Export limit exceeded: 324770 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (1794 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-4040 | 1 Ibm | 1 Tivoli Application Dependency Discovery Manager | 2024-11-21 | N/A |
| IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2.x before 7.2.1.5 and 7.2.x before 7.2.2.0 on Unix use weak permissions (755) for unspecified configuration and log files, which allows local users to obtain sensitive information by reading the files. IBM X-Force ID: 86176. | ||||
| CVE-2013-3703 | 1 Opensuse | 1 Open Build Service | 2024-11-21 | N/A |
| The controller of the Open Build Service API prior to version 2.4.4 is missing a write permission check, allowing an authenticated attacker to add or remove user roles from packages and/or project meta data. | ||||
| CVE-2013-1425 | 2 Debian, Ldap Git Backup Project | 2 Debian Linux, Ldap Git Backup | 2024-11-21 | 5.5 Medium |
| ldap-git-backup before 1.0.4 exposes password hashes due to incorrect directory permissions. | ||||
| CVE-2012-6136 | 3 Debian, Fedoraproject, Redhat | 7 Debian Linux, Fedora, Enterprise Linux and 4 more | 2024-11-21 | 5.5 Medium |
| tuned 2.10.0 creates its PID file with insecure permissions which allows local users to kill arbitrary processes. | ||||
| CVE-2012-5628 | 1 Gofer Project | 1 Gofer | 2024-11-21 | N/A |
| gofer before 0.68 uses world-writable permissions for /var/lib/gofer/journal/watchdog, which allows local users to cause a denial of service by removing journal entries. | ||||
| CVE-2012-5578 | 1 Python | 1 Keyring | 2024-11-21 | 6.2 Medium |
| Python keyring has insecure permissions on new databases allowing world-readable files to be created | ||||
| CVE-2012-5577 | 2 Debian, Python | 2 Debian Linux, Keyring | 2024-11-21 | 7.5 High |
| Python keyring lib before 0.10 created keyring files with world-readable permissions. | ||||
| CVE-2012-4434 | 1 Cipherdyne | 1 Fwknop | 2024-11-21 | 8.8 High |
| fwknop before 2.0.3 allow remote authenticated users to cause a denial of service (server crash) or possibly execute arbitrary code. | ||||
| CVE-2012-1187 | 1 Bitlbee | 1 Bitlbee | 2024-11-21 | 9.8 Critical |
| Bitlbee does not drop extra group privileges correctly in unix.c | ||||
| CVE-2012-1157 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2024-11-21 | 4.3 Medium |
| Moodle before 2.2.2 has a default repository capabilities issue where all repositories are viewable by all users by default | ||||
| CVE-2011-3350 | 1 Marmaro | 1 Masqmail | 2024-11-21 | 9.8 Critical |
| masqmail 0.2.21 through 0.2.30 improperly calls seteuid() in src/log.c and src/masqmail.c that results in improper privilege dropping. | ||||
| CVE-2011-2921 | 1 Ktsuss Project | 1 Ktsuss | 2024-11-21 | 9.8 Critical |
| ktsuss versions 1.4 and prior has the uid set to root and does not drop privileges prior to executing user specified commands, which can result in command execution with root privileges. | ||||
| CVE-2011-1762 | 1 Wordpress | 1 Wordpress | 2024-11-21 | 6.5 Medium |
| A flaw exists in Wordpress related to the 'wp-admin/press-this.php 'script improperly checking user permissions when publishing posts. This may allow a user with 'Contributor-level' privileges to post as if they had 'publish_posts' permission. | ||||
| CVE-2010-5108 | 2 Debian, Edgewall | 2 Debian Linux, Trac | 2024-11-21 | 7.5 High |
| Trac 0.11.6 does not properly check workflow permissions before modifying a ticket. This can be exploited by an attacker to change the status and resolution of tickets without having proper permissions. | ||||
| CVE-2024-48292 | 2 Quickheal Antivirus Pro, Quickheal Total Security | 2 Quickheal Antivirus Pro, Quickheal Total Security | 2024-11-19 | 8.8 High |
| An issue in the wssrvc.exe service of QuickHeal Antivirus Pro Version v24.0 and Quick Heal Total Security v24.0 allows authenticated attackers to escalate privileges. | ||||
| CVE-2024-48293 | 1 Quickheal Antivirus Pro | 1 Quickheal Antivirus Pro | 2024-11-19 | 6.5 Medium |
| Incorrect access control in QuickHeal Antivirus Pro 24.1.0.182 and earlier allows authenticated attackers with low-level privileges to arbitrarily modify antivirus settings. | ||||
| CVE-2024-51051 | 1 Avscms | 1 Avscms | 2024-11-19 | 9.8 Critical |
| AVSCMS v8.2.0 was discovered to contain weak default credentials for the Administrator account. | ||||
| CVE-2024-51765 | 1 Hpe | 1 Cray System Management Software | 2024-11-19 | 5.5 Medium |
| A security vulnerability has been identified in HPE Cray Data Virtualization Service (DVS). Depending on configuration, this vulnerability may lead to local/cluster unauthorized access. | ||||
| CVE-2024-51764 | 1 Hpe | 1 Sgi Cxfs | 2024-11-19 | 5.5 Medium |
| A security vulnerability has been identified in HPE Data Management Framework (DMF) Suite (CXFS). Depending on configuration, this vulnerability may lead to local/cluster unauthorized access. | ||||
| CVE-2023-0657 | 1 Redhat | 2 Build Keycloak, Red Hat Single Sign On | 2024-11-18 | 3.4 Low |
| A flaw was found in Keycloak. This issue occurs due to improperly enforcing token types when validating signatures locally. This could allow an authenticated attacker to exchange a logout token for an access token and possibly gain access to data outside of enforced permissions. | ||||