Total
5442 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2019-6195 | 1 Lenovo | 33 Thinkagile Hx 1000, Thinkagile Hx 2000, Thinkagile Hx 3000 and 30 more | 2024-09-16 | 4.8 Medium |
An authorization bypass exists in Lenovo XClarity Controller (XCC) versions prior to 3.08 CDI340V, 3.01 TEI392O, 1.71 PSI328N where a valid authenticated user with lesser privileges may be granted read-only access to higher-privileged information if 1) “LDAP Authentication Only with Local Authorization” mode is configured and used by XCC, and 2) a lesser privileged user logs into XCC within 1 minute of a higher privileged user logging out. The authorization bypass does not exist when “Local Authentication and Authorization” or “LDAP Authentication and Authorization” modes are configured and used by XCC. | ||||
CVE-2015-8754 | 1 Acquia | 1 Mollom | 2024-09-16 | N/A |
The Mollom module 6.x-2.7 before 6.x-2.15 for Drupal allows remote attackers to bypass intended access restrictions and modify the mollom blacklist via unspecified vectors. | ||||
CVE-2013-1033 | 1 Apple | 1 Mac Os X | 2024-09-16 | N/A |
Screen Lock in Apple Mac OS X before 10.8.5 does not properly track sessions, which allows remote authenticated users to bypass locking by leveraging screen-sharing access. | ||||
CVE-2024-45442 | 1 Huawei | 2 Emui, Harmonyos | 2024-09-13 | 5.1 Medium |
Vulnerability of permission verification for APIs in the DownloadProviderMain module Impact: Successful exploitation of this vulnerability will affect availability. | ||||
CVE-2024-42035 | 1 Huawei | 2 Emui, Harmonyos | 2024-09-11 | 8.4 High |
Permission control vulnerability in the App Multiplier module Impact:Successful exploitation of this vulnerability may affect functionality and confidentiality. | ||||
CVE-2023-7265 | 1 Huawei | 2 Emui, Harmonyos | 2024-09-06 | 4 Medium |
Permission verification vulnerability in the lock screen module Impact: Successful exploitation of this vulnerability may affect availability | ||||
CVE-2024-45449 | 1 Huawei | 2 Emui, Harmonyos | 2024-09-06 | 5.1 Medium |
Access permission verification vulnerability in the ringtone setting module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
CVE-2023-52106 | 1 Huawei | 1 Harmonyos | 2024-09-04 | 4.4 Medium |
Vulnerability of permission verification for APIs in the DownloadProviderMain module. Impact: Successful exploitation of this vulnerability will affect integrity and availability. | ||||
CVE-2000-0844 | 13 Caldera, Conectiva, Debian and 10 more | 16 Openlinux, Openlinux Ebuilder, Openlinux Eserver and 13 more | 2024-08-08 | N/A |
Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen. | ||||
CVE-2000-0219 | 1 Redhat | 1 Linux | 2024-08-08 | N/A |
Red Hat 6.0 allows local users to gain root access by booting single user and hitting ^C at the password prompt. | ||||
CVE-2001-1371 | 1 Oracle | 1 Application Server | 2024-08-08 | N/A |
The default configuration of Oracle Application Server 9iAS 1.0.2.2 enables SOAP and allows anonymous users to deploy applications by default via urn:soap-service-manager and urn:soap-provider-manager. | ||||
CVE-2001-1247 | 2 Php, Redhat | 2 Php, Linux | 2024-08-08 | N/A |
PHP 4.0.4pl1 and 4.0.5 in safe mode allows remote attackers to read and write files owned by the web server UID by uploading a PHP script that uses the error_log function to access the files. | ||||
CVE-2001-1009 | 2 Fetchmail, Redhat | 2 Fetchmail, Linux | 2024-08-08 | N/A |
Fetchmail (aka fetchmail-ssl) before 5.8.17 allows a remote malicious (1) IMAP server or (2) POP/POP3 server to overwrite arbitrary memory and possibly gain privileges via a negative index number as part of a response to a LIST request. | ||||
CVE-2001-0771 | 1 Spytech-web | 1 Spyanywhere | 2024-08-08 | N/A |
Spytech SpyAnywhere 1.50 allows remote attackers to gain administrator access via a single character in the "loginpass" field. | ||||
CVE-2002-2353 | 1 Tftpd32 | 1 Tftpd32 | 2024-08-08 | N/A |
tftpd32 2.50 and 2.50.2 allows remote attackers to read or write arbitrary files via a full pathname in GET and PUT requests. | ||||
CVE-2002-2270 | 1 Hp | 1 Hp-ux | 2024-08-08 | N/A |
Unspecified vulnerability in the ied command in HP-UX 10.10, 10.20, and 11.0 allows local users to view "normally invisible data" via unknown attack vectors. | ||||
CVE-2002-2261 | 1 Sendmail | 1 Sendmail | 2024-08-08 | N/A |
Sendmail 8.9.0 through 8.12.6 allows remote attackers to bypass relaying restrictions enforced by the 'check_relay' function by spoofing a blank DNS hostname. | ||||
CVE-2002-2283 | 1 Microsoft | 1 Windows Xp | 2024-08-08 | N/A |
Microsoft Windows XP with Fast User Switching (FUS) enabled does not remove the "show processes from all users" privilege when the user is removed from the administrator group, which allows that user to view processes of other users. | ||||
CVE-2002-2302 | 1 3d3.com | 1 Shopfactory | 2024-08-08 | N/A |
3D3.Com ShopFactory 5.5 through 5.8 allows remote attackers to modify the prices in their shopping carts by modifying the price in a hidden form field. | ||||
CVE-2002-2265 | 2 Hp, Open Source Internet Solutions | 2 Tru64, Open Source Internet Solutions | 2024-08-08 | N/A |
Unspecified vulnerability in LDAP Module in System Authentication of Open Source Internet Solutions (OSIS) 5.4 running on Tru64 UNIX 4.0G and 4.0F allows remote attackers to gain access to arbitrary files or gain privileges via unknown attack vectors. |