Export limit exceeded: 34507 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (1848 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-4763 | 1 Samsung | 4 Galaxy S3, Galaxy S3 Firmware, Galaxy S4 and 1 more | 2024-11-21 | 4.6 Medium |
| Samsung Galaxy S3/S4 exposes an unprotected component allowing arbitrary SMS text messages without requesting permission. | ||||
| CVE-2013-4201 | 2 Katello, Redhat | 2 Katello, Satellite | 2024-11-21 | N/A |
| Katello allows remote authenticated users to call the "system remove_deletion" CLI command via vectors related to "remove system" permissions. | ||||
| CVE-2013-4040 | 1 Ibm | 1 Tivoli Application Dependency Discovery Manager | 2024-11-21 | N/A |
| IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2.x before 7.2.1.5 and 7.2.x before 7.2.2.0 on Unix use weak permissions (755) for unspecified configuration and log files, which allows local users to obtain sensitive information by reading the files. IBM X-Force ID: 86176. | ||||
| CVE-2013-3703 | 1 Opensuse | 1 Open Build Service | 2024-11-21 | N/A |
| The controller of the Open Build Service API prior to version 2.4.4 is missing a write permission check, allowing an authenticated attacker to add or remove user roles from packages and/or project meta data. | ||||
| CVE-2013-1425 | 2 Debian, Ldap Git Backup Project | 2 Debian Linux, Ldap Git Backup | 2024-11-21 | 5.5 Medium |
| ldap-git-backup before 1.0.4 exposes password hashes due to incorrect directory permissions. | ||||
| CVE-2012-6136 | 3 Debian, Fedoraproject, Redhat | 7 Debian Linux, Fedora, Enterprise Linux and 4 more | 2024-11-21 | 5.5 Medium |
| tuned 2.10.0 creates its PID file with insecure permissions which allows local users to kill arbitrary processes. | ||||
| CVE-2012-5628 | 1 Gofer Project | 1 Gofer | 2024-11-21 | N/A |
| gofer before 0.68 uses world-writable permissions for /var/lib/gofer/journal/watchdog, which allows local users to cause a denial of service by removing journal entries. | ||||
| CVE-2012-5578 | 1 Python | 1 Keyring | 2024-11-21 | 6.2 Medium |
| Python keyring has insecure permissions on new databases allowing world-readable files to be created | ||||
| CVE-2012-5577 | 2 Debian, Python | 2 Debian Linux, Keyring | 2024-11-21 | 7.5 High |
| Python keyring lib before 0.10 created keyring files with world-readable permissions. | ||||
| CVE-2012-4434 | 1 Cipherdyne | 1 Fwknop | 2024-11-21 | 8.8 High |
| fwknop before 2.0.3 allow remote authenticated users to cause a denial of service (server crash) or possibly execute arbitrary code. | ||||
| CVE-2012-1187 | 1 Bitlbee | 1 Bitlbee | 2024-11-21 | 9.8 Critical |
| Bitlbee does not drop extra group privileges correctly in unix.c | ||||
| CVE-2012-1157 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2024-11-21 | 4.3 Medium |
| Moodle before 2.2.2 has a default repository capabilities issue where all repositories are viewable by all users by default | ||||
| CVE-2011-3350 | 1 Marmaro | 1 Masqmail | 2024-11-21 | 9.8 Critical |
| masqmail 0.2.21 through 0.2.30 improperly calls seteuid() in src/log.c and src/masqmail.c that results in improper privilege dropping. | ||||
| CVE-2011-2921 | 1 Ktsuss Project | 1 Ktsuss | 2024-11-21 | 9.8 Critical |
| ktsuss versions 1.4 and prior has the uid set to root and does not drop privileges prior to executing user specified commands, which can result in command execution with root privileges. | ||||
| CVE-2011-1762 | 1 Wordpress | 1 Wordpress | 2024-11-21 | 6.5 Medium |
| A flaw exists in Wordpress related to the 'wp-admin/press-this.php 'script improperly checking user permissions when publishing posts. This may allow a user with 'Contributor-level' privileges to post as if they had 'publish_posts' permission. | ||||
| CVE-2010-5108 | 2 Debian, Edgewall | 2 Debian Linux, Trac | 2024-11-21 | 7.5 High |
| Trac 0.11.6 does not properly check workflow permissions before modifying a ticket. This can be exploited by an attacker to change the status and resolution of tickets without having proper permissions. | ||||
| CVE-2024-48293 | 1 Quickheal Antivirus Pro | 1 Quickheal Antivirus Pro | 2024-11-19 | 6.5 Medium |
| Incorrect access control in QuickHeal Antivirus Pro 24.1.0.182 and earlier allows authenticated attackers with low-level privileges to arbitrarily modify antivirus settings. | ||||
| CVE-2024-48292 | 2 Quickheal Antivirus Pro, Quickheal Total Security | 2 Quickheal Antivirus Pro, Quickheal Total Security | 2024-11-19 | 8.8 High |
| An issue in the wssrvc.exe service of QuickHeal Antivirus Pro Version v24.0 and Quick Heal Total Security v24.0 allows authenticated attackers to escalate privileges. | ||||
| CVE-2024-51051 | 1 Avscms | 1 Avscms | 2024-11-19 | 9.8 Critical |
| AVSCMS v8.2.0 was discovered to contain weak default credentials for the Administrator account. | ||||
| CVE-2024-51765 | 1 Hpe | 1 Cray System Management Software | 2024-11-19 | 5.5 Medium |
| A security vulnerability has been identified in HPE Cray Data Virtualization Service (DVS). Depending on configuration, this vulnerability may lead to local/cluster unauthorized access. | ||||