Total
1057 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-4764 | 1 Samsung | 4 Galaxy S3, Galaxy S3 Firmware, Galaxy S4 and 1 more | 2024-08-06 | 4.3 Medium |
| Samsung Galaxy S3/S4 exposes an unprotected component allowing an unprivileged app to send arbitrary SMS texts to arbitrary destinations without permission. | ||||
| CVE-2013-4763 | 1 Samsung | 4 Galaxy S3, Galaxy S3 Firmware, Galaxy S4 and 1 more | 2024-08-06 | 4.6 Medium |
| Samsung Galaxy S3/S4 exposes an unprotected component allowing arbitrary SMS text messages without requesting permission. | ||||
| CVE-2013-4394 | 2 Debian, Systemd Project | 2 Debian Linux, Systemd | 2024-08-06 | N/A |
| The SetX11Keyboard function in systemd, when PolicyKit Local Authority (PKLA) is used to change the group permissions on the X Keyboard Extension (XKB) layouts description, allows local users in the group to modify the Xorg X11 Server configuration file and possibly gain privileges via vectors involving "special and control characters." | ||||
| CVE-2013-4281 | 1 Redhat | 1 Openshift | 2024-08-06 | 5.5 Medium |
| In Red Hat Openshift 1, weak default permissions are applied to the /etc/openshift/server_priv.pem file on the broker server, which could allow users with local access to the broker to read this file. | ||||
| CVE-2024-20005 | 2024-08-06 | 8.2 High | ||
| In da, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08355599; Issue ID: ALPS08355599. | ||||
| CVE-2013-1425 | 2 Debian, Ldap Git Backup Project | 2 Debian Linux, Ldap Git Backup | 2024-08-06 | 5.5 Medium |
| ldap-git-backup before 1.0.4 exposes password hashes due to incorrect directory permissions. | ||||
| CVE-2013-0632 | 1 Adobe | 1 Coldfusion | 2024-08-06 | 9.8 Critical |
| administrator.cfc in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to bypass authentication and possibly execute arbitrary code by logging in to the RDS component using the default empty password and leveraging this session to access the administrative web interface, as exploited in the wild in January 2013. | ||||
| CVE-2014-7301 | 1 Hp | 1 Sgi Tempo | 2024-08-06 | 6.6 Medium |
| SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for certain files, which allows local users to obtain password hashes and possibly other unspecified sensitive information by reading /etc/odapw. | ||||
| CVE-2014-7302 | 1 Hp | 1 Sgi Tempo | 2024-08-06 | 7.8 High |
| SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for certain files, which allows local users to change the permissions of arbitrary files by executing /opt/sgi/sgimc/bin/vx. | ||||
| CVE-2014-7303 | 1 Hp | 1 Sgi Tempo | 2024-08-06 | 7.8 High |
| SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for certain files, which allows local users to obtain password hashes and possibly other unspecified sensitive information by reading etc/dbdump.db. | ||||
| CVE-2014-2723 | 1 Fortinet | 8 Fortibalancer 1000, Fortibalancer 1000 Firmware, Fortibalancer 2000 and 5 more | 2024-08-06 | 8.8 High |
| In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The vulnerability is caused by a configuration error, and is not the result of an underlying SSH defect. | ||||
| CVE-2014-2722 | 1 Fortinet | 8 Fortibalancer 1000, Fortibalancer 1000 Firmware, Fortibalancer 2000 and 5 more | 2024-08-06 | 8.8 High |
| In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The vulnerability is caused by a configuration error, and is not the result of an underlying SSH defect. | ||||
| CVE-2014-2721 | 1 Fortinet | 8 Fortibalancer 1000, Fortibalancer 1000 Firmware, Fortibalancer 2000 and 5 more | 2024-08-06 | 8.8 High |
| In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The vulnerability is caused by a configuration error, and is not the result of an underlying SSH defect. | ||||
| CVE-2015-9476 | 1 Teardrop Project | 1 Teardrop | 2024-08-06 | 8.8 High |
| The Teardrop theme 1.8.1 for WordPress has insufficient restrictions on option updates. | ||||
| CVE-2015-9477 | 1 Vernissage Project | 1 Vernissage | 2024-08-06 | 8.8 High |
| The Vernissage theme 1.2.8 for WordPress has insufficient restrictions on option updates. | ||||
| CVE-2015-9474 | 1 Simpolio Project | 1 Simpolio | 2024-08-06 | 8.8 High |
| The Simpolio theme 1.3.2 for WordPress has insufficient restrictions on option updates. | ||||
| CVE-2015-9475 | 1 Pont Project | 1 Pont | 2024-08-06 | 8.8 High |
| The Pont theme 1.5 for WordPress has insufficient restrictions on option updates. | ||||
| CVE-2015-7985 | 1 Valvesoftware | 1 Steam Client | 2024-08-06 | N/A |
| Valve Steam 2.10.91.91 uses weak permissions (Users: read and write) for the Install folder, which allows local users to gain privileges via a Trojan horse steam.exe file. | ||||
| CVE-2015-7378 | 1 Watchguard | 1 Panda Url Filtering | 2024-08-06 | 7.8 High |
| Panda Security URL Filtering before 4.3.1.9 uses a weak ACL for the "Panda Security URL Filtering" directory and installed files, which allows local users to gain SYSTEM privileges by modifying Panda_URL_Filteringb.exe. | ||||
| CVE-2016-6914 | 2 Microsoft, Ui | 2 Windows, Unifi Video | 2024-08-06 | 7.8 High |
| Ubiquiti UniFi Video before 3.8.0 for Windows uses weak permissions for the installation directory, which allows local users to gain SYSTEM privileges via a Trojan horse taskkill.exe file. | ||||