Filtered by vendor
Subscriptions
Total
1138 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2011-1762 | 1 Wordpress | 1 Wordpress | 2024-11-21 | 6.5 Medium |
A flaw exists in Wordpress related to the 'wp-admin/press-this.php 'script improperly checking user permissions when publishing posts. This may allow a user with 'Contributor-level' privileges to post as if they had 'publish_posts' permission. | ||||
CVE-2011-1435 | 1 Google | 1 Chrome | 2024-11-21 | N/A |
Google Chrome before 11.0.696.57 does not properly implement the tabs permission for extensions, which allows remote attackers to read local files via a crafted extension. | ||||
CVE-2010-5108 | 2 Debian, Edgewall | 2 Debian Linux, Trac | 2024-11-21 | 7.5 High |
Trac 0.11.6 does not properly check workflow permissions before modifying a ticket. This can be exploited by an attacker to change the status and resolution of tickets without having proper permissions. | ||||
CVE-2010-4176 | 3 Dracut Project, Fedoraproject, Udev Project | 3 Dracut, Fedora, Udev | 2024-11-21 | N/A |
plymouth-pretrigger.sh in dracut and udev, when running on Fedora 13 and 14, sets weak permissions for the /dev/systty device file, which allows remote authenticated users to read terminal data from tty0 for local users. | ||||
CVE-2005-1941 | 1 Silvercity Project | 1 Silvercity | 2024-11-21 | 7.8 High |
SilverCity before 0.9.5-r1 installs (1) cgi-styler-form.py, (2) cgi-styler.py, and (3) source2html.py with read and write world permissions, which allows local users to execute arbitrary code. | ||||
CVE-2004-1778 | 1 Skype | 1 Skype | 2024-11-21 | N/A |
Skype 0.92.0.12 and 1.0.0.1 for Linux, and possibly other versions, creates the /usr/share/skype/lang directory with world-writable permissions, which allows local users to modify language files and possibly conduct social engineering or other attacks. | ||||
CVE-2002-1844 | 2 Microsoft, Oracle | 2 Windows Media Player, Solaris | 2024-11-21 | 7.8 High |
Microsoft Windows Media Player (WMP) 6.3, when installed on Solaris, installs executables with world-writable permissions, which allows local users to delete or modify the executables to gain privileges. | ||||
CVE-2002-1713 | 1 Mandrakesoft | 1 Mandrake Linux | 2024-11-21 | 5.5 Medium |
The Standard security setting for Mandrake-Security package (msec) in Mandrake 8.2 installs home directories with world-readable permissions, which could allow local users to read other user's files. | ||||
CVE-2001-0497 | 1 Isc | 1 Bind | 2024-11-21 | 7.8 High |
dnskeygen in BIND 8.2.4 and earlier, and dnssec-keygen in BIND 9.1.2 and earlier, set insecure permissions for a HMAC-MD5 shared secret key file used for DNS Transactional Signatures (TSIG), which allows attackers to obtain the keys and perform dynamic DNS updates. | ||||
CVE-1999-0426 | 1 Suse | 1 Suse Linux | 2024-11-21 | 9.8 Critical |
The default permissions of /dev/kmem in Linux versions before 2.0.36 allows IP spoofing. | ||||
CVE-2024-48293 | 1 Quickheal Antivirus Pro | 1 Quickheal Antivirus Pro | 2024-11-20 | 6.5 Medium |
Incorrect access control in QuickHeal Antivirus Pro 24.1.0.182 and earlier allows authenticated attackers with low-level privileges to arbitrarily modify antivirus settings. | ||||
CVE-2024-48292 | 2 Quickheal Antivirus Pro, Quickheal Total Security | 2 Quickheal Antivirus Pro, Quickheal Total Security | 2024-11-20 | 8.8 High |
An issue in the wssrvc.exe service of QuickHeal Antivirus Pro Version v24.0 and Quick Heal Total Security v24.0 allows authenticated attackers to escalate privileges. | ||||
CVE-2024-51051 | 1 Avscms | 1 Avscms | 2024-11-20 | 9.8 Critical |
AVSCMS v8.2.0 was discovered to contain weak default credentials for the Administrator account. | ||||
CVE-2024-51765 | 1 Hpe | 1 Cray System Management Software | 2024-11-19 | 5.5 Medium |
A security vulnerability has been identified in HPE Cray Data Virtualization Service (DVS). Depending on configuration, this vulnerability may lead to local/cluster unauthorized access. | ||||
CVE-2024-51764 | 1 Hpe | 1 Sgi Cxfs | 2024-11-19 | 5.5 Medium |
A security vulnerability has been identified in HPE Data Management Framework (DMF) Suite (CXFS). Depending on configuration, this vulnerability may lead to local/cluster unauthorized access. | ||||
CVE-2024-44760 | 1 Sunmochina | 1 Enterprise Management System | 2024-11-15 | 9.1 Critical |
Incorrect access control in the component /servlet/SnoopServlet of Shenzhou News Union Enterprise Management System v5.0 through v18.8 allows attackers to access sensitive information regarding the server. | ||||
CVE-2024-5474 | 1 Lenovo | 2 Dolby Vision Provisioning, Dolby Vision Provisioning Software | 2024-11-15 | 5.5 Medium |
A potential information disclosure vulnerability was reported in Lenovo's packaging of Dolby Vision Provisioning software prior to version 2.0.0.2 that could allow a local attacker to read files on the system with elevated privileges during installation of the package. Previously installed versions are not affected by this issue. | ||||
CVE-2024-52551 | 1 Jenkins Project | 1 Jenkins Pipeline Declaratrive Plugin | 2024-11-15 | 8 High |
Jenkins Pipeline: Declarative Plugin 2.2214.vb_b_34b_2ea_9b_83 and earlier does not check whether the main (Jenkinsfile) script used to restart a build from a specific stage is approved, allowing attackers with Item/Build permission to restart a previous build whose (Jenkinsfile) script is no longer approved. | ||||
CVE-2024-21820 | 1 Intel | 4 3rd Generation Intel Xeon Scalable Processor Family, 4th Generation Intel Xeon Processor Scalable Family, 5th Generation Intel Xeon Processor Scalable Family and 1 more | 2024-11-15 | 7.2 High |
Incorrect default permissions in some Intel(R) Xeon(R) processor memory controller configurations when using Intel(R) SGX may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
CVE-2024-25647 | 1 Intel Binary Configuration Tool Software For Windows | 1 Intel Binary Configuration Tool Software For Windows | 2024-11-15 | 6.7 Medium |
Incorrect default permissions for some Intel(R) Binary Configuration Tool software for Windows before version 3.4.5 may allow an authenticated user to potentially enable escalation of privilege via local access. |