Total
5442 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-0453 | 1 Cisco | 1 Firepower Threat Defense | 2024-09-16 | N/A |
| A vulnerability in the Sourcefire tunnel control channel protocol in Cisco Firepower System Software running on Cisco Firepower Threat Defense (FTD) sensors could allow an authenticated, local attacker to execute specific CLI commands with root privileges on the Cisco Firepower Management Center (FMC), or through Cisco FMC on other Firepower sensors and devices that are controlled by the same Cisco FMC. To send the commands, the attacker must have root privileges for at least one affected sensor or the Cisco FMC. The vulnerability exists because the affected software performs insufficient checks for certain CLI commands, if the commands are executed via a Sourcefire tunnel connection. An attacker could exploit this vulnerability by authenticating with root privileges to a Firepower sensor or Cisco FMC, and then sending specific CLI commands to the Cisco FMC or through the Cisco FMC to another Firepower sensor via the Sourcefire tunnel connection. A successful exploit could allow the attacker to modify device configurations or delete files on the device that is running Cisco FMC Software or on any Firepower device that is managed by Cisco FMC. | ||||
| CVE-2020-7263 | 1 Mcafee | 1 Endpoint Security | 2024-09-16 | 6.5 Medium |
| Improper access control vulnerability in ESconfigTool.exe in McAfee Endpoint Security (ENS) for Windows all current versions allows local administrator to alter ENS configuration up to and including disabling all protection offered by ENS via insecurely implemented encryption of configuration for export and import. | ||||
| CVE-2010-2198 | 1 Rpm | 1 Rpm | 2024-09-16 | N/A |
| lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deletion of the file in an RPM package removal, which might allow local users to gain privileges or bypass intended access restrictions by creating a hard link to a vulnerable file that has (1) POSIX file capabilities or (2) SELinux context information, a related issue to CVE-2010-2059. | ||||
| CVE-2013-2300 | 1 Pm9 | 1 Flickwnn | 2024-09-16 | N/A |
| The FlickWnn (aka OpenWnn/Flick support) application 2.02 and earlier for Android uses weak permissions for unspecified files, which allows attackers to obtain sensitive information via an application that accesses the local filesystem. | ||||
| CVE-2016-5867 | 1 Google | 1 Android | 2024-09-16 | N/A |
| In a sound driver in Android for MSM, Firefox OS for MSM, QRD Android, some variables are from userspace and values can be chosen that could result in stack overflow. | ||||
| CVE-2010-2442 | 1 Microsoft | 1 Internet Explorer | 2024-09-16 | N/A |
| Microsoft Internet Explorer, possibly 8, does not properly restrict focus changes, which allows remote attackers to read keystrokes via "cross-domain IFRAME gadgets." | ||||
| CVE-2011-0219 | 2 Apple, Microsoft | 7 Mac Os X, Mac Os X Server, Safari and 4 more | 2024-09-16 | N/A |
| Apple Safari before 5.0.6 allows remote attackers to bypass the Same Origin Policy, and modify the rendering of text from arbitrary web sites, via a Java applet that loads fonts. | ||||
| CVE-2016-10345 | 1 Phusion | 1 Passenger | 2024-09-16 | N/A |
| In Phusion Passenger before 5.1.0, a known /tmp filename was used during passenger-install-nginx-module execution, which could allow local attackers to gain the privileges of the passenger user. | ||||
| CVE-2013-4604 | 1 Fortinet | 1 Fortios | 2024-09-16 | N/A |
| Fortinet FortiOS before 5.0.3 on FortiGate devices does not properly restrict Guest capabilities, which allows remote authenticated users to read, modify, or delete the records of arbitrary users by leveraging the Guest role. | ||||
| CVE-2011-0227 | 1 Apple | 1 Iphone Os | 2024-09-16 | N/A |
| The queueing primitives in IOMobileFrameBuffer in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 do not properly perform type conversion, which allows local users to gain privileges via a crafted application. | ||||
| CVE-2009-5008 | 1 Cisco | 1 Secure Desktop | 2024-09-16 | N/A |
| Cisco Secure Desktop (CSD), when used in conjunction with an AnyConnect SSL VPN server, does not properly perform verification, which allows local users to bypass intended policy restrictions via a modified executable file. | ||||
| CVE-2012-4106 | 1 Cisco | 1 Unified Computing System | 2024-09-16 | N/A |
| The fabric-interconnect component in Cisco Unified Computing System (UCS) uses the same privilege level for execution of every script, which allows local users to gain privileges and execute arbitrary commands via an unspecified script-execution approach, aka Bug ID CSCtq86477. | ||||
| CVE-2011-4770 | 2 Android, Qiwi | 2 Android, Wallet | 2024-09-16 | N/A |
| The QIWI Wallet (ru.mw) application before 1.14.2 for Android does not properly protect data, which allows remote attackers to read or modify financial information via a crafted application. | ||||
| CVE-2013-5188 | 1 Apple | 1 Mac Os X | 2024-09-16 | N/A |
| The Screen Lock implementation in Apple Mac OS X before 10.9, when hibernation and autologin are enabled, does not require a password for a transition out of hibernation, which allows physically proximate attackers to obtain access by visiting an unattended workstation in the hibernating state. | ||||
| CVE-2011-1311 | 1 Ibm | 1 Websphere Application Server | 2024-09-16 | N/A |
| The Security component in IBM WebSphere Application Server (WAS) before 7.0.0.15, when a J2EE 1.4 application is used, determines the security role mapping on the basis of the ibm-application-bnd.xml file instead of the intended ibm-application-bnd.xmi file, which might allow remote authenticated users to gain privileges in opportunistic circumstances by requesting a service. | ||||
| CVE-2015-7230 | 1 Workbench Email Project | 1 Workbench Email | 2024-09-16 | N/A |
| The Workbench Email module 7.x-3.x before 7.x-3.4 for Drupal allows remote authenticated users with certain permissions to bypass node and field validation by saving a node. | ||||
| CVE-2013-5162 | 1 Apple | 1 Iphone Os | 2024-09-16 | N/A |
| Passcode Lock in Apple iOS before 7.0.3 on iPhone devices allows physically proximate attackers to bypass the passcode-failure disabled state by leveraging certain incorrect visibility of the passcode-entry view after use of the Phone app. | ||||
| CVE-2012-4908 | 1 Google | 2 Android, Chrome | 2024-09-16 | N/A |
| Google Chrome before 18.0.1025308 on Android allows remote attackers to bypass the Same Origin Policy and obtain access to local files via vectors involving a symlink. | ||||
| CVE-2019-1906 | 1 Cisco | 1 Prime Infrastructure | 2024-09-16 | 6.5 Medium |
| A vulnerability in the Virtual Domain system of Cisco Prime Infrastructure (PI) could allow an authenticated, remote attacker to change the virtual domain configuration, which could lead to privilege escalation. The vulnerability is due to improper validation of API requests. An attacker could exploit this vulnerability by manipulating requests sent to an affected PI server. A successful exploit could allow the attacker to change the virtual domain configuration and possibly elevate privileges. | ||||
| CVE-2009-3298 | 1 Mahara | 1 Mahara | 2024-09-16 | N/A |
| Mahara before 1.0.13, and 1.1.x before 1.1.7, allows remote authenticated institution administrators to reset a site administrator password via unspecified vectors. | ||||