privileges. IBM X-Force ID: 138823. | ||||
| CVE-2019-2001 | 1 Google | 1 Android | 2024-09-16 | N/A |
| The permissions on /proc/iomem were world-readable. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-117422211. | ||||
| CVE-2021-27764 | 1 Hcltech | 1 Bigfix Webui | 2024-09-16 | 7.4 High |
| Cookie without HTTPONLY flag set. NUMBER cookie(s) was set without Secure or HTTPOnly flags. The images show the cookie with the missing flag. (WebUI) | ||||
| CVE-2020-28482 | 1 Fastify | 1 Fastify-csrf | 2024-09-16 | 5.9 Medium |
| This affects the package fastify-csrf before 3.0.0. 1. The generated cookie used insecure defaults, and did not have the httpOnly flag on: cookieOpts: { path: '/', sameSite: true } 2. The CSRF token was available in the GET query parameter | ||||
| CVE-2018-12217 | 1 Intel | 1 Graphics Driver | 2024-09-16 | N/A |
| Insufficient access control in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables a privileged user to read device configuration information via local access. | ||||
| CVE-2020-4311 | 1 Ibm | 1 Tivoli Monitoring | 2024-09-16 | 7.0 High |
| IBM Tivoli Monitoring 6.3.0 could allow a local attacker to execute arbitrary code on the system. By placing a specially crafted file, an attacker could exploit this vulnerability to load other DLL files located in the same directory and execute arbitrary code on the system. IBM X-Force ID: 177083. | ||||
| CVE-2024-2905 | 1 Redhat | 3 Enterprise Linux, Openshift, Rhel Eus | 2024-09-16 | 6.2 Medium |
| A security vulnerability has been discovered within rpm-ostree, pertaining to the /etc/shadow file in default builds having the world-readable bit enabled. This issue arises from the default permissions being set at a higher level than recommended, potentially exposing sensitive authentication data to unauthorized access. | ||||
| CVE-2018-1197 | 1 Pivotal Software | 1 Windows Stemcells | 2024-09-16 | N/A |
| In Windows Stemcells versions prior to 1200.14, apps running inside containers in Windows on Google Cloud Platform are able to access the metadata endpoint. A malicious developer could use this access to gain privileged credentials. | ||||
| CVE-2021-20423 | 1 Ibm | 1 Cloud Pak For Applications | 2024-09-16 | 8.8 High |
| IBM Cloud Pak for Applications 4.3 could allow an authenticated user gain escalated privilesges due to improper application permissions. IBM X-Force ID: 196308. | ||||