Total
5442 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2008-7303 | 1 Apple | 1 Mac Os X | 2024-09-16 | N/A |
The nonet and nointernet sandbox profiles in Apple Mac OS X 10.5.x do not propagate restrictions to all created processes, which allows remote attackers to access network resources via a crafted application, as demonstrated by use of launchctl to trigger the launchd daemon's execution of a script file, a related issue to CVE-2011-1516. | ||||
CVE-2009-4150 | 1 Ibm | 2 Db2, Db2 Universal Database | 2024-09-16 | N/A |
dasauto in IBM DB2 8 before FP18, 9.1 before FP8, 9.5 before FP4, and 9.7 before FP1 permits execution by unprivileged user accounts, which has unspecified impact and local attack vectors. | ||||
CVE-2012-4400 | 1 Moodle | 1 Moodle | 2024-09-16 | N/A |
repository/repository_ajax.php in Moodle 2.2.x before 2.2.5 and 2.3.x before 2.3.2 allows remote authenticated users to bypass intended upload-size restrictions via a -1 value in the maxbytes field. | ||||
CVE-2010-5071 | 1 Microsoft | 2 Ie, Internet Explorer | 2024-09-16 | N/A |
The JavaScript implementation in Microsoft Internet Explorer 8.0 and earlier does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method. | ||||
CVE-2009-4997 | 1 Gnome | 1 Power Manager | 2024-09-16 | N/A |
gnome-power-manager 2.27.92 does not properly implement the lock_on_suspend and lock_on_hibernate settings for locking the screen when the suspend or hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via a resume action, a related issue to CVE-2010-2532. NOTE: this issue exists because of a regression that followed a gnome-power-manager fix a few years earlier. | ||||
CVE-2013-2301 | 1 Omron | 1 Openwnn | 2024-09-16 | N/A |
The OMRON OpenWnn application before 1.3.6 for Android uses weak permissions for unspecified files, which allows attackers to obtain sensitive information via an application that accesses the local filesystem. | ||||
CVE-2011-0729 | 1 Ubuntu | 1 Language-selector | 2024-09-16 | N/A |
dbus_backend/ls-dbus-backend in the D-Bus backend in language-selector before 0.6.7 does not restrict access on the basis of a PolicyKit check result, which allows local users to modify the /etc/default/locale and /etc/environment files via a (1) SetSystemDefaultLangEnv or (2) SetSystemDefaultLanguageEnv call. | ||||
CVE-2006-6683 | 1 Pedro Lineu Orso | 1 Chetcpasswd | 2024-09-16 | N/A |
Pedro Lineu Orso chetcpasswd 2.4.1 and earlier verifies and updates user accounts via custom code that processes /etc/shadow and does not follow the PAM configuration, which might allow remote attackers to bypass intended restrictions implemented through PAM. | ||||
CVE-2022-33969 | 1 Oxilab | 1 Flipbox | 2024-09-16 | 7.2 High |
Authenticated WordPress Options Change vulnerability in Biplob Adhikari's Flipbox plugin <= 2.6.0 at WordPress. | ||||
CVE-2019-0129 | 1 Intel | 1 Usb 3.0 Creator Utility | 2024-09-16 | N/A |
Improper permissions for Intel(R) USB 3.0 Creator Utility all versions may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
CVE-2008-5925 | 1 Asp-dev | 1 Xm Events Diary | 2024-09-16 | N/A |
ASP-DEv XM Events Diary stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for diary.mdb. | ||||
CVE-2011-2169 | 1 Google | 1 Chrome Os | 2024-09-16 | N/A |
Google Chrome OS before R12 0.12.433.38 Beta allows local users to gain privileges by creating a /var/lib/chromeos-aliases.conf file and placing commands in it. | ||||
CVE-2014-9953 | 1 Google | 1 Android | 2024-09-16 | N/A |
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36714770. | ||||
CVE-2019-1803 | 1 Cisco | 22 Nexus 9000 Series Application Centric Infrastructure, Nexus 93108tc-ex, Nexus 93120tx and 19 more | 2024-09-16 | 6.7 Medium |
A vulnerability in the filesystem management for the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an authenticated, local attacker with administrator rights to gain elevated privileges as the root user on an affected device. The vulnerability is due to overly permissive file permissions of specific system files. An attacker could exploit this vulnerability by authenticating to an affected device, creating a crafted command string, and writing this crafted string to a specific file location. A successful exploit could allow the attacker to execute arbitrary operating system commands as root on an affected device. The attacker would need to have valid administrator credentials for the device. | ||||
CVE-2020-12028 | 1 Rockwellautomation | 1 Factorytalk View | 2024-09-16 | 7.3 High |
In all versions of FactoryTalk View SEA remote, an authenticated attacker may be able to utilize certain handlers to interact with the data on the remote endpoint since those handlers do not enforce appropriate permissions. Rockwell Automation recommends enabling built in security features found within FactoryTalk View SE. Users should follow guidance found in knowledge base articles 109056 and 1126943 to set up IPSec and/or HTTPs. | ||||
CVE-2016-6811 | 1 Apache | 1 Hadoop | 2024-09-16 | N/A |
In Apache Hadoop 2.x before 2.7.4, a user who can escalate to yarn user can possibly run arbitrary commands as root user. | ||||
CVE-2012-2949 | 2 Google, Zte | 2 Android, Score M | 2024-09-16 | N/A |
The ZTE sync_agent program for Android 2.3.4 on the Score M device uses a hardcoded ztex1609523 password to control access to commands, which allows remote attackers to gain privileges via a crafted application. | ||||
CVE-2010-0535 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-09-16 | N/A |
Dovecot in Apple Mac OS X 10.6 before 10.6.3, when Kerberos is enabled, does not properly enforce the service access control list (SACL) for sending and receiving e-mail, which allows remote authenticated users to bypass intended access restrictions via unspecified vectors. | ||||
CVE-2013-5186 | 1 Apple | 1 Mac Os X | 2024-09-16 | N/A |
Power Management in Apple Mac OS X before 10.9 does not properly handle the interaction between locking and power assertions, which allows physically proximate attackers to obtain sensitive information by reading a screen that should have transitioned into the locked state. | ||||
CVE-2009-4913 | 1 Cisco | 1 Asa 5580 | 2024-09-16 | N/A |
The IPv6 implementation on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) exposes IP services on the "far side of the box," which might allow remote attackers to bypass intended access restrictions via IPv6 packets, aka Bug ID CSCso58622. |